fosc
/
wiki
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

docs: update traefik

This commit is contained in:
Pablo Moyano 2020-01-31 11:18:52 +00:00 committed by FOSC
parent 695f0876f0
commit f1fdfdb1e5
1 changed files with 9 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
traefik.md
View File

@ -2,7 +2,7 @@
title: Traefik
description: Hypercharged reverse proxy with Docker autodiscovery and other goodies
published: true
date: 2019-12-28T17:37:38.426Z
date: 2020-01-31T11:18:50.873Z
tags:
---
@ -14,21 +14,13 @@ It allows you to run multiple web services on the same IP address and access the
We use both the Docker backend and a manual routing backend.
[An example setup can be had here.](https://gitlab.com/p4block/traefik-v2-ready-to-go)
# Requirements
To make it easier to have multiple `docker-compose.yml` without having to specify networks by hand, we use Traefik natively installed on the host, rather than the usual Docker install.
To make it easier to have multiple `docker-compose.yml` without having to specify networks by hand, we run Traefik on the host's network stack.
This allows it to access all Docker networks by default.
On NixOS:
```
traefik = {
enable = true;
group = "docker";
configFile = "/var/lib/traefik/traefik.toml";
};
```
Using docker-compose:
```
version: '3.7'
@ -43,11 +35,11 @@ services:
```
# Traefik Configuration
Paths vary between a docker-compose install or a NixOS install. The container wants its files placed at `/etc/traefik/` while a native install is most likely to prefer `/var/lib/traefik/`.
Before starting the example project:
Paths provided in this example use the `/etc/traefik/` route.
An `acme` folder needs to exist with `700` permissions, inside there should be an `acme.json` with 600 permissions.
An `acme` folder needs to exist with `700` permissions, inside there should be an `acme.json` with 600 permissions. Without them, Let's Encrypt certificates will never work.
Failing to do so will cause your IP to be banned from Let's Encrypt for an hour or more (and accessing your services won't work because SSL will fail at a fundamental level)
## Static configuration
Changing this requires a Traefik restart.
@ -89,6 +81,8 @@ Traefik live reloads this file.
All http input is elevated to https using the "redirect" middleware. `traefik` and `netdata` routers listen on 443. `traefik` also runs the "auth" middleware to ask for password.
The user/password is specified in the apache htaccess format.
`/etc/traefik/config.yml`
```
http: