My setup:
I want to access my home server from the www using traefik. As my ISP does not offer a fixed IPv6 and to avoid other problems with port forwarding or similar I wanted to use a reverse ssh tunnel to my VPS which has a fixed IP.
For the reverse ssh tunnel i used the following docu:How To Run A Server At Home Without An IPv4 Address – WirelessMoves
Accessing the local server using : works fine.(for a specific service port but without traefik)
The ports (homeserver -> VPS) 80 -> 2280 and 443 -> 22443
Overview:
homeserver + traefik1 <-- (443 and 80) ssh tunnel (22443 and 2280) <-- VPS and traefik2 <-- www traffic
Now I want to use *.homeserver.my-domain.com to access services. On both servers (home and VPS) I want to use traefik on port 80 nad 443. Sadly I am not able to get that working.
Using my current setup (see configs below) I am able to access the homeserver traefik at http://localhost:8080/dashboard/
After opening an ssh tunnel for the port 8080 -> 28080 http://:28080/dashboard/ sadly does not work.
Also the traefik on my homserver seems not to be able to get an letsencrypt certificate. Overall I cant access traefik.homeserver.my-domain.domain.com. I tried all combinatons I could think of (examples: no certresolver on VPS side, uning tcp instead of http) nothing worked.
Any hints how to configure the two traefik for such a set-up
homeserver + traefik1 <-- (443 and 80) ssh tunnel (22443 and 2280) <-- VPS and traefik2 <-- www traffic
# VPS config
---
http:
routers:
homeserver-acme:
entrypoints:
- web
rule: HostRegexp(`.*\.homeserver\.my-domain.com`) && PathPrefix(`/.well-known/acme-challenge/`)
service: homeserver
homeserver:
entrypoints:
- web
rule: HostRegexp(`.*\.homeserver\.my-domain.com`)
service: homeserver
homeserver-secure:
entrypoints:
- websecure
rule: HostRegexp(`.*\.homeserver\.my-domain.com`)
tls:
certresolver: letsencrypt # also not working without tls configured
service: homeserver-secure
services:
homeserver:
loadBalancer:
servers:
- url: "localhost:2280"
homeserver-secure:
loadBalancer:
servers:
- url: "localhost:22443"
# homeserver listens on 80 and 443
version: "3.3"
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml:ro
- ./data/acme.json:/acme/acme.json
- ./configs/:/configs
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=web"
- "traefik.http.routers.traefik.rule=Host(`traefik.homeserver.my-domain.com`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.traefik.middlewares=https-redirect@file"
- "traefik.http.routers.traefik-secure.entrypoints=websecure"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.homeserver.my-domain.com) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik-secure.service=api@internal"
- "traefik.http.routers.traefik-secure.middlewares=secHeaders@file,traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=aaaaa:$$xxxxxxxxxxxxxxxxxx."
networks:
proxy:
external: true