Post

Traefik

Posted
By Aaron
5 min read

A brief overview of Traefik

Traefik is a reverse proxy for your self hosted applications as well as a load balancer. Their goal was to make things as easy as possible to deploy services within your infrastructure, whether that is a homelab or a company with a building full of servers. Traefik labs say it configures itself automatically and dynamically.

Requirements

  • Domain Name (with access to add A records and C records)
  • A Linux computer or mac (I used Ubuntu server 23.10 on a zimaboard)
  • Docker with docker compose v2
  • VS Code or other editor (optional, but helps a ton)
  • Watch Techno Tim’s video before you do any of the install (link)
  • Watch Christian Lempa’s video as well (link)

Installation

For this part I followed Techno Tim’s guide (see a link to his post here). However, I had trouble with it. I still sort of do. My main problem right now, is that I cannot connect my TrueNAS (separate hardware) to Traefik that is running on my zimaboard. My other problem is I have some applications that do not want to work with Traefik (Fasten Health, Lube Logger, NTFY). I do have other applications that work with it though.

Depending on what you are installing this on, same machine or a secondary machine, you may need to get started by SSH into it.

From there, create the folder where you are going to install the docker compose file if it doesn’t already exist, and where to store the app data. In this example for simplicity, It will be installed in /home/username/docker/traefik. From the home directory:

1
2
3
4
5
6
7
8
9

cd docker
sudo mkdir traefik
cd traefik
sudo touch compose.yml
sudo mkdir data
sudo touch config.yml
sudo touch traefik.yml
sudo touch acme.json
sudo chmod 600 acme.json

Now that we have created the directory and files, create the docker network. Techno Tim use the name proxy, so I did too. However, you can name it whatever you want, like traefik or mysuperawesomedockernetwork.

1

sudo docker network create proxy

This is where having a text editor is super helpful. Open it up, I used VS Code. If you have a folder where you store backup configs or other files navigate there, if not just create a few files with the same names above (compose.yml, config.yml, traefik.yml). You can also download them from the github repo below.

In your web browser, navigate to his github repo here. From here, edit them to whatever you need. Use the documentation as a reference as well as the two videos above in the requirements section. I used all three to figure out how to configure my Traefik instance. Then past those into the corresponding files.

After that, go to to your domain provider. I used cloudflare. Create your A record that points to your home’s IP address. Next create a C record. Call it something you’ll remember like traefik and use your domain. The result should be something like traefik.yourdomain.com.

From there, go back to your terminal session and generate a basic auth password:

1
2

sudo apt update
sudo apt install apache2-utils

1

echo $(htpasswd -nb "<USER>" "<PASSWORD>") | sed -e s/\\$/\\$\\$/g

NOTE: Replace <USER> with your username and <PASSWORD> with your password to be hashed.

==If you’re having an issue with your password, it might not be escaped properly and you can use the following command to prompt for your password==

1

echo $(htpasswd -nB USER) | sed -e s/\\$/\\$\\$/g

Paste the output in your docker-compose.yml in line (traefik.http.middlewares.traefik-auth.basicauth.users=<USER>:<HASHED-PASSWORD>)

Now spin it up:

1

sudo docker compose up -d

Any time you make changes to any of the Traefik files, navigate to the folder where the compose.yml file is and use this command in the terminal to update Traefik:

1

sudo docker compose up -d --force-recreate

An example of how to use traefik:

From home directory, to get there use command “cd ~”:

1
2
3
4

cd docker
sudo mkdir portainer
cd portainer
sudo nano compose.yml

Paste the following compose file, then escape out. I know using Mac its control+x, y, then enter. Portainer compose file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

version: '3'

services:
  portainer:
    image: portainer/portainer-ce
    container_name: portainer
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /home/aaron/docker/portainer/data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.entrypoints=http"
      - "traefik.http.routers.portainer.rule=Host(`portainer.odinactual.com`)"
      - "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
      - "traefik.http.routers.portainer-secure.entrypoints=https"
      - "traefik.http.routers.portainer-secure.rule=Host(`portainer.odinactual.com`)"
      - "traefik.http.routers.portainer-secure.tls=true"
      - "traefik.http.routers.portainer-secure.service=portainer"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.portainer-secure.middlewares=authelia@docker"

networks:
  proxy:
    external: true

traefik config file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

http:
 #region routers 
  routers:
    portainer:
      entryPoints:
        - "https"
      rule: "Host(`portainer.yourdomain.com`)"
      middlewares:
        - authelia
        - default-headers
        - https-redirectscheme
      tls: {}
      service: portainer
#endregion
#region services
  services:
    portainer:
      loadBalancer:
        servers:
          - url: "https://192.168.0.11:9000"
        passHostHeader: true
#endregion

There is more at the bottom of the config file for middlewares and more, just leave that alone.

Don’t forget to support TechnoTim. He has an online store on the same site as his blog post. Citations —

Traefik Labs - https://traefik.io/traefik/ Documentation - https://doc.traefik.io/traefik/

Title: Put Wildcard Certificates and SSL on EVERYTHING Author: Timothy Stewart URL: https://technotim.live/posts/traefik-portainer-ssl/ Github Repo: https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/traefik

Title: Is this the BEST Reverse Proxy for Docker? // Traefik Tutorial Author: Christian Lempa URL: https://www.youtube.com/watch?v=wLrmmh1eI94

traefik
homelab self-host network reverse-proxy
This post is licensed under CC BY 4.0 by the author.