improved and expanded traefik entry

2025-11-26 21:29:46 +01:00 · 2025-11-23 08:08:39 +01:00
parent de74434cf3
commit 71abe3c423
3 changed files with 133 additions and 85 deletions
--- a/wiki/docker/mailserver_-_docker-mailserver.md
+++ b/wiki/docker/mailserver_-_docker-mailserver.md
@@ -38,6 +38,21 @@ Finally if a reverse proxy is used check the

 Afterwards you're ready to go by once again running the `rebuild.sh` file.

+If setting up this mailserver with [Traefik](/wiki/traefik.md) as a reverse proxy some additional
+steps should be taken.
+No http or https is needed.
+But a certificate for the mailserver is needed regardless.
+In this case add the following lines to the file `docker-compose.yml` in the
+`services:` section and adapt them.
+
+```yml
+  whoami:
+    image: docker.io/traefik/whoami:latest
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.whoami.rule=Host(`<subdomain>.<domain>`)"
+```
+
 ### rebuild.sh

 ```sh
--- a/wiki/docker/traefik.md
+++ b/wiki/docker/traefik.md
@@ -1,6 +1,6 @@
 # traefik

-This is a [Docker](/wiki/docker.md) container for a traefik edge router.
+This is a [Docker](/wiki/docker.md) container for a [Traefik](/wiki/traefik.md) edge router.
 The official container and documentation was made by
 [traefik](https://hub.docker.com/_/traefik).
 This docker-rebuild is made up by a `docker-compose.yml` file.
@@ -12,6 +12,8 @@ In that folder create the directories `data/config`.
 Place the files `data/traefik.yml` and `data/config/dynamic.yml` in the
 according directories.
 Change the settings according to your needs and run `./rebuild.sh` afterwards.
+Additional guides on the usage of Traefik for [Docker](/wiki/docker.md) services can be found in
+the [Traefik wiki entry](/wiki/traefik.md#usage).

 ### Volumes

@@ -145,7 +147,7 @@ certificatesResolvers:

 ### data/config/dynamic.yml

-In the config replace `username:htpasswd` with the output of
+In the config replace `<username:htpasswd>` with the output of
 `echo $(htpasswd -nb <user> <pasword>) | sed -e s/\\$/\\$\\$/g`.

 ```yml
@@ -162,19 +164,7 @@ http:
    user-auth:
      basicAuth:
        users:
-          - "username:htpasswd"
-
-    redirect-non-www-to-www:
-      redirectregex:
-        permanent: true
-        regex: "^https?://(?:www\\.)?(.+)"
-        replacement: "https://www.${1}"
-
-    redirect-www-to-non-www:
-      redirectregex:
-        permanent: true
-        regex: "^https?://www\\.(.+)"
-        replacement: "https://${1}"
+          - "<username:htpasswd>"

