smad/org-roam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
933aa8a9851067b0b50c6a60f92519fbaae9552f
org-roam/20230607154727-traefik_docker.org
smad 933aa8a985 brain initiation
2025-11-05 09:18:11 +01:00

5.8 KiB
Raw Blame History

traefik_docker

Traefik is a reverse proxy for hosting various applications on dns entries. It is run as a docker container on the communikation server w10. To host a container in reverse proxy mode, the tags feature of docker containers. These tags have to be added to a container to uphost it. Those tags declare which type of hosting is wanted and what service/router is to be used. The traefik container needs access to port 80, 443 for hosting and port 8080 for the dashboard.

how to run traefik

  • create a traefik folder using mkdir
  • create a treafik.yml file using touch traefik.yml
  • insert the code as shown under the traefik.yml heading into the traefik.yml file
  • crate a compose file or a stack using poertainer
  • insert the code as shown under the docker-compose heading into the stack or the compse file
  • create a certs (certificate) folder inside your traefik folder
  • link all the folders into the docker compose or stack file as bind volumes (if you created the traefik folder in /home/<user>/ than you just need to add in your user name)
  • add your email to the traefik.yml file
  • run the compose file
  • add the flags to your application container as shown under the heading flags
  • fill in the needed data
  • run the application container and check the logs
  • make sure the application and the proxy are in the same network
  • check the dashboard at port 8080 for more information

traefik.yml file

This file should be stored in the traefik home folder as specified in the.

 global:
  checkNewVersion: true
  sendAnonymousUsage: false  # true by default

# (Optional) Log information
# ---
# log:
#  level: ERROR  # DEBUG, INFO, WARNING, ERROR, CRITICAL
#   format: common  # common, json, logfmt
#   filePath: /var/log/traefik/traefik.log

# (Optional) Accesslog
# ---
# accesslog:
  # format: common  # common, json, logfmt
  # filePath: /var/log/traefik/access.log

# (Optional) Enable API and Dashboard
# ---
api:
  dashboard: true  # true by default
  insecure: true  # Don't do this in production!

# Entry Points configuration
# ---
entryPoints:
  web:
    address: :80
    # (Optional) Redirect to HTTPS
    # ---
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: :443

# Configure your CertificateResolver here...
# ---
certificatesResolvers:
   staging:
     acme:
       email: <email>
       storage: /etc/traefik/certs/acme.json
       caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
       httpChallenge:
         entryPoint: web

   production:
     acme:
       email: <email>
       storage: /etc/traefik/certs/acme.json
       caServer: "https://acme-v02.api.letsencrypt.org/directory"
       httpChallenge:
         entryPoint: web

# (Optional) Overwrite Default Certificates
# tls:
#   stores:
#     default:
#       defaultCertificate:
#         certFile: /etc/traefik/certs/cert.pem
#         keyFile: /etc/traefik/certs/cert-key.pem
# (Optional) Disable TLS version 1.0 and 1.1
#   options:
#     default:
#       minVersion: VersionTLS12

providers:
  docker:
    exposedByDefault: false  # Default is true
  file:
    # watch for dynamic configuration changes
    directory: /etc/traefik
    watch: true

For more informationm on the secure protocol: TLS and SSL

Networks

To host a service, this service has to be in the same docker-network as the the traefik proxy. It doesn't matter if the service container is added to the traefik network or vice versa. The default approach is to add all services to the traefik-relay network. The Services themselfes can have other network for their supportive containers. Those secondary containers should not be added to the traefik network, because this network is exposed to the internet.

Compose file

This is the compose file that has to be run either manually or via the portainer-docker.

 volumes:
  traefik_ssl_certs:
      driver: local

services:
  traefik:
    image: traefik:v2.5
    container_name: madrigal_traefik
    ports:
      - 80:80
      - 443:443
      - 8080:8080  # (optional) expose the dashboard !don't use in production!
    volumes:
      - /home/<user>/traefik:/etc/traefik
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik_ssl_certs:/ssl-certs
    restart: unless-stopped

Typical flags for containers

Typical flags for hosting a container (under the labels section in a docker-compose file.

 labels:
      - "traefik.enable=true"
      - "traefik.http.routers.<application router>.entrypoints=<entrypoint-s>" # as described in the traefik.yml (default web and/or websecure)
      - "traefik.http.routers.<application router>.rule=Host(`<subdomain.domain-name.ending>`)"
      - "traefik.http.routers.<application router>.tls=true" #if tls is wanted
      - "traefik.http.routers.<application router>.tls.certresolver=<cert stage>" #as described in the traefik.yml file (default staging or production)
      - "traefik.http.routers.<application router>.service=<name of service>"
      - "traefik.http.services.<application router>.loadbalancer.server.port=<application port>"
      - "traefik.docker.network=<traefik_relay network>"
Reference in New Issue View Git Blame Copy Permalink