kovagoadi.hu/traefik
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Small cleanup
All checks were successful
Remote Deployment Pipeline / Prepare deployment vars (pull_request) Successful in 2s
Details
Remote Deployment Pipeline / Create remote directory (pull_request) Successful in 6s
Details
Remote Deployment Pipeline / Cleanup MR environment (pull_request) Has been skipped
Details
Remote Deployment Pipeline / Sync repository files (pull_request) Successful in 16s
Details
Remote Deployment Pipeline / Run docker-compose remotely (Dev) (pull_request) Successful in 8s
Details
Remote Deployment Pipeline / Run docker-compose remotely (Staging) (pull_request) Has been skipped
Details
Remote Deployment Pipeline / Run docker-compose remotely (Prod) (pull_request) Has been skipped
Details

Browse Source
This commit is contained in:
kovagoadi
2025-11-27 13:02:20 +01:00
parent 2f5050bc67
commit fff6ac43e4
2 changed files with 27 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
dev/forward-to-legacy-nginx.yaml Normal file
View File

@@ -0,0 +1,21 @@
# ./traefik/dynamic_conf.yml
tcp:
routers:
# Router for HTTPS (Passthrough)
nginx-secure-router:
rule: "HostSNI(`*`)"
service: nginx-secure-service
# Passthrough must be true for SSL to reach Nginx encrypted
tls:
passthrough: true
entryPoints:
- "https"
services:
# Service defining the external IP
nginx-secure-service:
loadBalancer:
servers:
# This is the actual external IP and Port of your Nginx
- address: "192.168.1.85:443"

60
docker-compose.yaml
View File

@@ -1,25 +1,23 @@
services:
traefik:
image: "traefik:v3.6@sha256:aaf0f6185419a50c74651448c1a5bf4606bd2d2ddb7b8749eed505d55bf8b8ea"
# container_name: "traefik"
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
command:
- --log.level=DEBUG
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=proxy"
- "--providers.docker.constraints=Label(`env`, `${ENV}`)"
- "--entryPoints.web.address=:80"
- "--entryPoints.https.address=:443"
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.letsencrypt.acme.email=kovagoadi@gmail.com
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
- "--providers.file.filename=/etc/traefik/dynamic_conf.yml"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencrypt.acme.email=kovagoadi@gmail.com"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
- "--providers.file.filename=/etc/traefik/forward-to-legacy-nginx.yaml"
- "--providers.file.watch=true"
ports:
- "${PORT}:80"
@@ -28,7 +26,7 @@ services:
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./data/letsencrypt:/letsencrypt"
- ./asd.yaml:/etc/traefik/dynamic_conf.yml
- "./${ENV}/forward-to-legacy-nginx.yaml:/etc/traefik/forward-to-legacy-nginx.yaml"
whoami:
image: "traefik/whoami@sha256:200689790a0a0ea48ca45992e0450bc26ccab5307375b41c84dfc4f2475937ab"
@@ -44,51 +42,5 @@ services:
- traefik.http.routers.https.entrypoints=https
- traefik.http.routers.https.tls=true
- traefik.http.routers.https.tls.certresolver=letsencrypt
# catchall-shim:
# image: traefik/whoami
# networks:
# - proxy
# labels:
# - "traefik.enable=true"
# # -------------------------------------------------------
# # 1. HTTPS Handling (TCP Passthrough) -> Port 443
# # -------------------------------------------------------
# # Use a TCP Router for Port 443
# - "traefik.tcp.routers.https.entrypoints=https"
# # Match Any Domain (Wildcard SNI)
# - "traefik.tcp.routers.https.rule=HostSNI(`*`)"
# # CRITICAL: Passthrough = true
# # Traefik will NOT decrypt. It passes the encrypted stream to Nginx.
# - "traefik.tcp.routers.https.tls.passthrough=true"
# # Low priority so other specific routes in Traefik override this
# - "traefik.tcp.routers.catchall-https.priority=1"
# # Point to the Nginx service
# - "traefik.tcp.routers.https.service=nginx-backend-secure"
# # Define the destination IP for HTTPS (Note: 'server.address', not 'url')
# # Replace 192.168.1.100 with your Nginx IP
# - "traefik.tcp.services.nginx-backend-secure.loadbalancer.server.address=192.168.1.85"
# - "traefik.tcp.services.nginx-backend-secure.loadbalancer.server.port=443"
# - "env=${ENV}"
# # -------------------------------------------------------
# # 2. HTTP Handling (Standard Proxy) -> Port 80
# # -------------------------------------------------------
# # Since HTTP is unencrypted, we can use a standard HTTP router.
# # This forwards the request to Nginx port 80 (for Certbot challenges/redirects).
# # - "traefik.http.routers.catchall-http.entrypoints=web"
# # - "traefik.http.routers.catchall-http.rule=PathPrefix(`/`)"
# # # - "traefik.http.routers.catchall-http.priority=1"
# # - "traefik.http.routers.catchall-http.service=nginx-backend-plain"
# # # Define the destination IP for HTTP
# # - "traefik.http.services.nginx-backend-plain.loadbalancer.server.url=http://192.168.1.85:80"
networks:
proxy: