Strugling with several settings

Traefik Traefik v2
, ,
1

okay, so first of all , great job with version 2 . It has given me plenty of headache's and i've completed several bottles of wine while reading the docs & tutorials.

Below is a functional working example with :

  • Traefik
  • Home Assistant
  • Lets Encrypt
  • Cloudflare

however I've still got some things I can't figure out. And the code below could probably be optimized

  1. top level domain throws an 302 , and crashes eventually, infinite redirects, I'd like to host a blog there... but it only works with www prefix .. see last code snippet
  2. I'm unable to make the HOME ASSISTANT part work with labels.
  3. What does this part do specifically . and can i do the same with labels ?
see snippet at point 4
  1. Can the whole TLS block become a middleware ? so it can be reused for all subdomains ?
      [http.routers.hass.tls]
        certResolver = "mydnschallenge"
        [[http.routers.hass.tls.domains]]
          main = "domain.tld"
          sans = ["*.domain.tld"]

#traefic.toml

# traefik.toml
[global]
  checkNewVersion = true
  sendAnonymousUsage = true

[entryPoints]
  [entryPoints.web]
    address = ":80"
  [entryPoints.web-secure]
    address = ":443"

[api]
  dashboard = true

[ping]

[providers]
  [providers.docker]
    watch = true
    endpoint = "unix:///var/run/docker.sock"
    network = "traefik"
    exposedbydefault = false

  [providers.file]
    filename = "/etc/traefik/dynamic_conf.toml"

[certificatesResolvers]
  [certificatesResolvers.mydnschallenge.acme]
    email = "mymailadress@outlook.com"
    storage = "/etc/traefik/acme/acme.json"
    [certificatesResolvers.mydnschallenge.acme.dnschallenge]
      provider = "cloudflare"

#dynamic_conf.toml

# dynamic_conf.toml
[http]
  [http.routers]
    [http.routers.redirect-to-https]
      entryPoints = ["web"]
      middlewares = ["https-redirect"]
      rule = "HostRegexp(`{host:.+}`)"
      service = "noop"

    [http.routers.hass]
      entrypoints = ["web-secure"]
      rule = "Host(`homeassistant.pompelmo.nl`)" # you probably want to customize this rule
      service = "hass"
      [http.routers.hass.tls]
        certResolver = "mydnschallenge"
        [[http.routers.hass.tls.domains]]
          main = "domain.tld"
          sans = ["*.domain.tld"]

  [http.middlewares]
    [http.middlewares.https-redirect.redirectScheme]
      scheme = "https"

    [http.middlewares.myAuth.basicAuth]
      users = [
		"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
	  ]
	  
	[http.midlewares.certificate]
	  [http.midlewares.certificate.tls]
        certResolver = "mydnschallenge"
        [[http.midlewares.certificate.tls.domains]]
          main = "domain.tld"
          sans = ["*.domain.tld"]


  [http.services]
    [http.services.hass.loadBalancer]
      [[http.services.hass.loadBalancer.servers]]
        url = "http://172.17.0.1:8123" # 172.17.0.1 is the docker0 interface: a way to communicate outside of docker (ie with home assistant on the host network)

    # noop service, the URL will be never called
    [http.services.noop.loadBalancer]
      [[http.services.noop.loadBalancer.servers]]
        url = "http://192.168.2.1"

docker-compose.yml

version: "3.7"

services:
  traefik:
    image: traefik:v2.0.5
    restart: always
    container_name: traefik
    domainname: ${DOMAINNAME}
    ports:
      - 80:80
      - 443:443
    environment:
      - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
      - CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY}    
    networks:
      - traefik_proxy
      - default
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${USERDIR}/docker/traefik:/etc/traefik
      - ${USERDIR}/docker/shared:/shared
    labels:
      - traefik.enable=true
      - traefik.port=8080
      - traefik.docker.network=traefik_proxy
      - traefik.http.routers.api.rule=Host(`traefik.${DOMAINNAME}`)
      - traefik.http.routers.api.entrypoints=web-secure
      - traefik.http.routers.api.service=api
      - traefik.http.services.api.loadbalancer.server.port=8080
      - traefik.http.routers.api.tls.certResolver=mydnschallenge
      - traefik.http.routers.api.middlewares=myAuth
      - traefik.http.middlewares.myAuth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/

