From 71abe3c423ba3e3b071540cdcc7377e1d3d9fc58 Mon Sep 17 00:00:00 2001 From: tiyn Date: Sun, 23 Nov 2025 08:08:39 +0100 Subject: [PATCH] improved and expanded traefik entry --- wiki/docker/mailserver_-_docker-mailserver.md | 15 +++ wiki/docker/traefik.md | 90 +------------- wiki/traefik.md | 113 ++++++++++++++++++ 3 files changed, 133 insertions(+), 85 deletions(-) diff --git a/wiki/docker/mailserver_-_docker-mailserver.md b/wiki/docker/mailserver_-_docker-mailserver.md index 2dfd60a..16392ae 100644 --- a/wiki/docker/mailserver_-_docker-mailserver.md +++ b/wiki/docker/mailserver_-_docker-mailserver.md @@ -38,6 +38,21 @@ Finally if a reverse proxy is used check the Afterwards you're ready to go by once again running the `rebuild.sh` file. +If setting up this mailserver with [Traefik](/wiki/traefik.md) as a reverse proxy some additional +steps should be taken. +No http or https is needed. +But a certificate for the mailserver is needed regardless. +In this case add the following lines to the file `docker-compose.yml` in the +`services:` section and adapt them. + +```yml + whoami: + image: docker.io/traefik/whoami:latest + labels: + - "traefik.enable=true" + - "traefik.http.routers.whoami.rule=Host(`.`)" +``` + ### rebuild.sh ```sh diff --git a/wiki/docker/traefik.md b/wiki/docker/traefik.md index 3f1421b..a9bdea3 100644 --- a/wiki/docker/traefik.md +++ b/wiki/docker/traefik.md @@ -1,6 +1,6 @@ # traefik -This is a [Docker](/wiki/docker.md) container for a traefik edge router. +This is a [Docker](/wiki/docker.md) container for a [Traefik](/wiki/traefik.md) edge router. The official container and documentation was made by [traefik](https://hub.docker.com/_/traefik). This docker-rebuild is made up by a `docker-compose.yml` file. @@ -12,6 +12,8 @@ In that folder create the directories `data/config`. Place the files `data/traefik.yml` and `data/config/dynamic.yml` in the according directories. Change the settings according to your needs and run `./rebuild.sh` afterwards. +Additional guides on the usage of Traefik for [Docker](/wiki/docker.md) services can be found in +the [Traefik wiki entry](/wiki/traefik.md#usage). ### Volumes @@ -145,7 +147,7 @@ certificatesResolvers: ### data/config/dynamic.yml -In the config replace `username:htpasswd` with the output of +In the config replace `` with the output of `echo $(htpasswd -nb ) | sed -e s/\\$/\\$\\$/g`. ```yml @@ -162,19 +164,7 @@ http: user-auth: basicAuth: users: - - "username:htpasswd" - - redirect-non-www-to-www: - redirectregex: - permanent: true - regex: "^https?://(?:www\\.)?(.+)" - replacement: "https://www.${1}" - - redirect-www-to-non-www: - redirectregex: - permanent: true - regex: "^https?://www\\.(.+)" - replacement: "https://${1}" + - "" tls: options: @@ -188,73 +178,3 @@ tls: - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 minVersion: VersionTLS12 ``` - -The sections called `redirect-non-www-to-www` and `redirect-www-to-non-www` are adapted from a -article by Benjamin Rancourt on his -[website](https://www.benjaminrancourt.ca/how-to-redirect-from-non-www-to-www-with-traefik/). - -## Usage - -### Create reverse proxies - -To create a reverse proxy from a docker container add the following lines in the -`labels:` section of the `docker-compose.yml` of the service to proxy. - -```yml - - "traefik.enable=true" - - "traefik.docker.network=proxy" - - "traefik.http.routers.-secure.entrypoints=websecure" - - "traefik.http.routers.-secure.rule=Host(`.`)" - - "traefik.http.routers.-secure.service=" - - "traefik.http.services..loadbalancer.server.port=" -``` - -This configuration automatically redirects http to https. -When using this configuration the port specified in the latter lines can be -ommitted in the `ports:` section if not used directly. -This ensures access only via https and restricts access via ip and port. -Change `` according to the service you want to publish and `` aswell as -`` to the domain you intent to publish the service to. -Additionally if you want to redirect domains not starting with `www` to one that does not append -the following line. - -```yml - - "traefik.http.routers..middlewares=redirect-non-www-to-www" -``` - -If the opposite is the case and it should always be redirected to a domain not starting with `www` -add the following line. - -```yml - - "traefik.http.routers..middlewares=redirect-www-to-non-www" -``` - -In both of those cases the line of the first code block in this section that specifies the domain -and subdomain needs to include both the www and the non-www domains. -This should look something like the following - -Make sure to add the domain that will be redirected to the labels aswell. -For redirection to www domains this will look something like the following. - -```yml - - "traefik.http.routers..rule=Host(`.