 tls:
  options:
@@ -188,73 +178,3 @@ tls:
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
      minVersion: VersionTLS12
 ```
-
-The sections called `redirect-non-www-to-www` and `redirect-www-to-non-www` are adapted from a
-article by Benjamin Rancourt on his
-[website](https://www.benjaminrancourt.ca/how-to-redirect-from-non-www-to-www-with-traefik/).
-
-## Usage
-
-### Create reverse proxies
-
-To create a reverse proxy from a docker container add the following lines in the
-`labels:` section of the `docker-compose.yml` of the service to proxy.
-
-```yml
-  - "traefik.enable=true"
-  - "traefik.docker.network=proxy"
-  - "traefik.http.routers.<service name>-secure.entrypoints=websecure"
-  - "traefik.http.routers.<service name>-secure.rule=Host(`<subdomain>.<domain>`)"
-  - "traefik.http.routers.<service name>-secure.service=<service name>"
-  - "traefik.http.services.<service name>.loadbalancer.server.port=<port>"
-```
-
-This configuration automatically redirects http to https.
-When using this configuration the port specified in the latter lines can be
-ommitted in the `ports:` section if not used directly.
-This ensures access only via https and restricts access via ip and port.
-Change `<service name>` according to the service you want to publish and `<subdomain>` aswell as
-`<domain>` to the domain you intent to publish the service to.
-Additionally if you want to redirect domains not starting with `www` to one that does not append
-the following line.
-
-```yml
-  - "traefik.http.routers.<service name>.middlewares=redirect-non-www-to-www"
-```
-
-If the opposite is the case and it should always be redirected to a domain not starting with `www`
-add the following line.
-
-```yml
-  - "traefik.http.routers.<service name>.middlewares=redirect-www-to-non-www"
-```
-
-In both of those cases the line of the first code block in this section that specifies the domain
-and subdomain needs to include both the www and the non-www domains.
-This should look something like the following
-
-Make sure to add the domain that will be redirected to the labels aswell.
-For redirection to www domains this will look something like the following.
-
-```yml
-  - "traefik.http.routers.<service name>.rule=Host(`<subdomain>.<domain>`)"
-```
-
-In the opposite case the domain will be `www.<subdomain>.<domain>`.
-
-### Setup Mailserver
-
-If setting up a
-[docker-mailserver by mailserver](./mailserver_-_docker-mailserver.md) no http
-or https is needed.
-But a certificate for the mailserver is needed regardless.
-In this case add the following lines to the file `docker-compose.yml` in the
-`services:` section and adapt them.
-
-```yml
-  whoami:
-    image: docker.io/traefik/whoami:latest
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.whoami.rule=Host(`<subdomain>.<domain>`)"
-```
--- a/wiki/traefik.md
+++ b/wiki/traefik.md
@@ -7,3 +7,116 @@ a special integration of infrastructure components (e.g. [Docker](./docker.md)).

 The software can be setup via [Docker](/wiki/docker.md) with the
 [traefik image](./docker/traefik.md).
+
+## Usage
+
+This section addresses the usage of Traefik.
+
+### Redirections for Docker Service
+
+It is assumed that the service already has a reverse proxy setup as described in the
+[corresponding section](#reverse-proxies-for-docker-service)
+For redirections to work they have to be added to the `data/config/dynamic.yml` file.
+
+For this to work define them inside the `data/config/dynamic.yml` set up in the
+[Docker image](/wiki/docker/traefik.md) under `middlewares:`.
+
+Redirections are specified by Regex as shown in the following example.
+`<redirection-name>` is the name of the redirection and `<regex>` the regular expression to replace
+while `<replacement>` is the replacement of the regular expression.
+
+```yml
+    <redirection-name>:
+      redirectregex:
+        permanent: true
+        regex: <regex>
+        replacement: <replacement>
+```
+
+The `labels:` section of the [Docker](/wiki/docker.md) services that should use these redirections
+have to be adapted.
+The following line needs to be added.
+`<service-name>` is the name of the service.
+
+```yml
+  - "traefik.http.routers.<service-name>.middlewares=<redirection-name>@file"
+```
+
+Make sure to add the domain that will be redirected to and from the labels aswell.
+This will look similar like the following.
+In this case the subdomains `<subdomain-1>` and `<subdomain-2>` under the domain `<domain>` is
+available, but the exact look can vary since also different domains or more than two addresses can
+be added.
+
+```yml
+  - "traefik.http.routers.<service-name>.rule=Host(`<subdomain-1>.<domain>`, `<subdomain-2>.<domain>`)"
+```
+
+#### Docker Redirection: Appending a `www.`
+
+To always append a `www.` to the address the following redirection settings can be used.
+
+```yml
+    redirect-non-www-to-www:
+      redirectregex:
+        permanent: true
+        regex: "^https?://(?:www\\.)?(.+)"
+        replacement: "https://www.${1}"
+```
+
+Additionally follow the setup regarding the service as explained in
+[the general redirection sectino](#redirections-for-docker-service).
+
+#### Docker Redirection: Removing a `www.`
+
+To always remove a `www.` from the address the following redirection settings can be used.
+
+```yml
+    redirect-www-to-non-www:
+      redirectregex:
+        permanent: true
+        regex: "^https?://www\\.(.+)"
+        replacement: "https://${1}"
+```
+
+Additionally follow the setup regarding the service as explained in
+[the general redirection sectino](#redirections-for-docker-service).
+
+#### Docker Redirection: Redirect a Domain to Another
+
+For a simple redirection that replaces a domain with another the following redirection settings can
+be used.
+This will redirect the domain `<domain-1>` (for example `www.abc.de`) to domain `<domain-2>` (for
+example `123.xyz.eu`).
+
+```yml
+    redirect-<domain-1>-to-<domain-2>:
+      redirectregex:
+        permanent: true
+        regex: "^https://<domain-1>(.*)"
+        replacement: "https://<domain-2>${1}"
+```
+
+Additionally follow the setup regarding the service as explained in
+[the general redirection sectino](#redirections-for-docker-service).
+
+### Reverse Proxies for Docker Service
+
+To create a reverse proxy from a docker container add the following lines in the
+`labels:` section of the `docker-compose.yml` of the service to proxy.
+
+```yml
+  - "traefik.enable=true"
+  - "traefik.docker.network=proxy"
+  - "traefik.http.routers.<service-name>-secure.entrypoints=websecure"
+  - "traefik.http.routers.<service-name>-secure.rule=Host(`<subdomain>.<domain>`)"
+  - "traefik.http.routers.<service-name>-secure.service=<service-name>"
+  - "traefik.http.services.<service-name>.loadbalancer.server.port=<port>"
+```
+
+This configuration automatically redirects http to https.
+When using this configuration the port specified in the latter lines can be
+ommitted in the `ports:` section if not used directly.
+This ensures access only via https and restricts access via ip and port.
+Change `<service-name>` according to the service you want to publish and `<subdomain>` aswell as
+`<domain>` to the domain you intent to publish the service to.