fosc
/
wiki
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
wiki/traefik.md

2.8 KiB
Raw Blame History

title description published date tags
Traefik Hypercharged reverse proxy with Docker autodiscovery and other goodies true 2019-07-01T15:21:53.482Z

What is this?

Traefik hogs your ports 80 and 443 (and others), will intercept HTTP requests to your server and forward them to different endpoints.

It allows you to run multiple web services on the same IP address and access them on a domain name basis.

We use both the Docker backend and a manual routing backend.

Requirements

To make it easier to have multiple docker-compose.yml without having to specify networks by hand, we use Traefik natively installed on the host, rather than the usual Docker install.

This allows it to access all Docker networks by default.

On NixOS:

    traefik = {
      enable = true;
      group = "docker";
      configFile = "/var/lib/traefik/traefik.toml";
    };

Configuration

traefik.toml

logLevel = "INFO"

defaultEntryPoints = ["http", "https"]

[accessLog]
  filePath = "/var/lib/traefik/access.log"
    format = "json"

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"

  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
    sniStrict = true
    minVersion = "VersionTLS12"
     cipherSuites = [
      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
    ]

  [entryPoints.bitwarden]
  address = ":3012"

  [entryPoints.traefik]
  address = ":8080"
#  [entryPoints.traefik.auth]
#     [entryPoints.traefik.auth.basic]
#       users = [
#         "Enter your magic apache htaccess basic auth string here"
#       ]

[api]
  dashboard = true
  entryPoint = "traefik"

[file]
  watch = true
  filename = "/var/lib/traefik/rules.toml"

 # Let's encrypt configuration
[acme]
email = "fosc@fosc.space"
storage = "/var/lib/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = false
onHostRule = true
  [acme.tlsChallenge]

[docker]

Manual routes

rules.toml

[frontends]
  [frontends.netdata]
  backend = "b_netdata"
    [frontends.netdata.routes.r1]
    rule = "Host: netdata.fosc.space"
  [frontends.transmission]
  backend = "b_transmission"
    [frontends.transmission.routes.r1]
    rule = "Host: transmission.fosc.space"
  [frontends.router]
  backend = "b_router"
    [frontends.router.routes.r1]
    rule = "Host: router.fosc.space"

[backends]
  [backends.b_netdata]
    [backends.b_netdata.servers.localhost]
    url = "http://fosc.lan:19999"
    weight = 1
  [backends.b_transmission]
    [backends.b_transmission.servers.localhost]
    url = "http://fosc.lan:9091"
  [backends.b_router]
    [backends.b_router.servers.router]
    url = "http://openwrt.lan:19999"