I have read, experimented, cried, screamed and finally I got an not to trivial Traefik setup working. Well almost.
I might just be blind due to all my tests and configuration changes that I am making a simple mistake... here is my docker-compose in all its glory.
version: '3.9'
services:
traefik:
container_name: traefik
image: traefik
command:
- --api=true
- --api.dashboard=true
- --api.insecure=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls.domains[0].main=$DOMAINNAME
- --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAINNAME
- --certificatesresolvers.cloudflare.acme.email=$CLOUDFLARE_EMAIL
- --certificatesresolvers.cloudflare.acme.dnschallenge=true
- --certificatesresolvers.cloudflare.acme.dnschallenge.delaybeforecheck=0
- --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
- --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers[0]=1.1.1.1:53
- --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers[1]=8.8.8.8:53
- --certificatesresolvers.cloudflare.acme.caServer=$TRAEFIK_ACME_CASERVER
- --certificatesresolvers.cloudflare.acme.storage=/acme.json
- --pilot.token=e2a6ea5f-ec65-4384-8446-dd0a72fa463c
- --api.debug=true
- --log=true
- --log.level=ERROR
- --providers.docker=true
- --providers.docker.exposedbydefault=false
restart: unless-stopped
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- web
labels:
- traefik.enable=true
- traefik.port=8080
- traefik.network=web
- traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.rule=Host(`$TRAEFIK_DASHBOARD`)
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./appdata/traefik/acme.json:/acme.json
environment:
- CLOUDFLARE_EMAIL=$CLOUDFLARE_EMAIL
- CLOUDFLARE_API_KEY=$CLOUDFLARE_KEY
heimdall:
image: ghcr.io/linuxserver/heimdall:development
container_name: heimdall
environment:
- PUID=1000
- PGID=1000
- TZ=${TZ}
volumes:
- ./appdata/heimdall:/config
restart: unless-stopped
networks:
- web
labels:
- traefik.http.routers.heimdall.rule=Host(`start.${DOMAINNAME}`)
networks:
web:
external: true
Yes I am using both Letsencrypt and Cloudflare, call me paranoid.
All I want to do is to get heimdall to answer on start. That seems to be the easiest thing but no... I guess I have f**kd up somewhere, if so please point it out.
I have the dashboard working.
I can start this compose file without any issues, I get an 526 when I try to access start.domain.
Invalid SSL certificate?
So some changes, added the network web, now I get a 404. That is a fall forward.