# HOME ASSISTANT
  homeassistant:
    container_name: home-assistant
    image: homeassistant/home-assistant
#    devices:
#      - /dev/ttyUSB0:/dev/ttyUSB0
#      - /dev/ttyUSB1:/dev/ttyUSB1
#      - /dev/ttyACM0:/dev/ttyACM0
    volumes:
      - ${USERDIR}/docker/homeassistant/config:/config
      - /etc/localtime:/etc/localtime:ro
      - ${USERDIR}/docker/shared:/shared
    environment:
      - TZ=Europe/Amsterdam
    restart: always
    network_mode: "host"
#    labels:
#      - traefik.enable=true
#      - traefik.port=8080
#      - traefik.docker.network=default
#      - traefik.http.routers.hass.entrypoints=web-secure
#      - traefik.http.routers.hass.rule=Host(`homeassistant.${DOMAINNAME}`)
#      - traefik.http.routers.hass.service=hass
#      - traefik.http.routers.hass.tls.domains=${DOMAINNAME}
#      - traefik.http.routers.hass.tls.certResolver=mydnschallenge
#      - traefik.http.services.hass.loadbalancer.server.port=8123
#      - traefik.http.services.hass.loadBalancer.servers.url="http://172.17.0.1:8123"


networks:
  traefik_proxy:
    external:
      name: traefik_proxy
  default:
    driver: bridge

Blog part

#  blog:
#    image: wordpress:4.9.8-apache
#    environment:
#      - WORDPRESS_DB_PASSWORD:${MYSQL_ROOT_PASSWORD}
#    networks:
#      - traefik_proxy
#      - default
#    depends_on:
#      - mysql
#    labels:
#      - traefik.enable=true
#      - traefik.port=80
#      - traefik.docker.network=traefik_proxy
#      - traefik.http.routers.blog.rule=Host(`${DOMAINNAME}`)
#      - traefik.http.routers.blog.entrypoints=web-secure
#      - traefik.http.routers.blog.service=blog
#      - traefik.http.services.blog.loadbalancer.server.port=80
#      - traefik.http.routers.blog.tls.domains=${DOMAINNAME}
#      - traefik.http.routers.blog.tls.certResolver=mydnschallenge
2
  1. top level domain throws an 302 , and crashes eventually, infinite redirects, I'd like to host a blog there... but it only works with www prefix .. see last code snippet

What is performing redirect? Is is traefik or is it one of your apps? What is redirected from where and to where? What are the steps in redirect loop (if more than one)? Use curl to issue requests and examine responses. Refer to curl manual for command line options to make sure that you can see headers information for request / response.

  1. I'm unable to make the HOME ASSISTANT part work with labels.

I'm sorry to hear that. Assuming, that you stating this not because you want to share, but because you need help with a solution, it would be awesome if you could provide some details.

  1. What does this part do specifically . and can i do the same with labels ?

This part does not make sense. Where did you get it from? The supported configuration options are described at https://docs.traefik.io/ but presumably you already know that. It's hard to redirect you more precisely, but I'll try: For TLS configuration read Traefik Routers Documentation - Traefik, for Middleware configuration read Traefik Proxy Middleware Overview - Traefik .

  1. Can the whole TLS block become a middleware ? so it can be reused for all subdomains ?

No, not at the moment.

3

Issue 1 has been resolved by changing the SSL/TLS encryption mode from flexible to full in cloudflare. I have no idea why, but it was recommended by some issues on gitlab.

Issue 2 , In the code snippet I have an working example, also I have placed the labels that I used/tried in the code snippet. but it does not work. I have no clue how to fix it. The who subdomain does not work at all.

Issue 3 was the wrong snippet. sorry for that. should've been the same as issue 4

Issue 4. To bad, but thanks. now I do not have to keep looking for it.