Home A - Z Changelog
Page Index

Blame

7a26fa theophile 2025-11-29 18:43:49 1 
# Traefik
2
3
**traefik** serves as our reverse-proxy and let's encrypt certificat issuer.
4
5
For each docker service, we create an **external network** (usually named after the service it serves) and add it to the **traefik**'s `docker-compose.yml` file, in two locations:
6
7
```yaml
8
networks:
9
# → 1st Entry of traefik-managed networks
10
traefik:
11
mail:
12
name: mailu_mail
13
external: true
14
# etc...
15
16
services:
17
traefik:
18
# (...)
19
networks:
20
# → 2nd Entry of the networks
21
traefik:
22
mail:
23
# etc...
24
```
25
26
We then have to rebuild restart (?) **traefik**.
27
28
## Labels
29
30
To add traefik handling to a service, we use `expose` instead of `port` to set the port, and use labels:
31
32
```yaml
33
expose:
34
- 3001
35
# This our default label setup.
36
labels:
37
- "traefik.enable=true" # Enable reverse-proxy for this service
38
- "traefik.docker.network=uptime-kuma" # The external docker network
39
- "traefik.http.routers.uptime-kuma.rule=Host(`status.happyngreen.fr`)" # The domain name.
40
- "traefik.http.routers.uptime-kuma.entrypoints=web"
41
- "traefik.http.routers.uptime-kuma.middlewares=redirect-to-https@docker"
42
- "traefik.http.routers.uptime-kuma-secure.rule=Host(`status.happyngreen.fr`)"
43
- "traefik.http.routers.uptime-kuma-secure.entrypoints=web-secure"
44
- "traefik.http.routers.uptime-kuma-secure.tls=true"
45
- "traefik.http.routers.uptime-kuma-secure.tls.certresolver=le" # The Let's Encrypt certificat type
46
- "traefik.http.routers.uptime-kuma-secure.service=uptime-kuma-secure"
47
- "traefik.http.services.uptime-kuma-secure.loadbalancer.server.port=3001" # The exposed port.
48
49
```
50
51
> [!IMPORTANT]
52
> A **traefik** router can have any name. `uptime-kuma`, `docker-uptim-kuma`, etc.
53
54
55
## Remove `le-stg` certificats
56
57
Let's Encrypt certificates are stored in `$CONFIG/cert/acme.json`. You can remove the relevant lines in the `le-stg` section, then restart traefik.