Traefik

traefik serves as our reverse-proxy and let's encrypt certificat issuer.

For each docker service, we create an external network (usually named after the service it serves) and add it to the traefik's docker-compose.yml file, in two locations:

networks:
    # → 1st Entry of traefik-managed networks
    traefik:
    mail:
        name: mailu_mail
        external: true
    # etc...

services:
    traefik:
        # (...)
        networks:
            # → 2nd Entry of the networks
            traefik:
            mail:
            # etc...

We then have to rebuild restart (?) traefik.

Labels

To add traefik handling to a service, we use expose instead of port to set the port, and use labels:

    expose: 
        - 3001
# This our default label setup. 
    labels:
        - "traefik.enable=true" # Enable reverse-proxy for this service
        - "traefik.docker.network=uptime-kuma" # The external docker network
        - "traefik.http.routers.uptime-kuma.rule=Host(`status.happyngreen.fr`)" # The domain name.
        - "traefik.http.routers.uptime-kuma.entrypoints=web"
        - "traefik.http.routers.uptime-kuma.middlewares=redirect-to-https@docker"
        - "traefik.http.routers.uptime-kuma-secure.rule=Host(`status.happyngreen.fr`)"
        - "traefik.http.routers.uptime-kuma-secure.entrypoints=web-secure"
        - "traefik.http.routers.uptime-kuma-secure.tls=true"
        - "traefik.http.routers.uptime-kuma-secure.tls.certresolver=le" # The Let's Encrypt certificat type
        - "traefik.http.routers.uptime-kuma-secure.service=uptime-kuma-secure"
        - "traefik.http.services.uptime-kuma-secure.loadbalancer.server.port=3001" # The exposed port.

Important

A traefik router can have any name. uptime-kuma, docker-uptim-kuma, etc.

Remove `le-stg` certificats

Let's Encrypt certificates are stored in $CONFIG/cert/acme.json. You can remove the relevant lines in the le-stg section, then restart traefik.

Traefik

Labels

Remove le-stg certificats

Remove `le-stg` certificats