diff --git a/traefik.md b/traefik.md index a069e72..d7737ba 100644 --- a/traefik.md +++ b/traefik.md @@ -2,7 +2,7 @@ title: Traefik description: Hypercharged reverse proxy with Docker autodiscovery and other goodies published: true -date: 2019-12-28T17:37:38.426Z +date: 2020-01-31T11:18:50.873Z tags: --- @@ -14,21 +14,13 @@ It allows you to run multiple web services on the same IP address and access the We use both the Docker backend and a manual routing backend. +[An example setup can be had here.](https://gitlab.com/p4block/traefik-v2-ready-to-go) + # Requirements -To make it easier to have multiple `docker-compose.yml` without having to specify networks by hand, we use Traefik natively installed on the host, rather than the usual Docker install. +To make it easier to have multiple `docker-compose.yml` without having to specify networks by hand, we run Traefik on the host's network stack. This allows it to access all Docker networks by default. -On NixOS: - -``` - traefik = { - enable = true; - group = "docker"; - configFile = "/var/lib/traefik/traefik.toml"; - }; -``` - Using docker-compose: ``` version: '3.7' @@ -43,11 +35,11 @@ services: ``` # Traefik Configuration -Paths vary between a docker-compose install or a NixOS install. The container wants its files placed at `/etc/traefik/` while a native install is most likely to prefer `/var/lib/traefik/`. +Before starting the example project: -Paths provided in this example use the `/etc/traefik/` route. +An `acme` folder needs to exist with `700` permissions, inside there should be an `acme.json` with 600 permissions. -An `acme` folder needs to exist with `700` permissions, inside there should be an `acme.json` with 600 permissions. Without them, Let's Encrypt certificates will never work. +Failing to do so will cause your IP to be banned from Let's Encrypt for an hour or more (and accessing your services won't work because SSL will fail at a fundamental level) ## Static configuration Changing this requires a Traefik restart. @@ -89,6 +81,8 @@ Traefik live reloads this file. All http input is elevated to https using the "redirect" middleware. `traefik` and `netdata` routers listen on 443. `traefik` also runs the "auth" middleware to ask for password. +The user/password is specified in the apache htaccess format. + `/etc/traefik/config.yml` ``` http: