Skip to main content

Traefik reverse proxy

·222 words·2 mins
Author
Ian Blockmans
I make things and also virtual things
Table of Contents

about Traefik
#

Traefik proxy is a free open source reverse proxy and load balancer service. For me this enables the use of hostname’s in my local network and on the open internet. No more trying to remember IP addresses and ports.

Generation script
#

Check py-tools/traefik-config-gen.py on my git homelab page.

File(yaml)
# 

http:
  routers:
    {NAME}Lan80:
      entrypoints: "web"
      middlewares:
      - "https-redirect"
      rule: "Host(`{NAME}.ian.lan`)"
      service: {NAME}
    {NAME}Lan443:
      entrypoints: "websecure"
      rule: "Host(`{NAME}.ian.lan`)"
      tls: "true"
      service: {NAME}

    {NAME}Wan80:
      entrypoints: "web"
      middlewares:
      - "https-redirect"
      rule: "Host(`{NAME}.ianb.be`)"
      service: {NAME}
    {NAME}Wan443:
      entrypoints: "websecure"
      rule: "Host(`{NAME}.ianb.be`)"
      tls:
      certResolver: "staging"
      service: {NAME}


  services:
    {NAME}:
      loadBalancer:
        servers:
        - url: http://{IP}:{PORT}/

Docker
#

labels to add to docker to expose with traefik.

    labels:
      traefik.enable: "true"
      traefik.http.routers.{NAME}80.entrypoints: "web"
      traefik.http.routers.{NAME}80.rule: "Host(`{NAME}.ian.lan`)"
      traefik.http.routers.{NAME}80.tls: "false"
      traefik.http.routers.{NAME}80.middlewares: "{NAME}-https"
      traefik.http.middlewares.{NAME}-https.redirectscheme.scheme: "https"
      traefik.http.routers.{NAME}.entrypoints: "websecure"
      traefik.http.routers.{NAME}.rule: "Host(`{NAME}.ian.lan`)"
      traefik.http.routers.{NAME}.tls: "true"

      traefik.http.routers.{NAME}80r.entrypoints: "web"
      traefik.http.routers.{NAME}80r.rule: "Host(`{NAME}.ianb.be`)"
      traefik.http.routers.{NAME}80r.tls: "false"
      traefik.http.routers.{NAME}80r.middlewares: "{NAME}-https"
      traefik.http.routers.{NAME}r.entrypoints: "websecure"
      traefik.http.routers.{NAME}r.rule: "Host(`{NAME}.ianb.be`)"
      traefik.http.routers.{NAME}r.tls: "true"
      traefik.http.routers.{NAME}r.tls.certresolver: "staging"

      traefik.http.services.all_{CONTAINER_NAME}.loadbalancer.server.port: "{PORT}"

Kubernetes
#

Credit to Christian Lempa.

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: your-ingressroute # <-- Replace with your IngressRoute name
  namespace: your-namespace  # <-- Replace with your namespace
spec:
  entryPoints:
  - web
  - websecure
  routes:
  - match: Host(`your-fqdn`)  # <-- Replace with your FQDN
    kind: Rule
    services:
    - name: your-service  # <-- Replace with your service name
      port: 80
  # --> (Optional) Add certificate secret
  # tls:
  #   secretName: your-certificate-secret
  # <--

Related

Network map
·157 words·1 min
Personal vpn with Netbird
·212 words·1 min
Monitoring uptime with Uptime Kuma
·75 words·1 min