Hi, I am in need of some help, I have already tried some things but without any luck. I need to access Winbox via domain (Yes I know its dumb, but I need this for some specific use case). I tried TCP routing with Traefik because I don't want TLS to get involved but it still doesn't work. But when I set static DNS entry on my Pihole at home it works so there has to be some mistake within Traefik redirection or my config is bad.
Here is my config that I am currently running:
traefik.yml
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
WinBox:
address: "8291"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: example@gmail.com
storage: acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
Docker-Compose.yml
version: '3'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
-8291:8291
environment:
- CF_API_EMAIL=example@gmail.com
- CF_DNS_API_TOKEN=****
# be sure to use the correct one depending on if you are using a token or key
- CF_API_KEY=*****
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/admin/traefik/data/traefik.yml:/traefik.yml:ro
- /home/admin/traefik/data/acme.json:/acme.json
- /home/admin/traefik/data/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
# https
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.local.example.com`)"
# wildcard certs
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=local.example.com"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.example.com"
- "traefik.http.routers.traefik-secure.tls.domains[1].main=example.com"
- "traefik.http.routers.traefik-secure.tls.domains[1].sans=*.example.com"
- "traefik.http.routers.traefik-secure.service=api@internal"
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
networks:
proxy:
external: true
config.yml:
http:
routers:
zabbix:
entryPoints:
- "https"
rule: "Host(`zab.example.com`)"
middlewares:
#- redirectregex-zabbix
- default-headers
#- addprefix-zabbix
- https-redirectscheme
tls: {}
service: zabbix
#endregion
#region services
services:
zabbix:
loadBalancer:
servers:
- url: "http://192.168.88.207:80"
passHostHeader: true
#endregion
middlewares:
#addprefix-zabbix:
# addPrefix:
# prefix: "/zabbix"
https-redirectscheme:
redirectScheme:
scheme: https
permanent: true
#redirectregex-zabbix:
# redirectRegex:
# regex: /zabbix/$
# replacement: /
default-headers:
headers:
frameDeny: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
tcp:
routers:
RB2011SPS:
entryPoints:
- "WinBox"
rule: "HostSNI(`winbox.example.com`)"
service: RB2011SPS
services:
RB2011SPS:
loadBalancer:
servers:
- address: "192.168.99.101:8291"