Hi everyone,
I installed Traefik3 on Docker and was wondering if there was a possibility to install it on ports other than 80 and 443.
Right now I also have NGINX Proxy Manager installed with ports 80 and 443.
I wanted to try Traefik and then decide which one to keep but I wanted to try it on different doors first.
Is it possible?
I specify that NPM and Traefik are installed on 2 different servers with 2 different IPs.
Thanks in advance to anyone who wants to help me!
Obviously configured with CNAME and token etc etc on Cloudflare to be reachable from the internet!
Yes, you can configure Traefik to listen on other ports and even on selected IPs only.
But Traefik LetsEncrypt httpChallenge needs port 80 and tlsChallenge needs port 443. If both are not available, you need to use a bit more complicated dnsChallenge.
Thank you for your reply,
I had already done it by configuring everything properly via cloudflare CNAME etc, it works but only locally, I can't access the Traefik dashboard from the internet.....
Share full Traefik static and dynamic config, and docker-compose.yml if used.
here the docker-compose.yml file:
version: '3.5'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
proxy:
ports:
- 80:80
- 443:443
environment:
- CF_API_EMAIL=your@email.com
- CF_DNS_API_TOKEN=your-api-key
# - CF_API_KEY=YOU_API_KEY
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/ubuntu/docker/traefik/traefik.yml:/traefik.yml:ro
- /home/ubuntu/docker/traefik/acme.json:/acme.json
- /home/ubuntu/docker/traefik/config.yml:/config.yml:ro
- /home/ubuntu/docker/traefik/logs:/var/log/traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(traefik-dashboard.yourdomain.co.uk)" # if you want a internal domain, get the wildcard cert for it and then choos traefik-dashboard.home.yourdomain.co.uk or what you want
- "traefik.http.middlewares.traefik-auth.basicauth.users=YOUR_USERNAME_PASSWORD"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(traefik-dashboard.yourdomain.co.uk)" # if you want a internal domain, get the wildcard cert for it and then choos traefik-dashboard.home.yourdomain.co.uk or what you want
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
#- "traefik.http.routers.traefik-secure.tls.domains[0].main=home.yourdomain.co.uk" # If you want .home.yourdomain.co.uk subdomain or something else, you have to get the certifcates at first.
#- "traefik.http.routers.traefik-secure.tls.domains[0].sans=.home.yourdomain.co.uk" # get a wildcard certificat for your .home.yourdomain.co.uk
- "traefik.http.routers.traefik-secure.tls.domains[0].main=yourdomain.co.uk" #if you use the .home.yourdomain.co.uk entry you have to change the [0] into [1]
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.yourdomain.co.uk" # same here, change 0 to 1
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
proxy:
name: proxy
external: true
and the traefik.yml file:
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: your@email.com #add your email
storage: acme.json
dnsChallenge:
provider: cloudflare
#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
I had tried ports:
82:82
444:444
Use 3 backticks before and after code/config to make it more readable and preserve spacing.
version: '3.5'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
proxy:
ports:
- 80:80
- 443:443
environment:
- CF_API_EMAIL=your@email.com
- CF_DNS_API_TOKEN=your-api-key
# - CF_API_KEY=YOU_API_KEY
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/ubuntu/docker/traefik/traefik.yml:/traefik.yml:ro
- /home/ubuntu/docker/traefik/acme.json:/acme.json
- /home/ubuntu/docker/traefik/config.yml:/config.yml:ro
- /home/ubuntu/docker/traefik/logs:/var/log/traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.yourdomain.co.uk`)" # if you want a internal domain, get the wildcard cert for it and then choos traefik-dashboard.home.yourdomain.co.uk or what you want
- "traefik.http.middlewares.traefik-auth.basicauth.users=YOUR_USERNAME_PASSWORD"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.yourdomain.co.uk`)" # if you want a internal domain, get the wildcard cert for it and then choos traefik-dashboard.home.yourdomain.co.uk or what you want
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
#- "traefik.http.routers.traefik-secure.tls.domains[0].main=home.yourdomain.co.uk" # If you want *.home.yourdomain.co.uk subdomain or something else, you have to get the certifcates at first.
#- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.home.yourdomain.co.uk" # get a wildcard certificat for your .home.yourdomain.co.uk
- "traefik.http.routers.traefik-secure.tls.domains[0].main=yourdomain.co.uk" #if you use the .home.yourdomain.co.uk entry you have to change the [0] into [1]
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.yourdomain.co.uk" # same here, change 0 to 1
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
proxy:
name: proxy
external: true
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: your@email.com #add your email
storage: acme.json
dnsChallenge:
provider: cloudflare
#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
Can it be okay now?
I'm no expert but it should be more readable this way
Looks great. You can easily change external Traefik ports in compose:
services:
traefik:
…
ports:
- 8080:80
- 8443:443
You could also specify the host IP to use:
services:
traefik:
…
ports:
- 1.2.3.4:80:80
- 1.2.3.4:443:443
It also depends on your Cloudflare set up, if you use just the DNS, or the proxy functionality, where you need to set up the right target IP and port.
I tried but nothing changed.
It seems that as long as NGINX Proxy Manager is active, nothing else works.
I then tried to "cascade" Traefik under NGINX and then Traefik works.
I then tried to install Portainer on the same server as Traefik and obviously on the same network and Traefik sees it regularly but so Portainer is not reachable from the internet.
There appears to be no way for NGINX and Traefik to coexist.
If I disable NGINX and leave Traefik with its regular configuration I can see both Traefik and Portainer from the internet, so alone it's fine.