Traefik Setup for Reverse Proxy #4

New Issue

Closed

opened 2025-06-01 18:22:37 +02:00 by bennolor · 1 comment

bennolor commented 2025-06-01 18:22:37 +02:00

Owner

Copy Link

Description:

Configure Traefik as a reverse proxy to handle routing, SSL termination, and automatic certificate management for our blog.

Tasks:

1. Create a dedicated docker-compose file for Traefik:

version: '3'

services:
  traefik:
    image: traefik:v2.9
    restart: always
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"  # Dashboard
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik/traefik.toml:/etc/traefik/traefik.toml
      - ./traefik/acme.json:/acme.json
    networks:
      - web
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.yourdomain.com`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.tls.certresolver=myresolver"
      - "traefik.http.routers.dashboard.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$xyz...hashedpassword"

networks:
  web:
    external: true

2. Create Traefik configuration (traefik.toml):

[global]
  checkNewVersion = true
  sendAnonymousUsage = false

[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http.redirections.entryPoint]
      to = "websecure"
      scheme = "https"

  [entryPoints.websecure]
    address = ":443"

[api]
  dashboard = true
  insecure = false

[providers]
  [providers.docker]
    endpoint = "unix:///var/run/docker.sock"
    watch = true
    exposedByDefault = false
    network = "web"

[certificatesResolvers.myresolver.acme]
  email = "your-email@example.com"
  storage = "acme.json"
  [certificatesResolvers.myresolver.acme.tlsChallenge]

3. Create the external Docker network:
   • docker network create web
4. Create empty acme.json file and set proper permissions:
   • touch traefik/acme.json
   • chmod 600 traefik/acme.json
5. Generate hashed password for dashboard access:
   • htpasswd -nb admin secure_password
   • Update the traefik.toml file with the generated hash
6. Start Traefik:
   • docker-compose -f docker-compose.traefik.yml up -d
7. Update DNS records for your domain to point to your server
8. Test Traefik dashboard access via https://traefik.yourdomain.com

Definition of Done:

• Traefik configuration completed and working
• External Docker network created
• SSL certificates automatically issued
• Dashboard secured with authentication
• Traffic properly redirected from HTTP to HTTPS
• All Traefik-related files committed to repository

## **Description:** Configure Traefik as a reverse proxy to handle routing, SSL termination, and automatic certificate management for our blog. ## **Tasks:** 1. Create a dedicated docker-compose file for Traefik: ```yaml version: '3' services: traefik: image: traefik:v2.9 restart: always ports: - "80:80" - "443:443" - "8080:8080" # Dashboard volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./traefik/traefik.toml:/etc/traefik/traefik.toml - ./traefik/acme.json:/acme.json networks: - web labels: - "traefik.enable=true" - "traefik.http.routers.dashboard.rule=Host(`traefik.yourdomain.com`)" - "traefik.http.routers.dashboard.service=api@internal" - "traefik.http.routers.dashboard.entrypoints=websecure" - "traefik.http.routers.dashboard.tls.certresolver=myresolver" - "traefik.http.routers.dashboard.middlewares=auth" - "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$xyz...hashedpassword" networks: web: external: true ``` 2. Create Traefik configuration (traefik.toml): ```toml [global] checkNewVersion = true sendAnonymousUsage = false [entryPoints] [entryPoints.web] address = ":80" [entryPoints.web.http.redirections.entryPoint] to = "websecure" scheme = "https" [entryPoints.websecure] address = ":443" [api] dashboard = true insecure = false [providers] [providers.docker] endpoint = "unix:///var/run/docker.sock" watch = true exposedByDefault = false network = "web" [certificatesResolvers.myresolver.acme] email = "your-email@example.com" storage = "acme.json" [certificatesResolvers.myresolver.acme.tlsChallenge] ``` 3. Create the external Docker network: - `docker network create web` 4. Create empty acme.json file and set proper permissions: - `touch traefik/acme.json` - `chmod 600 traefik/acme.json` 5. Generate hashed password for dashboard access: - `htpasswd -nb admin secure_password` - Update the traefik.toml file with the generated hash 6. Start Traefik: - `docker-compose -f docker-compose.traefik.yml up -d` 7. Update DNS records for your domain to point to your server 8. Test Traefik dashboard access via https://traefik.yourdomain.com ## **Definition of Done:** - Traefik configuration completed and working - External Docker network created - SSL certificates automatically issued - Dashboard secured with authentication - Traffic properly redirected from HTTP to HTTPS - All Traefik-related files committed to repository

bennolor added this to the Release milestone 2025-06-01 18:30:04 +02:00

bennolor added this to the Initial Development and Deployment project 2025-06-01 18:30:06 +02:00

bennolor commented 2025-06-01 20:16:20 +02:00

Author

Owner

Copy Link

Not needed - Traefik is already working fine

Not needed - Traefik is already working fine

bennolor closed this issue 2025-06-01 20:16:26 +02:00

bennolor moved this to Done in Initial Development and Deployment on 2025-06-01 21:42:16 +02:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

No results found.

Labels

No items

No Label

Milestone

No items

No Milestone Release

Projects

Clear projects

No project Initial Development and Deployment

Assignees

Clear assignees

bennolor

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: bennolor/hugoblog#4