Hi guys, i'm trying to figure out why my setup isn't working and I think I am in a little over my head. Some help would be appreciated!
So, I have my own domain name hosted with Cloudflare. I decided to use my domain name to get myself certificates on my internal network, so I can access all of my services via https. My cert provider is Cloudflare. I get that this is probably unnecessary, but hey.
So where this becomes an issue is when I try to expose my services to the internet. The problem appears to be TLS. If i enable TLS for my internal network e.g. (plex.local.mydomain.com) everything works just fine. But, if I want to access a service like plex externally from plex.mydomain.com, I get a '404 File not found' error. However, if I disable TLS, the external link works.
I'm guessing this has something to do with my certificate conflicting with Cloudflare's end? Here is what my config looks like for Traefik:
- "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=web" - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.local.mydomain.net`)" - "traefik.http.middlewares.traefik-auth.basicauth.usersFile=.htpasswd" - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - "traefik.http.routers.traefik-secure.entrypoints=websecure" - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.mydomain.net`)" - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare" - "traefik.http.routers.traefik-secure.tls.domains[0].main=local.mydomain.net" - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.mydomain.net" - "traefik.http.routers.traefik-secure.service=api@internal"
Now my Plex config:
# internal routing - traefik.http.routers.plex-internal-secure.entrypoints=websecure - traefik.http.routers.plex-internal-secure.rule=Host("plex.local.mydomain.net") - traefik.http.routers.plex-internal-secure.tls=true - traefik.http.routers.plex-internal-secure.service=plex-internal - traefik.http.services.plex-internal.loadbalancer.server.port=32400 # external routing - traefik.http.routers.plex-external-secure.rule=Host("plex.mydomain.net") - traefik.http.routers.plex-external-secure.entrypoints=websecure
This configuration works to give me HTTPS internally and externally, but i guess it's not ideal? I have had to create two different rules though (plex-internal and plex-external). Enabling TLS for plex-external will result in a 404.
Combining Host('plex.local.mydomain.net','plex.mydomain.net') results in a 404 for the external rule - again i'm guessing because of TLS.
I would love someone to teach me how to fix this and give me some pointers on how to better secure my setup. Thanks guys!