Block external access

knighthawk72 · June 20, 2024, 6:25pm

I have several services setup using traefik and everything is working great, but I'd actually like to block one of the services from answering to external requests. I still want traefik to manage the certificate, but I only want it available on my LAN or VPN.

I assume LetsEncrypt would need access to the fqdn, which might mean allowing a list of IPs for LetsEncrypt. Looks like they say not to do that, but there are some published lists of their IPs.

Is there any way to do this?

Thanks!

bluepuma77 · June 20, 2024, 7:10pm

If you use tlsChallenge with LetsEncrypt, I would assume that you can get a TLS cert, even if the router rule uses an additional ClientIP() (doc), limiting the proxying to internal IPs.

knighthawk72 · June 20, 2024, 7:11pm

Yes, I'm using tlsChallenge. I'll check out that doc.

Thanks!

knighthawk72 · June 20, 2024, 8:18pm

Can't figure how to do multiple networks. Tried many iterations on one line. If I put two lines it only takes the last one.

traefik.http.routers.myapp.rule=ClientIP(192.168.1.0/24)
traefik.http.routers.myapp.rule=ClientIP(172.16.1.0/24)

How do I get both of these to work?

Thanks

knighthawk72 · June 20, 2024, 9:40pm

Figured it out. For anyone else:

traefik.http.routers.myapp.rule=(ClientIP(172.16.1.0/24) || ClientIP(192.168.1.0/24))

Thanks

bluepuma77 · June 21, 2024, 5:36am

The docs do help

I would probably use something like:

.rule=Host() && ( ClientIP() || ClientIP() )

Topic		Replies	Views
TLS for internal network Traefik v2 docker	0	365	March 22, 2020
Is there something like a "traefik service discovery"? Traefik v2 docker	0	296	July 9, 2020
Need help limiting container access to private IPs when using HTTPS Traefik v2 docker , middleware	9	7107	April 28, 2022
Need help - Setting up Traefik with Lets Encrypt Traefik v3 (latest) docker	1	124	September 8, 2024
Traefik Routing or Redirect Traefik v2 docker	2	1151	February 26, 2024

Block external access

Related topics