Expose specific URLs to the Public Internet

Is it possible to control which service is exposed externally?
i.e app1.mynetwork.com only accessible within the LAN but app2.mynetwork.com is visible both internally and over the public internet while both being accessible on port 443

I would like to be able to select which app/service/url is exposed to the outside world based on the url that the service is being accessed on.

Hello @tam481

The another entrypoint has to be created in the static configuration e.g. web-int.


Then a new Kubernetes service has to be created that is reachable within your local LAN network. That service requires to have IP address belonging to your local network. You can use the example service as a reference.

apiVersion: v1
kind: Service
  name: traefik-int
  namespace: traefik
    app.kubernetes.io/instance: traefik
    app.kubernetes.io/name: traefik
    metallb.universe.tf/address-pool: private-ips 
    app.kubernetes.io/instance: traefik
    app.kubernetes.io/name: traefik
  type: LoadBalancer
    - port: 80
      name: web-int
      targetPort: web-int

In the Traefik deployment in a section ports the following lines should be added:

            - name: web-int
              containerPort: 8080
              protocol: TCP

Ingress or Ingressroute should refer to the newly created entrypoint.

I hope that helps.

Thank you @jakubhajek
I don't use Kubernetes. Just simple docker-compose files for services. Are you suggesting that I create a new Traefik instance or just a new entry point say on port 8443 then forward traffic to that entry point. Do I then configure the app to use that entry point. Would that isolate the other services given that they're not using that entry point?

Hey @tam481

I suggest to add a new entrypoint and use that entrypoint as labe, here is the example configuration:

- "traefik.http.routers.router0.entrypoints=foobar, foobar"

That label is required to configure routing correctly, see the routers section in Docker provider.