# Traefik

**traefik** serves as our reverse-proxy and let's encrypt certificat issuer.

For each docker service, we create an **external network** (usually named after the service it serves) and add it to the **traefik**'s `docker-compose.yml` file, in two locations: 

```yaml
networks:
    # → 1st Entry of traefik-managed networks
    traefik:
    mail:
        name: mailu_mail
        external: true
    # etc...

services:
    traefik:
        # (...)
        networks:
            # → 2nd Entry of the networks
            traefik:
            mail:
            # etc...
```

We then have to rebuild restart (?) **traefik**.

## Labels

To add traefik handling to a service, we use `expose` instead of `port` to set the port, and use labels: 

```yaml
    expose: 
        - 3001
# This our default label setup. 
    labels:
        - "traefik.enable=true" # Enable reverse-proxy for this service
        - "traefik.docker.network=uptime-kuma" # The external docker network
        - "traefik.http.routers.uptime-kuma.rule=Host(`status.happyngreen.fr`)" # The domain name.
        - "traefik.http.routers.uptime-kuma.entrypoints=web"
        - "traefik.http.routers.uptime-kuma.middlewares=redirect-to-https@docker"
        - "traefik.http.routers.uptime-kuma-secure.rule=Host(`status.happyngreen.fr`)"
        - "traefik.http.routers.uptime-kuma-secure.entrypoints=web-secure"
        - "traefik.http.routers.uptime-kuma-secure.tls=true"
        - "traefik.http.routers.uptime-kuma-secure.tls.certresolver=le" # The Let's Encrypt certificat type
        - "traefik.http.routers.uptime-kuma-secure.service=uptime-kuma-secure"
        - "traefik.http.services.uptime-kuma-secure.loadbalancer.server.port=3001" # The exposed port.

```

> [!IMPORTANT]
> A **traefik** router can have any name. `uptime-kuma`, `docker-uptim-kuma`, etc. 


## Remove `le-stg` certificats

Let's Encrypt certificates are stored in `$CONFIG/cert/acme.json`. You can remove the relevant lines in the `le-stg` section, then restart traefik.