crsmthw/homelab
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
Files
39556e77ffbe50a2b647d6350b62a9f380bac642
homelab/traefik/readme.md
T
crsmthw 39556e77ff Update traefik/readme.md
2024-02-28 18:32:11 +03:00

131 lines
3.9 KiB
Markdown
Raw Blame History

# Traefik reverse proxy with automatic wildcard SSL from cloudflare
Create a DNS entry in your cloudflare: ```traefik.YOURDOMAIN.com``` Make sure it is not proxied at first (necessary for creating SSL certificate), you can enable proxy later after everything.
Create a docker network called "proxy" using the following command:
```
docker network create proxy
```
This is the network that traefik and all other containers that need to be automatically configured in traefik should use.
Make directories in your homefolder like so:
- ~/traefik
- compose.yml
- data
- acme.json # make sure to change permissions of this file with ``` chmod 600 acme.json ```
- config.yml
- traefik.yml
Use mkdir to make the folders and touch to create the json and yml files
Basically:
```
mkdir traefik
```
```
cd traefik
```
```
touch compose.yml
```
```
mkdir data
```
```
cd data
```
```
touch acme.json
```
```
chmod 600 acme.json
```
```
touch config.yml
```
```
touch traefik.yml
```
The contents to put inside those files are given here. Except for acme.json, which will be automatically generated.
## How to generate a hashed password to put in the compose.yml file
- First install apache2-utils
```
sudo apt update
sudo apt install apache2-utils
```
- Next generate your hashed password with the following command
```
echo $(htpasswd -nB USER) | sed -e s/\\$/\\$\\$/g
```
- Replace USER with your username
- Enter a password when it prompts
- Copy paste the generated hashed password into the compose.yml file
## Run
Go to the directory with the compose.yml
Run it with ```docker compose up -d```
If everything is done right, you will be able to access the traefik dashboard at traefik.YOURDOMAIN.com in a few moments.
## How to expose my docker containers to the internet
First make sure you have created a DNS entry in your cloudflare for the service you want to expose
Then all you have to do is add these labels to the compose.yml of all your containers that you want to expose:
```
labels:
- "traefik.enable=true"
- "traefik.http.routers.CONTAINER_NAME.entrypoints=https"
- "traefik.http.routers.CONTAINER_NAME.rule=Host(`SUBDOMAIN.YOURDOMAIN.COM`)"
- "traefik.http.routers.CONTAINER_NAME.tls=true"
- "traefik.http.routers.CONTAINER_NAME.service=CONTAINER_NAME@docker"
- "traefik.http.services.CONTAINER_NAME.loadbalancer.server.port=PORT_OF_CONTAINER_WEBUI"
- "traefik.docker.network=proxy"
```
Replace ```CONTAINER_NAME``` with the name of the docker container
Replace ```SUBDOMAIN.YOURDOMAIN.COM``` with the URL you want your container webui to be exposed at.
Replace ```PORT_OF_CONTAINER_WEBUI``` with the port of the container's webui
### Example compose.yml of Heimdall Dashboard exposed with Traefik
```
version: "3.9"
services:
heimdall:
image: lscr.io/linuxserver/heimdall:latest
container_name: heimdall
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Riyadh
volumes:
- ./config:/config
networks:
- proxy
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.heimdall.entrypoints=https"
- "traefik.http.routers.heimdall.rule=Host(`dashboard.crsmthw.com`)"
- "traefik.http.routers.heimdall.tls=true"
- "traefik.http.routers.heimdall.service=heimdall@docker"
- "traefik.http.services.heimdall.loadbalancer.server.port=80"
- "traefik.docker.network=proxy"
networks:
proxy:
external: true
```
## How to expose anything else
By anything else I mean services on other computers or containers that cannot use the proxy network, like home-assistant for example which needs host network.
For this you need to make entries in the config.yml file. An example of home-assistant is already given in the config.yml file.
## Credits
Huge thanks to Techno Tim. You can watch his video tutorial [here](https://youtu.be/liV3c9m_OX8?si=qPIQsIdypHKt2hUq)
Reference in New Issue View Git Blame Copy Permalink