tiyn/wiki
1
0
Fork 0
mirror of https://github.com/tiyn/wiki.git synced 2025-11-27 05:39:45 +01:00
Code Issues Projects Releases Wiki Activity

improved and expanded traefik entry

Browse Source
This commit is contained in:
Marten B. Kante
2025-11-23 08:08:39 +01:00
parent de74434cf3
commit 71abe3c423
3 changed files with 133 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
wiki/docker/mailserver_-_docker-mailserver.md
View File

@@ -38,6 +38,21 @@ Finally if a reverse proxy is used check the
Afterwards you're ready to go by once again running the `rebuild.sh` file. Afterwards you're ready to go by once again running the `rebuild.sh` file.
If setting up this mailserver with [Traefik](/wiki/traefik.md) as a reverse proxy some additional
steps should be taken.
No http or https is needed.
But a certificate for the mailserver is needed regardless.
In this case add the following lines to the file `docker-compose.yml` in the
`services:` section and adapt them.
```yml
whoami:
image: docker.io/traefik/whoami:latest
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`<subdomain>.<domain>`)"
```
### rebuild.sh ### rebuild.sh
```sh ```sh

90
wiki/docker/traefik.md
View File

@@ -1,6 +1,6 @@
# traefik # traefik
This is a [Docker](/wiki/docker.md) container for a traefik edge router. This is a [Docker](/wiki/docker.md) container for a [Traefik](/wiki/traefik.md) edge router.
The official container and documentation was made by The official container and documentation was made by
[traefik](https://hub.docker.com/_/traefik). [traefik](https://hub.docker.com/_/traefik).
This docker-rebuild is made up by a `docker-compose.yml` file. This docker-rebuild is made up by a `docker-compose.yml` file.
@@ -12,6 +12,8 @@ In that folder create the directories `data/config`.
Place the files `data/traefik.yml` and `data/config/dynamic.yml` in the Place the files `data/traefik.yml` and `data/config/dynamic.yml` in the
according directories. according directories.
Change the settings according to your needs and run `./rebuild.sh` afterwards. Change the settings according to your needs and run `./rebuild.sh` afterwards.
Additional guides on the usage of Traefik for [Docker](/wiki/docker.md) services can be found in
the [Traefik wiki entry](/wiki/traefik.md#usage).
### Volumes ### Volumes
@@ -145,7 +147,7 @@ certificatesResolvers:
### data/config/dynamic.yml ### data/config/dynamic.yml
In the config replace `username:htpasswd` with the output of In the config replace `<username:htpasswd>` with the output of
`echo $(htpasswd -nb <user> <pasword>) | sed -e s/\\$/\\$\\$/g`. `echo $(htpasswd -nb <user> <pasword>) | sed -e s/\\$/\\$\\$/g`.
```yml ```yml
@@ -162,19 +164,7 @@ http:
user-auth: user-auth:
basicAuth: basicAuth:
users: users:
- "username:htpasswd" - "<username:htpasswd>"
redirect-non-www-to-www:
redirectregex:
permanent: true
regex: "^https?://(?:www\\.)?(.+)"
replacement: "https://www.${1}"
redirect-www-to-non-www:
redirectregex:
permanent: true
regex: "^https?://www\\.(.+)"
replacement: "https://${1}"
tls: tls:
options: options:
@@ -188,73 +178,3 @@ tls:
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
minVersion: VersionTLS12 minVersion: VersionTLS12
``` ```
The sections called `redirect-non-www-to-www` and `redirect-www-to-non-www` are adapted from a
article by Benjamin Rancourt on his
[website](https://www.benjaminrancourt.ca/how-to-redirect-from-non-www-to-www-with-traefik/).
## Usage
### Create reverse proxies
To create a reverse proxy from a docker container add the following lines in the
`labels:` section of the `docker-compose.yml` of the service to proxy.
```yml
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.<service name>-secure.entrypoints=websecure"
- "traefik.http.routers.<service name>-secure.rule=Host(`<subdomain>.<domain>`)"
- "traefik.http.routers.<service name>-secure.service=<service name>"
- "traefik.http.services.<service name>.loadbalancer.server.port=<port>"
```
This configuration automatically redirects http to https.
When using this configuration the port specified in the latter lines can be
ommitted in the `ports:` section if not used directly.
This ensures access only via https and restricts access via ip and port.
Change `<service name>` according to the service you want to publish and `<subdomain>` aswell as
`<domain>` to the domain you intent to publish the service to.
Additionally if you want to redirect domains not starting with `www` to one that does not append
the following line.
```yml
- "traefik.http.routers.<service name>.middlewares=redirect-non-www-to-www"
```
If the opposite is the case and it should always be redirected to a domain not starting with `www`
add the following line.
```yml
- "traefik.http.routers.<service name>.middlewares=redirect-www-to-non-www"
```
In both of those cases the line of the first code block in this section that specifies the domain
and subdomain needs to include both the www and the non-www domains.
