traefik¶
Cloud-native reverse proxy and load balancer (https://traefik.io)
--- Installation (Docker) ---
To run traefik with Docker:
--- Static Configuration (traefik.yml) ---
Minimal traefik.yml example: api: dashboard: true insecure: true
entryPoints: web: address: ":80" websecure: address: ":443"
providers: docker: exposedByDefault: false file: directory: /etc/traefik/conf.d watch: true
certificatesResolvers:
letsencrypt:
acme:
email: admin@example.com
storage: /letsencrypt/acme.json
httpChallenge:
entryPoint: web
--- Dynamic Configuration (conf.d/*.yml) ---
To add a new service route (file provider):
http:
routers:
myapp:
rule: "Host(myapp.home)"
service: myapp
entryPoints:
- web
services:
myapp:
loadBalancer:
servers:
- url: "http://192.168.1.50:8080"
--- Docker Labels ---
To expose a container via traefik (docker-compose):
labels:
- "traefik.enable=true"
- "traefik.http.routers.myapp.rule=Host(myapp.home)"
- "traefik.http.routers.myapp.entrypoints=web"
- "traefik.http.services.myapp.loadbalancer.server.port=8080"
To add HTTPS with Let's Encrypt:
labels:
- "traefik.http.routers.myapp.entrypoints=websecure"
- "traefik.http.routers.myapp.tls.certresolver=letsencrypt"
To add basic auth middleware:
labels:
- "traefik.http.middlewares.auth.basicauth.users=user:$\(hashed\)$password"
- "traefik.http.routers.myapp.middlewares=auth"
--- Dashboard ---
To access the traefik dashboard (insecure mode):
http://localhost:8080/dashboard/
To check registered routers via API:
--- Homelab Convention ---
Add new service conf in: pve/traefik/conf.d/