Table of Contents

Easy Traefik Setup (Traefik 2.0)

Emanuel Rahn
Emanuel Rahn
Share on facebook
Share on twitter
Share on telegram
Share on linkedin
Share on whatsapp
Share on reddit
Share on email

Easy Traefik Setup

Traefik is a super-easy way to set up your own dynamic reverse proxy. For more information on Traefik you can visit GitHub, DockerHub or Traefik.io.

After this Traefik setup you won’t have to do any changes to this, even when adding new sites.

Make sure to read the getting started first! Make sure that you don’t have a DS-Lite connection.

 

You can do this on any server. However, a Raspberry Pi is not as powerful and won’t be able hold many docker containers.

Also, if you’re using an external server and are trying to access your Smart Home Setup, like for example Home-Assistant, don’t!

If you want to access your Raspberry Pi from anywhere I recommend you use WireGuard, check out my post on setting up WireGuard.

 

1. Setting up your Domain

At first, you’ll need to point the A address “monitor.your-domain.com” to your server.

It should look something like this:

Traefik Setup A record

2. Traefik Setup

Now, you’ll need to create a new folder and cd into it.

mkdir traefik && cd traefik

Now nano into your docker-compose.yml

nano docker-compose.yml

and paste the following code and change monitor.example.com to your domain (monitor.your-domain.com).

And also change the email address to your email address.

version: "3.3"

services:
  ###############################################
  ####        Traefik Proxy Setup           #####
  ###############################################
  traefik:
    image: traefik:v2.0
    restart: always
    container_name: traefik
    ports:
      - "80:80" # <== http
      - "8080:8080" # <== :8080 is where the dashboard runs on
      - "443:443" # <== https
    command:
    #### These are the CLI commands that will configure Traefik and tell it how to work! ####
      ## API Settings - https://docs.traefik.io/operations/api/, endpoints - https://docs.traefik.io/operations/api/#endpoints ##
      - --api.insecure=false # <== Enabling insecure api, NOT RECOMMENDED FOR PRODUCTION
      - --api.dashboard=true # <== Enabling the dashboard to view services, middlewares, routers, etc...
      - --api.debug=true # <== Enabling additional endpoints for debugging and profiling
      ## Log Settings (options: ERROR, DEBUG, PANIC, FATAL, WARN, INFO) - https://docs.traefik.io/observability/logs/ ##
      - --log.level=DEBUG # <== Setting the level of the logs from traefik
      ## Provider Settings - https://docs.traefik.io/providers/docker/#provider-configuration ##
      - --providers.docker=true # <== Enabling docker as the provider for traefik
      - --providers.docker.exposedbydefault=false # <== Don't expose every container to traefik, only expose enabled ones
      - --providers.file.filename=/dynamic.yaml # <== Referring to a dynamic configuration file
      - --providers.docker.network=web # <== Operate on the docker network named web
      ## Entrypoints Settings - https://docs.traefik.io/routing/entrypoints/#configuration ##
      - --entrypoints.web.address=:80 # <== Defining an entrypoint for port :80 named web
      - --entrypoints.web-secured.address=:443 # <== Defining an entrypoint for https on port :443 named web-secured
      ## Certificate Settings (Let's Encrypt) -  https://docs.traefik.io/https/acme/#configuration-examples ##
      - --certificatesresolvers.mytlschallenge.acme.tlschallenge=true # <== Enable TLS-ALPN-01 to generate and renew ACME certs
      - --certificatesresolvers.mytlschallenge.acme.email=youremail@gmail.com # <== Setting email for certs
      - --certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json # <== Defining acme file to store cert information
    volumes:
      - ./letsencrypt:/letsencrypt # <== Volume for certs (TLS)
      - /var/run/docker.sock:/var/run/docker.sock # <== Volume for docker admin
      - ./dynamic.yaml:/dynamic.yaml # <== Volume for dynamic conf file, **ref: line 27
    networks:
      - web # <== Placing traefik on the network named web, to access containers on this network
    labels:
    #### Labels define the behavior and rules of the traefik proxy for this container ####
      - "traefik.enable=true" # <== Enable traefik on itself to view dashboard and assign subdomain to view it
      - "traefik.http.routers.api.rule=Host(`monitor.example.com`)" # <== Setting the domain for the dashboard
      - "traefik.http.routers.api.service=api@internal" # <== Enabling the api to be a service to access

networks:
  web:
    external: true
  backend:
    external: false

Now save by pressing Ctrl+X and pressing ‘enter’ and ‘y’.

nano into the dynamic.yml

nano dynamic.yml

and paste this code.

http:
  middlewares:
    redirect:
      redirectScheme:
        scheme: https

Again, save.

Now spin the Stack up and let it run.

docker-compose up -d

3. Check your Traefik configuration

Check your config by visiting monitor.your-domain.com.

It is secure and nobody can change anything from here. This is just for show.

Traefik Setup Monitor

Related Post
minecraft

How to host a Forge Server

Playing Minecraft with Mods on a Docker hosted Minecraft Server.
Ads

Comments

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Emanuel Rahn Website
0
Would love your thoughts, please comment.x
()
x