Blame
|
1 | # Traefik |
||||||
| 2 | ||||||||
| 3 | **traefik** serves as our reverse-proxy and let's encrypt certificat issuer. |
|||||||
| 4 | ||||||||
| 5 | For each docker service, we create an **external network** (usually named after the service it serves) and add it to the **traefik**'s `docker-compose.yml` file, in two locations: |
|||||||
| 6 | ||||||||
| 7 | ```yaml |
|||||||
| 8 | networks: |
|||||||
| 9 | # → 1st Entry of traefik-managed networks |
|||||||
| 10 | traefik: |
|||||||
| 11 | mail: |
|||||||
| 12 | name: mailu_mail |
|||||||
| 13 | external: true |
|||||||
| 14 | # etc... |
|||||||
| 15 | ||||||||
| 16 | services: |
|||||||
| 17 | traefik: |
|||||||
| 18 | # (...) |
|||||||
| 19 | networks: |
|||||||
| 20 | # → 2nd Entry of the networks |
|||||||
| 21 | traefik: |
|||||||
| 22 | mail: |
|||||||
| 23 | # etc... |
|||||||
| 24 | ``` |
|||||||
| 25 | ||||||||
| 26 | We then have to rebuild restart (?) **traefik**. |
|||||||
| 27 | ||||||||
| 28 | ## Labels |
|||||||
| 29 | ||||||||
| 30 | To add traefik handling to a service, we use `expose` instead of `port` to set the port, and use labels: |
|||||||
| 31 | ||||||||
| 32 | ```yaml |
|||||||
| 33 | expose: |
|||||||
| 34 | - 3001 |
|||||||
| 35 | # This our default label setup. |
|||||||
| 36 | labels: |
|||||||
| 37 | - "traefik.enable=true" # Enable reverse-proxy for this service |
|||||||
| 38 | - "traefik.docker.network=uptime-kuma" # The external docker network |
|||||||
| 39 | - "traefik.http.routers.uptime-kuma.rule=Host(`status.happyngreen.fr`)" # The domain name. |
|||||||
| 40 | - "traefik.http.routers.uptime-kuma.entrypoints=web" |
|||||||
| 41 | - "traefik.http.routers.uptime-kuma.middlewares=redirect-to-https@docker" |
|||||||
| 42 | - "traefik.http.routers.uptime-kuma-secure.rule=Host(`status.happyngreen.fr`)" |
|||||||
| 43 | - "traefik.http.routers.uptime-kuma-secure.entrypoints=web-secure" |
|||||||
| 44 | - "traefik.http.routers.uptime-kuma-secure.tls=true" |
|||||||
| 45 | - "traefik.http.routers.uptime-kuma-secure.tls.certresolver=le" # The Let's Encrypt certificat type |
|||||||
| 46 | - "traefik.http.routers.uptime-kuma-secure.service=uptime-kuma-secure" |
|||||||
| 47 | - "traefik.http.services.uptime-kuma-secure.loadbalancer.server.port=3001" # The exposed port. |
|||||||
| 48 | ||||||||
| 49 | ``` |
|||||||
| 50 | ||||||||
| 51 | > [!IMPORTANT] |
|||||||
| 52 | > A **traefik** router can have any name. `uptime-kuma`, `docker-uptim-kuma`, etc. |
|||||||
| 53 | ||||||||
| 54 | ||||||||
| 55 | ## Remove `le-stg` certificats |
|||||||
| 56 | ||||||||
| 57 | Let's Encrypt certificates are stored in `$CONFIG/cert/acme.json`. You can remove the relevant lines in the `le-stg` section, then restart traefik. |
|||||||