How to configure a docker container on lan (app.l.mydomain.ovh) and web (app.mydomain.ovh)?

Traefik Traefik v2
1

Hello,

I have some containers in docker,

I user them in the LAN like this :

In adguard i create a redirect to docker server :
hsca.l.mydomain.ovh -> 192.168.50.118
da.l.mydomain.ovh -> 192.168.50.118

Then in config.yaml :

http:
 #REGION :  routers 
  routers:

    # dashy
    da:
      entryPoints:
        - "https"
      rule: "Host(`da.l.mydomain.ovh`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: da

     # headscale admin     
   hsca: 
      entryPoints:
        - "https"
      rule: "Host(`hsca.l.mydomain.ovh`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}

#endREGION : routers

#REGION :  services
  services:

   # dashy
    da:
      loadBalancer:
        servers:
          - url: "http://192.168.50.118:12346/"
        passHostHeader: true
   
    # headscale admin
    hsca:
      loadBalancer:
        servers:
          - url: "http://hsca:80"
        passHostHeader: true

#endREGION :  - services

  middlewares:
    https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true

    default-headers:
      headers:
        frameDeny: true
        browserXssFilter: true
        contentTypeNosniff: true
        referrerPolicy: "no-referrer"
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/8"
        - "192.168.50.0/16" # lan
        - "192.168.10.0/16" # web - docker
        - "192.168.60.0/16" # proxy - docker
        - "172.16.0.0/12"

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers

    searxng-headers:
      headers:
        customResponseHeaders:
          X-Robots-Tag: "noindex, noarchive, nofollow"
          Permissions-Policy: "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"

Traefik docker-compose :

version: '3'
services:
  srv_traefik:
    container_name: ${C_TFK}
    image: ${C_TFK_IMG}
    restart: ${C_ALL_RESTART}
    hostname: ${C_TFK_HOST} 
    security_opt:
      - no-new-privileges:true
    ports:
      - 80:80
      - 443:443
    environment:
      - CF_API_EMAIL=${CF_EMAIL}
      - CF_API_KEY=${CF_API_KEY}
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${REP_APPDATA}/${C_TFK}/data/traefik.yml:/traefik.yml:ro
      - ${REP_APPDATA}/${C_TFK}/data/acme.json:/acme.json
      - ${REP_APPDATA}/${C_TFK}/data/config.yml:/config.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`tf.${DOML}`)"
      - "traefik.http.routers.traefik-s.tls.domains[0].main=${DOML}"
      - "traefik.http.routers.traefik-s.tls.domains[0].sans=*.${DOML}"
      #- "traefik.http.routers.traefik-s.tls.domains[1].main=${DOM}"
      #- "traefik.http.routers.traefik-s.tls.domains[1].sans=*.${DOM}"
      - "traefik.http.routers.traefik-s.rule=Host(`tf.${DOML}`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=doge:somesecretkey"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-s.entrypoints=https"
      - "traefik.http.routers.traefik-s.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-s.tls=true"
      - "traefik.http.routers.traefik-s.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-s.service=api@internal"
      - "traefik.http.services.tfk.loadbalancer.server.port=80" # service=tfk
    networks:
      - default
networks:
  default:
    external:
      name: $NET_TFK

.env file :
DOML=l.mydomain.ovh
DOM=mydomain.ovh

My home router redirects 80 and 443 to docker server IP so this would lead to traefik.

A can access this in the LAN :
hsca.l.mydomain.ovh
da.l.mydomain.ovh

But how to access this adresses on the web ? :
hsca.mydomain.ovh
da.mydomain.ovh

Help please,

Best regards :slight_smile:

2

found how to do it :

rule: "Host(app.l.mydomain.ovh) || Host(app.mydomain.ovh)"

use traefik-cloudflare-companion to auto create CNAMES in cloudflare

use conf.yaml in with headscale to have nice dns names with tailscale vpn
dns:
extra_records: #
- { name: "app.l.mydomain.ovh", type: "A", value: "192.168.50.118" }

Also my adguard has this DNS rewrite rule : *.l.mydomain.ovh = 192.168.50.118 (it throws everything local to traefik)

best regards :slight_smile:

3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.