This should look something like the following
Make sure to add the domain that will be redirected to the labels aswell.
For redirection to www domains this will look something like the following.
```yml
- "traefik.http.routers.<service name>.rule=Host(`<subdomain>.<domain>`)"
```
In the opposite case the domain will be `www.<subdomain>.<domain>`.
### Setup Mailserver
If setting up a
[docker-mailserver by mailserver](./mailserver_-_docker-mailserver.md) no http
or https is needed.
But a certificate for the mailserver is needed regardless.
In this case add the following lines to the file `docker-compose.yml` in the
`services:` section and adapt them.
```yml
whoami:
image: docker.io/traefik/whoami:latest
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`<subdomain>.<domain>`)"
```

113
wiki/traefik.md
View File

@@ -7,3 +7,116 @@ a special integration of infrastructure components (e.g. [Docker](./docker.md)).
The software can be setup via [Docker](/wiki/docker.md) with the The software can be setup via [Docker](/wiki/docker.md) with the
[traefik image](./docker/traefik.md). [traefik image](./docker/traefik.md).
## Usage
This section addresses the usage of Traefik.
### Redirections for Docker Service
It is assumed that the service already has a reverse proxy setup as described in the
[corresponding section](#reverse-proxies-for-docker-service)
For redirections to work they have to be added to the `data/config/dynamic.yml` file.
For this to work define them inside the `data/config/dynamic.yml` set up in the
[Docker image](/wiki/docker/traefik.md) under `middlewares:`.
Redirections are specified by Regex as shown in the following example.
`<redirection-name>` is the name of the redirection and `<regex>` the regular expression to replace
while `<replacement>` is the replacement of the regular expression.
```yml
<redirection-name>:
redirectregex:
permanent: true
regex: <regex>
replacement: <replacement>
```
The `labels:` section of the [Docker](/wiki/docker.md) services that should use these redirections
have to be adapted.
The following line needs to be added.
`<service-name>` is the name of the service.
```yml
- "traefik.http.routers.<service-name>.middlewares=<redirection-name>@file"
```
Make sure to add the domain that will be redirected to and from the labels aswell.
This will look similar like the following.
In this case the subdomains `<subdomain-1>` and `<subdomain-2>` under the domain `<domain>` is
available, but the exact look can vary since also different domains or more than two addresses can
be added.
```yml
- "traefik.http.routers.<service-name>.rule=Host(`<subdomain-1>.<domain>`, `<subdomain-2>.<domain>`)"
```
#### Docker Redirection: Appending a `www.`
To always append a `www.` to the address the following redirection settings can be used.
```yml
redirect-non-www-to-www:
redirectregex:
permanent: true
regex: "^https?://(?:www\\.)?(.+)"
replacement: "https://www.${1}"
```
Additionally follow the setup regarding the service as explained in
[the general redirection sectino](#redirections-for-docker-service).
#### Docker Redirection: Removing a `www.`
To always remove a `www.` from the address the following redirection settings can be used.
```yml
redirect-www-to-non-www:
redirectregex:
permanent: true
regex: "^https?://www\\.(.+)"
replacement: "https://${1}"
```
Additionally follow the setup regarding the service as explained in
[the general redirection sectino](#redirections-for-docker-service).
#### Docker Redirection: Redirect a Domain to Another
For a simple redirection that replaces a domain with another the following redirection settings can
be used.
This will redirect the domain `<domain-1>` (for example `www.abc.de`) to domain `<domain-2>` (for
example `123.xyz.eu`).
```yml
redirect-<domain-1>-to-<domain-2>:
redirectregex:
permanent: true
regex: "^https://<domain-1>(.*)"
replacement: "https://<domain-2>${1}"
```
Additionally follow the setup regarding the service as explained in
[the general redirection sectino](#redirections-for-docker-service).
### Reverse Proxies for Docker Service
To create a reverse proxy from a docker container add the following lines in the
`labels:` section of the `docker-compose.yml` of the service to proxy.
```yml
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.<service-name>-secure.entrypoints=websecure"
- "traefik.http.routers.<service-name>-secure.rule=Host(`<subdomain>.<domain>`)"
- "traefik.http.routers.<service-name>-secure.service=<service-name>"
- "traefik.http.services.<service-name>.loadbalancer.server.port=<port>"
```
This configuration automatically redirects http to https.
When using this configuration the port specified in the latter lines can be
ommitted in the `ports:` section if not used directly.
This ensures access only via https and restricts access via ip and port.
Change `<service-name>` according to the service you want to publish and `<subdomain>` aswell as
`<domain>` to the domain you intent to publish the service to.