`)" -``` - -In the opposite case the domain will be `www..`. - -### Setup Mailserver - -If setting up a -[docker-mailserver by mailserver](./mailserver_-_docker-mailserver.md) no http -or https is needed. -But a certificate for the mailserver is needed regardless. -In this case add the following lines to the file `docker-compose.yml` in the -`services:` section and adapt them. - -```yml - whoami: - image: docker.io/traefik/whoami:latest - labels: - - "traefik.enable=true" - - "traefik.http.routers.whoami.rule=Host(`.`)" -``` diff --git a/wiki/traefik.md b/wiki/traefik.md index ca19c23..529d1ee 100644 --- a/wiki/traefik.md +++ b/wiki/traefik.md @@ -7,3 +7,116 @@ a special integration of infrastructure components (e.g. [Docker](./docker.md)). The software can be setup via [Docker](/wiki/docker.md) with the [traefik image](./docker/traefik.md). + +## Usage + +This section addresses the usage of Traefik. + +### Redirections for Docker Service + +It is assumed that the service already has a reverse proxy setup as described in the +[corresponding section](#reverse-proxies-for-docker-service) +For redirections to work they have to be added to the `data/config/dynamic.yml` file. + +For this to work define them inside the `data/config/dynamic.yml` set up in the +[Docker image](/wiki/docker/traefik.md) under `middlewares:`. + +Redirections are specified by Regex as shown in the following example. +`` is the name of the redirection and `` the regular expression to replace +while `` is the replacement of the regular expression. + +```yml + : + redirectregex: + permanent: true + regex: + replacement: +``` + +The `labels:` section of the [Docker](/wiki/docker.md) services that should use these redirections +have to be adapted. +The following line needs to be added. +`` is the name of the service. + +```yml + - "traefik.http.routers..middlewares=@file" +``` + +Make sure to add the domain that will be redirected to and from the labels aswell. +This will look similar like the following. +In this case the subdomains `` and `` under the domain `` is +available, but the exact look can vary since also different domains or more than two addresses can +be added. + +```yml + - "traefik.http.routers..rule=Host(`.`, `.`)" +``` + +#### Docker Redirection: Appending a `www.` + +To always append a `www.` to the address the following redirection settings can be used. + +```yml + redirect-non-www-to-www: + redirectregex: + permanent: true + regex: "^https?://(?:www\\.)?(.+)" + replacement: "https://www.${1}" +``` + +Additionally follow the setup regarding the service as explained in +[the general redirection sectino](#redirections-for-docker-service). + +#### Docker Redirection: Removing a `www.` + +To always remove a `www.` from the address the following redirection settings can be used. + +```yml + redirect-www-to-non-www: + redirectregex: + permanent: true + regex: "^https?://www\\.(.+)" + replacement: "https://${1}" +``` + +Additionally follow the setup regarding the service as explained in +[the general redirection sectino](#redirections-for-docker-service). + +#### Docker Redirection: Redirect a Domain to Another + +For a simple redirection that replaces a domain with another the following redirection settings can +be used. +This will redirect the domain `` (for example `www.abc.de`) to domain `` (for +example `123.xyz.eu`). + +```yml + redirect--to-: + redirectregex: + permanent: true + regex: "^https://(.*)" + replacement: "https://${1}" +``` + +Additionally follow the setup regarding the service as explained in +[the general redirection sectino](#redirections-for-docker-service). + +### Reverse Proxies for Docker Service + +To create a reverse proxy from a docker container add the following lines in the +`labels:` section of the `docker-compose.yml` of the service to proxy. + +```yml + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.routers.-secure.entrypoints=websecure" + - "traefik.http.routers.-secure.rule=Host(`.`)" + - "traefik.http.routers.-secure.service=" + - "traefik.http.services..loadbalancer.server.port=" +``` + +This configuration automatically redirects http to https. +When using this configuration the port specified in the latter lines can be +ommitted in the `ports:` section if not used directly. +This ensures access only via https and restricts access via ip and port. +Change `` according to the service you want to publish and `` aswell as +`` to the domain you intent to publish the service to.