Add initial traefik docs
This commit is contained in:
parent
e54693ae8b
commit
a74d1a3f04
|
@ -0,0 +1,96 @@
|
|||
# Web Service Proxy (Traefik)
|
||||
|
||||
A simple, efficient web server that can handle SSL/TLS setup via Let's Encrypt for all of your services. Traefik uses labels on containers for configuration needs and helps with more dynamic setup of services.
|
||||
|
||||
## Inspiration / Sources
|
||||
|
||||
- [https://docs.traefik.io/](https://docs.traefik.io/)
|
||||
- [https://github.com/containous/traefik](https://github.com/containous/traefik)
|
||||
|
||||
## Docker (AND OTHER!) Integration(s)
|
||||
|
||||
Traefik supports docker "out of the box" as well as a number of other similar setups (Docker swarm, k8s). This should help with remixes for users with clusters of small arm boards.
|
||||
|
||||
## Adjust firewall to allow web services on internal network(s)
|
||||
|
||||
``` bash
|
||||
|
||||
firewall-cmd --permanent --zone=internal --add-service http --add-service https
|
||||
firewall-cmd --permanent --zone=trusted --add-service http --add-service https
|
||||
firewall-cmd --reload
|
||||
|
||||
```
|
||||
|
||||
## Adjust firewall to allow web services on external network(s)
|
||||
|
||||
You can skip this if you won't be using web services from the internet.
|
||||
|
||||
``` bash
|
||||
|
||||
firewall-cmd --permanent --zone=public --add-service http --add-service https
|
||||
firewall-cmd --reload
|
||||
|
||||
```
|
||||
|
||||
## Install / Update / Run Script
|
||||
|
||||
Setup a generic script that'll auto update Traefik and launch it. You should only run this script at first launch and/or when you're looking for updates.
|
||||
|
||||
``` bash
|
||||
|
||||
mkdir -p /var/traefik/acme
|
||||
touch /var/traefik/acme/acme.json
|
||||
chmod 600 /var/traefik/acme/acme.json
|
||||
|
||||
cat > /root/traefik.sh << EOF
|
||||
#!/bin/bash
|
||||
|
||||
ARCH=\`arch\`
|
||||
if [ \$ARCH == "aarch64" ]
|
||||
then
|
||||
ARCH="arm64v8"
|
||||
else
|
||||
ARCH="arm32v7"
|
||||
fi
|
||||
|
||||
docker pull registry.lollipopcloud.solutions/\$ARCH/traefik:latest
|
||||
|
||||
docker stop traefik
|
||||
docker rm traefik
|
||||
|
||||
##########
|
||||
change -e ACME_DNS_PROVIDER to match one from https://docs.traefik.io/configuration/acme/#provider if using DNS ACME challenges
|
||||
add -e options for each variable for your chosen dns provider
|
||||
don’t include CF_API vars in portainer template
|
||||
need to create /var/traefik/acme/acme.json with 600 perms ahead of container run
|
||||
change --logLevel=DEBUG via -e? if so: set to ERROR by default
|
||||
label docs for templates: https://docs.traefik.io/configuration/backends/docker/#labels-overriding-default-behavior
|
||||
##########
|
||||
|
||||
docker run -it \\
|
||||
-e TZ=UTC \\
|
||||
-e DEBUG=1 \\
|
||||
-e ACME_EMAIL="user@domain.tld" \\
|
||||
-e ACME_DNS_PROVIDER="--acme.dnschallenge.provider=cloudflare" \\
|
||||
-e CF_API_EMAIL="user@domain.tld" \\
|
||||
-e CF_API_KEY=big_string \\
|
||||
-v /var/traefik:/etc/traefik \\
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \\
|
||||
registry.lollipopcloud.solutions/\$ARCH/traefik:latest \\
|
||||
--api --docker --logLevel=DEBUG --defaultentrypoints=http,https --entrypoints="Name:http address::80 Redirect.EntryPoint:https" --entrypoints="Name:https address::443 TLS" --acme=true --acme.acmelogging=true --acme.storage=/etc/traefik/acme/acme.json --acme.tlsconfig=true --acme.entrypoint=https --acme.httpchallenge.entrypoint=http --acme.email=$ACME_EMAIL --acme.onhostrule=true --acme.httpchallenge=true $ACME_DNS_PROVIDER
|
||||
|
||||
EOF
|
||||
|
||||
chmod a+x /root/traefik.sh
|
||||
|
||||
```
|
||||
|
||||
## Run Traefik
|
||||
|
||||
Simply execute ```/root/traefik.sh``` to update/run.
|
||||
|
||||
## Configuration (Optional)
|
||||
|
||||
See [https://docs.traefik.io/](https://docs.traefik.io/) for additional details. You shouldn't need any additional configuration. Most of traefik is configured via the command line using the above approach.
|
||||
|
||||
Traefik is *very* powerful and flexible though. If you're looking for more advanced options the documentation is a great start. Be warned: it's very technical and dense.
|
Reference in New Issue