Hey all. I'm pretty new to Traefik and I'm a little confused on the setup here.
I have an Unraid server running Traefik in Docker with IBRACORP's image.
So far, I have successfully setup a Home Assistant VM through Traefik and it is working beautifully.
I have been running a wordpress site through NGINX (LEMP) in an ubuntu VM for several years with no issues and now it would be cool to route it all through Traefik. The part I am struggling with now is how to get Traefik to provide the SSL cert for my LEMP stack instead of nginx doing it. In my nginx config for sites-available, i turned off the listen block for 443 since i dont want to specify a cert here. I also went into the wordpress config and defined the url as "http://...". Now when I navigate to my site, I get a cert but I also get an error for serving mixed content.
Kinda at the end of my rope on this one. Not sure what ive missed or what I can change. Considering just doing a self signed cert on nginx and setting up 443 listen block again and seeing if Traefix will take over and provide the correct domain cert?
Thanks in advanced!
traefik.yml
global:
checkNewVersion: true
sendAnonymousUsage: false
serversTransport:
insecureSkipVerify: true
entryPoints:
http:
address: ":80"
forwardedHeaders:
trustedIPs: &trustedIps
# Start of Clouflare public IP list for HTTP requests, remove this if you don't use it
- 103.21.244.0/22
- 103.22.200.0/22
- 103.31.4.0/22
- 104.16.0.0/13
- 104.24.0.0/14
- 108.162.192.0/18
- 131.0.72.0/22
- 141.101.64.0/18
- 162.158.0.0/15
- 172.64.0.0/13
- 173.245.48.0/20
- 188.114.96.0/20
- 190.93.240.0/20
- 197.234.240.0/22
- 198.41.128.0/17
- 2400:cb00::/32
- 2606:4700::/32
- 2803:f800::/32
- 2405:b500::/32
- 2405:8100::/32
- 2a06:98c0::/29
- 2c0f:f248::/32
# End of Cloudlare public IP list
- 192.168.0.0/24
- 10.0.10.0/24
- 172.16.0.0/24
# http:
# redirections:
# entryPoint:
# to: https
# scheme: https
https:
address: ":443"
forwardedHeaders:
trustedIPs: *trustedIps
# http:
# tls:
# certResolver: letsencrypt
# middlewares:
# - securityHeaders@file
providers:
providersThrottleDuration: 2s
# File provider for connecting things that are outside of docker / defining middleware
file:
filename: /etc/traefik/fileConfig.yml
watch: true
# Docker provider for connecting all apps that are inside of the docker network
docker:
watch: true
network: br0.172 # Add Your Docker Network Name Here
# Default host rule to containername.domain.example
defaultRule: "Host(`{{ lower (trimPrefix `/` .Name )}}.redacted`)" # Replace with your domain
swarmModeRefreshSeconds: 15s
exposedByDefault: false
endpoint: "tcp://dockersocket:2375"
# Enable traefik ui
api:
dashboard: true
insecure: true
# Log level INFO|DEBUG|ERROR
log:
level: INFO
# Use letsencrypt to generate ssl serficiates
certificatesResolvers:
letsencrypt:
acme:
email: admin@redacted
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare
# Used to make sure the dns challenge is propagated to the rights dns servers
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
dynamic.yml
http:
routers:
redacted:
entryPoints:
- https
rule: 'Host(`redacted`)'
tls:
certResolver: letsencrypt
domains:
- main: redacted
sans:
- '*.redacted'
service: nginx
middlewares:
- https-redirect
- securityHeaders
services:
nginx:
loadBalancer:
servers:
- url: http://192.168.0.26:80
middlewares:
https-redirect:
redirectScheme:
scheme: https
securityHeaders:
headers:
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
X-Forwarded-Proto: "https"
server: ""
customRequestHeaders:
X-Forwarded-Proto: "https"
sslProxyHeaders:
X-Forwarded-Proto: "https"
referrerPolicy: "same-origin"
hostsProxyHeaders:
- "X-Forwarded-Host"
contentTypeNosniff: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 63072000
stsPreload: true