122 lines
2.8 KiB
Markdown
122 lines
2.8 KiB
Markdown
---
|
|
title: Traefik
|
|
description: Hypercharged reverse proxy with Docker autodiscovery and other goodies
|
|
published: true
|
|
date: 2019-07-01T15:21:53.482Z
|
|
tags:
|
|
---
|
|
|
|
# What is this?
|
|
|
|
Traefik hogs your ports `80` and `443` (and others), will intercept HTTP requests to your server and forward them to different endpoints.
|
|
|
|
It allows you to run multiple web services on the same IP address and access them on a domain name basis.
|
|
|
|
We use both the Docker backend and a manual routing backend.
|
|
|
|
# Requirements
|
|
To make it easier to have multiple `docker-compose.yml` without having to specify networks by hand, we use Traefik natively installed on the host, rather than the usual Docker install.
|
|
|
|
This allows it to access all Docker networks by default.
|
|
|
|
On NixOS:
|
|
|
|
```
|
|
traefik = {
|
|
enable = true;
|
|
group = "docker";
|
|
configFile = "/var/lib/traefik/traefik.toml";
|
|
};
|
|
```
|
|
|
|
# Configuration
|
|
`traefik.toml`
|
|
```
|
|
logLevel = "INFO"
|
|
|
|
defaultEntryPoints = ["http", "https"]
|
|
|
|
[accessLog]
|
|
filePath = "/var/lib/traefik/access.log"
|
|
format = "json"
|
|
|
|
[entryPoints]
|
|
[entryPoints.http]
|
|
address = ":80"
|
|
[entryPoints.http.redirect]
|
|
entryPoint = "https"
|
|
|
|
[entryPoints.https]
|
|
address = ":443"
|
|
[entryPoints.https.tls]
|
|
sniStrict = true
|
|
minVersion = "VersionTLS12"
|
|
cipherSuites = [
|
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
|
|
]
|
|
|
|
[entryPoints.bitwarden]
|
|
address = ":3012"
|
|
|
|
[entryPoints.traefik]
|
|
address = ":8080"
|
|
# [entryPoints.traefik.auth]
|
|
# [entryPoints.traefik.auth.basic]
|
|
# users = [
|
|
# "Enter your magic apache htaccess basic auth string here"
|
|
# ]
|
|
|
|
[api]
|
|
dashboard = true
|
|
entryPoint = "traefik"
|
|
|
|
[file]
|
|
watch = true
|
|
filename = "/var/lib/traefik/rules.toml"
|
|
|
|
# Let's encrypt configuration
|
|
[acme]
|
|
email = "fosc@fosc.space"
|
|
storage = "/var/lib/traefik/acme/acme.json"
|
|
entryPoint = "https"
|
|
acmeLogging = true
|
|
onDemand = false
|
|
onHostRule = true
|
|
[acme.tlsChallenge]
|
|
|
|
[docker]
|
|
```
|
|
|
|
# Manual routes
|
|
`rules.toml`
|
|
```
|
|
[frontends]
|
|
[frontends.netdata]
|
|
backend = "b_netdata"
|
|
[frontends.netdata.routes.r1]
|
|
rule = "Host: netdata.fosc.space"
|
|
[frontends.transmission]
|
|
backend = "b_transmission"
|
|
[frontends.transmission.routes.r1]
|
|
rule = "Host: transmission.fosc.space"
|
|
[frontends.router]
|
|
backend = "b_router"
|
|
[frontends.router.routes.r1]
|
|
rule = "Host: router.fosc.space"
|
|
|
|
[backends]
|
|
[backends.b_netdata]
|
|
[backends.b_netdata.servers.localhost]
|
|
url = "http://fosc.lan:19999"
|
|
weight = 1
|
|
[backends.b_transmission]
|
|
[backends.b_transmission.servers.localhost]
|
|
url = "http://fosc.lan:9091"
|
|
[backends.b_router]
|
|
[backends.b_router.servers.router]
|
|
url = "http://openwrt.lan:19999"
|
|
```
|