I'm following Techno Tim (https://www.youtube.com/watch?v=n1vOfdz5Nm8&t=263s) to create Traefik 3 and letsencrypt.
I have Proxmox and create Debian VM. I have T-mobile home internet, so it is CGNAT.
I have dock up and running but it didn't show dashboard at my domain name "traefik-dashboard.example.fyi"
But I can access my dashboard at "http://192.168.12.7:8080/dashboard#/"
Do I need Cloudflare Tunnel? I like to use Traefik.
Thank you
This is my cloudflare DNS records:
Containers:
This is my docker-compose.yaml
#version: "3.8"
services:
traefik:
image: traefik:v3.0
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
- "8080:8080"
# - 443:443/tcp # Uncomment if you want HTTP3
# - 443:443/udp # Uncomment if you want HTTP3
environment:
CF_DNS_API_TOKEN_FILE: /run/secrets/cf_api_token # note using _FILE for docker secrets
# CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN} # if using .env
TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
secrets:
- cf_api_token
env_file: .env # use .env
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
# - ./data/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.example.fyi`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.example.fyi`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=example.fyi"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.example.fyi"
- "traefik.http.routers.traefik-secure.service=api@internal"
secrets:
cf_api_token:
file: ./cf_api_token.txt
networks:
proxy:
external: true
Traefik.yml
api:
dashboard: true
debug: true
insecure: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
# file:
# filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: example@gmail.com
storage: acme.json
# caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
dnsChallenge:
provider: cloudflare
disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
SSL:
{
"cloudflare": {
"Account": {
"Email": "example@gmail.com",
"Registration": {
"body": {
"status": "valid",
"contact": [
"mailto:example@gmail.com"
]
},
"uri": "https://acme-v02.api.letsencrypt.org/acme/acct/2075413497"
},
"PrivateKey": "example",
"KeyType": "4096"
},
"Certificates": [
{
"domain": {
"main": "example.fyi",
"sans": [
"*.example.fyi"
]
},
"certificate": "example",
"key": "example",
"Store": "default"
}
]
}
}
curl -v https://traefik-dashboard.example.fyi
- Could not resolve host: traefik-dashboard.example.fyi
- Closing connection 0
curl: (6) Could not resolve host: traefik-dashboard.example.fyi
docker logs traefik - None
nslookup traefik-dashboard.example.fyi
Server: 192.168.12.1
Address: 192.168.12.1#53
Non-authoritative answer:
Name: traefik-dashboard.example.fyi
Address: 104.21.75.54
Name: traefik-dashboard.example.fyi
Address: 172.67.214.210
Name: traefik-dashboard.example.fyi
Address: 2606:4700:3033::ac43:d6d2
Name: traefik-dashboard.example.fyi
Address: 2606:4700:3034::6815:4b36