Hi!
I have a feeling that my setup is rather similar to this topic here. However, I just don't seem to get it to work properly and I'm not too sure on whether I understand it all correctly. So, help is definitely appreciated.
Let's get into it:
Suppose I have a traefik instance living in the cloud managing a couple of services I'm hosting in the cloud. This works.
I also have a traefik instance locally running for all my local services. Most of them aren't particularly needed externally. However, some of them have URLs where you can share stuff.
Both instances are also connected via VPN and can talk to one another.
Now, I want those share links to be publically available. Since I do not have a static IP address at home, my idea was to route "share-able" traffic through the cloud instance.
I have already pointed my URL towards my cloud server using cloudflare.
Now, how would I handle requests coming to /share/* to have them routed to my internal service?
I'll add a picture here, too.
Again, maybe the solution is already in front of my eyes with the other post but I just don't seem to get it to work and don't quite understand it as I'm rather new to traefik. I tried reading everything in the documentation but it just doesn't click in my head.
Most likely a layer 8 problem and I take full accountability of it.
With loadbalancer.servers.url you can define any target service for a Traefik router (with domain or IP), it needs to happen in a dynamic config file. Check simple Traefik external example (no need for the middleware).
But you still need to be able to target you home Server with changing IP. Either use a DynDNS server to make your home IP available on Internet or (probably better) create a VPN.
You could run WireGuard, use something like wg-easy on cloud server. Make sure to set PersistentKeepalive in config on client (home), so it keeps the connection open, even when the home IP changes.
Hi!
Thanks for your reply!
I'll share a bit more of my code and setup.
So, here's my traefik cloud compose:
compose.yml
services:
traefik:
image: traefik:v3.0
container_name: traefik_test
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data/traefik.yml:/traefik.yml
- ./data:/data
- ./data/config.yml:/config.yml:ro
labels:
- traefik.enable=true
- traefik.http.routers.traefik.rule=Host(`monitor.<redacted>.com`)
- traefik.http.routers.traefik.entrypoints=http
- traefik.http.routers.traefik.service=api@internal
networks:
- proxy
networks:
proxy:
external: true
Furthermore, I have created those two files in the /data path of that container:
traefik.yml
entrypoints:
http:
address: ":80"
http:
redirections:
entrypoint:
to: https
scheme: https
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
watch: true
file:
filename: "./config.yml"
watch: true
api:
dashboard: true
insecure: true
certificatesResolvers:
myresolver:
acme:
email: email@provider.com
storage: /data/acme.json
httpChallenge:
entryPoint: http
config.yml
http:
routers:
forward:
rule: Host(`service.<redacted>.com`) #&& PathPrefix(`/share/`)
service: forward
services:
forward:
loadBalancer:
servers:
- url: https://google.com
Folder Structure for clarity
├── data
│ ├── acme.json
│ ├── config.yml
│ └── traefik.yml
└── docker-compose.yml
Now, for arguments sake I just wanted to get it to redirect anywhere whenever I call ..com that's why I chose google here. Now, if I try reaching that url with my phone on cellular (not using my home DNS and stuff), I get a 404. It doesn't make a difference whether that prefix is enabled or not and whether I'm using the URL with prefix and without.
I'm currently unsure whether this is actually a Cloudflare problem as I use CF for my external DNS. I restarted traefik multiple times as well since I wanted to make sure that it wasn't a weird behaviour coming from traefik/docker or something.
Yes, both servers are connected via VPN. I'll update the picture I provided earlier to make it clearer. Thank you!
