Traefik¶
Traefik is used as my reverse proxy.
Installation¶
Default Port: 80
Config¶
Note
Paths in config file should be absolute.
Service¶
/etc/systemd/system/traefik.service
cat > /etc/systemd/system/ventoy.service <<EOF
[Unit]
Description=Traefik is an open-source Edge Router that makes publishing your services a fun and easy experience
[Service]
Type=notify
EnvironmentFile=/root/git/nicholaswilde/homelab/pve/traefik/.env
ExecStart=/usr/bin/traefik --configFile=/root/git/nicholaswilde/homelab/pve/traefik/traefik.yaml
Restart=on-failure
ExecReload=/bin/kill -USR1 $MAINPID
[Install]
WantedBy=multi-user.target
EOF
[Unit]
Description=Traefik is an open-source Edge Router that makes publishing your services a fun and easy experience
[Service]
Type=notify
EnvironmentFile=/root/git/nicholaswilde/homelab/pve/traefik/.env
ExecStart=/usr/bin/traefik --configFile=/root/git/nicholaswilde/homelab/pve/traefik/traefik.yaml
Restart=on-failure
ExecReload=/bin/kill -USR1 $MAINPID
[Install]
WantedBy=multi-user.target
Enable service
homelab/pve/traefik/traefik.yaml
---
providers:
file:
filename: /root/git/nicholaswilde/homelab/pve/traefik/middlewares.yaml
directory: /root/git/nicholaswilde/homelab/pve/traefik/conf.d/
watch: true
entryPoints:
web:
address: ':80'
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ':443'
http:
tls:
certResolver: cloudflare
traefik:
address: ':8080'
# mailsecure:
# address: ':465'
certificatesResolvers:
cloudflare:
acme:
email: [email protected]
storage: /root/git/nicholaswilde/homelab/pve/traefik/ssl/acme.json
caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
dnsChallenge:
provider: cloudflare
#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
# letsencrypt:
# acme:
# email: "[email protected]"
# storage: /etc/traefik/ssl/acme.json
# tlsChallenge: {}
serversTransport:
insecureSkipVerify: true
api:
dashboard: true
insecure: true
debug: true
log:
filePath: /var/log/traefik/traefik.log
format: common
level: INFO
accessLog:
filePath: /var/log/traefik/traefik-access.log
format: json
filters:
statusCodes:
- "200"
- "400-599"
retryAttempts: true
minDuration: "10ms"
bufferingSize: 0
fields:
headers:
defaultMode: drop
names:
User-Agent: keep
homelab/pve/traefik/conf.d/config.yaml
---
http:
routers:
traefik:
entrypoints:
- web
rule: Host(`traefik.l.nicholaswilde.io`)
middlewares: traefik-https-redirect
service: api@internal
traefik-secure:
entrypoints:
- websecure
rule: Host(`traefik.l.nicholaswilde.io`)
# middlewares: traefik-auth
tls:
certresolver: cloudflare
domains:
- main: l.nicholaswilde.io
sans:
- '*.l.nicholaswilde.io'
service: api@internal
middlewares:
# traefik-auth:
# basicAuth:
# users: ${TRAEFIK_DASHBOARD_CREDENTIALS}
traefik-https-redirect:
redirectScheme:
scheme: https
sslheader:
headers:
customRequestHeaders:
X-Forwarded-Proto: https
Usage¶
Create new config for app
homelab/pve/traefik/conf.d/
Edit config file
Restart traefik
Test URL
Comment out middleware in config file
Restart traefik
Test URL
Remove middleware or uncomment middleware
Restart traefik