Have been trying to setup traefik as a reverse proxy with file and docker providers. Currently i have only gotten file provider to work. The docker provider only returns error code 404.
Test container setup:
docker run -d -p 3000:8080 --name webtest --network proxy --label traefik.enable=true rawmind/web-test
Traefik setup
docker run -d -p 8080:8080 -p 80:80 -p 443:443 --name traefik \
-v /srv/traefik/:/etc/traefik -v /var/run/docker.sock:/var/run/docker.sock \
--env CLOUDFLARE_API_KEY=api-key \
--env CLOUDFLARE_EMAIL=admin@domain.com \ traefik:2.7
traefik.yml
global:
checkNewVersion: true
sendAnonymousUsage: false
serversTransport:
insecureSkipVerify: true
log:
level: DEBUG
accesslog: {}
api:
insecure: true
dashboard: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
http:
tls:
# Generate a wildcard domain certificate
certResolver: letsencrypt
domains:
- main: domain.com
sans:
- '*.domain.com'
middlewares:
- securityHeaders
providers:
providersThrottleDuration: 2s
file:
filename: /etc/traefik/fileConfig.yml
watch: true
docker:
watch: true
endpoint: "unix:///var/run/docker.sock"
network: proxy
defaultRule: "Host(`{{ lower (trimPrefix `/` .Name )}}.domain.com`)"
exposedByDefault: false
# Use letsencrypt to generate ssl serficiates
certificatesResolvers:
letsencrypt:
acme:
email: admin@domain.com
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare
# Used to make sure the dns challenge is propagated to the rights dns servers
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
fileConfig.yml
http:
routers:
test:
entrypoints:
- web
- websecure
rule: 'Host(`test.domain.com`)'
service: test
## SERVICES ##
services:
test:
loadBalancer:
servers:
- url: http://192.168.0.189:9453/
## MIDDLEWARES ##
middlewares:
# Only Allow Local networks
whitelist:
ipWhiteList:
sourceRange:
- 127.0.0.1/32 # localhost
- 192.168.0.0/24 # LAN Subnet
# Security headers
securityHeaders:
headers:
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
server: ""
X-Forwarded-Proto: "https"
sslProxyHeaders:
X-Forwarded-Proto: https
referrerPolicy: "strict-origin-when-cross-origin"
hostsProxyHeaders:
- "X-Forwarded-Host"
customRequestHeaders:
X-Forwarded-Proto: "https"
contentTypeNosniff: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 63072000
stsPreload: true