kovagoadi.hu/traefik
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Trying out this config #11

Merged
kovagoadi merged 26 commits from add-acme into main 2025-11-27 23:58:44 +01:00
Conversation 0 Commits 26 Files Changed 5 +60 -34
2 changed files with 60 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 2f5050bc67 - Show all commits

21
asd.yaml Normal file
View File

@@ -0,0 +1,21 @@
# ./traefik/dynamic_conf.yml
tcp:
routers:
# Router for HTTPS (Passthrough)
nginx-secure-router:
rule: "HostSNI(`*`)"
service: nginx-secure-service
# Passthrough must be true for SSL to reach Nginx encrypted
tls:
passthrough: true
entryPoints:
- "https"
services:
# Service defining the external IP
nginx-secure-service:
loadBalancer:
servers:
# This is the actual external IP and Port of your Nginx
- address: "192.168.1.85:443"

71
docker-compose.yaml
View File

@@ -19,6 +19,8 @@ services:
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.letsencrypt.acme.email=kovagoadi@gmail.com - --certificatesresolvers.letsencrypt.acme.email=kovagoadi@gmail.com
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
- "--providers.file.filename=/etc/traefik/dynamic_conf.yml"
- "--providers.file.watch=true"
ports: ports:
- "${PORT}:80" - "${PORT}:80"
- "4443:443" - "4443:443"
@@ -26,6 +28,7 @@ services:
volumes: volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro" - "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./data/letsencrypt:/letsencrypt" - "./data/letsencrypt:/letsencrypt"
- ./asd.yaml:/etc/traefik/dynamic_conf.yml
whoami: whoami:
image: "traefik/whoami@sha256:200689790a0a0ea48ca45992e0450bc26ccab5307375b41c84dfc4f2475937ab" image: "traefik/whoami@sha256:200689790a0a0ea48ca45992e0450bc26ccab5307375b41c84dfc4f2475937ab"
@@ -41,49 +44,51 @@ services:
- traefik.http.routers.https.entrypoints=https - traefik.http.routers.https.entrypoints=https
- traefik.http.routers.https.tls=true - traefik.http.routers.https.tls=true
- traefik.http.routers.https.tls.certresolver=letsencrypt - traefik.http.routers.https.tls.certresolver=letsencrypt
catchall-shim: # catchall-shim:
image: traefik/whoami # image: traefik/whoami
labels: # networks:
- "traefik.enable=true" # - proxy
# labels:
# - "traefik.enable=true"
# ------------------------------------------------------- # # -------------------------------------------------------
# 1. HTTPS Handling (TCP Passthrough) -> Port 443 # # 1. HTTPS Handling (TCP Passthrough) -> Port 443
# ------------------------------------------------------- # # -------------------------------------------------------
# Use a TCP Router for Port 443 # # Use a TCP Router for Port 443
- "traefik.tcp.routers.catchall-https.entrypoints=https" # - "traefik.tcp.routers.https.entrypoints=https"
# Match Any Domain (Wildcard SNI) # # Match Any Domain (Wildcard SNI)
- "traefik.tcp.routers.catchall-https.rule=HostSNI(`*`)" # - "traefik.tcp.routers.https.rule=HostSNI(`*`)"
# CRITICAL: Passthrough = true # # CRITICAL: Passthrough = true
# Traefik will NOT decrypt. It passes the encrypted stream to Nginx. # # Traefik will NOT decrypt. It passes the encrypted stream to Nginx.
- "traefik.tcp.routers.catchall-https.tls.passthrough=true" # - "traefik.tcp.routers.https.tls.passthrough=true"
# Low priority so other specific routes in Traefik override this # # Low priority so other specific routes in Traefik override this
# - "traefik.tcp.routers.catchall-https.priority=1" # - "traefik.tcp.routers.catchall-https.priority=1"
# Point to the Nginx service # # Point to the Nginx service
- "traefik.tcp.routers.catchall-https.service=nginx-backend-secure" # - "traefik.tcp.routers.https.service=nginx-backend-secure"
# Define the destination IP for HTTPS (Note: 'server.address', not 'url') # # Define the destination IP for HTTPS (Note: 'server.address', not 'url')
# Replace 192.168.1.100 with your Nginx IP # # Replace 192.168.1.100 with your Nginx IP
- "traefik.tcp.services.nginx-backend-secure.loadbalancer.server.address=192.168.1.85:443" # - "traefik.tcp.services.nginx-backend-secure.loadbalancer.server.address=192.168.1.85"
- "env=${ENV}" # - "traefik.tcp.services.nginx-backend-secure.loadbalancer.server.port=443"
# - "env=${ENV}"
# # -------------------------------------------------------
# # 2. HTTP Handling (Standard Proxy) -> Port 80
# # -------------------------------------------------------
# # Since HTTP is unencrypted, we can use a standard HTTP router.
# # This forwards the request to Nginx port 80 (for Certbot challenges/redirects).
# ------------------------------------------------------- # # - "traefik.http.routers.catchall-http.entrypoints=web"
# 2. HTTP Handling (Standard Proxy) -> Port 80 # # - "traefik.http.routers.catchall-http.rule=PathPrefix(`/`)"
# ------------------------------------------------------- # # # - "traefik.http.routers.catchall-http.priority=1"
# Since HTTP is unencrypted, we can use a standard HTTP router. # # - "traefik.http.routers.catchall-http.service=nginx-backend-plain"
# This forwards the request to Nginx port 80 (for Certbot challenges/redirects).
- "traefik.http.routers.catchall-http.entrypoints=web" # # # Define the destination IP for HTTP
- "traefik.http.routers.catchall-http.rule=PathPrefix(`/`)" # # - "traefik.http.services.nginx-backend-plain.loadbalancer.server.url=http://192.168.1.85:80"
# - "traefik.http.routers.catchall-http.priority=1"
- "traefik.http.routers.catchall-http.service=nginx-backend-plain"
# Define the destination IP for HTTP
- "traefik.http.services.nginx-backend-plain.loadbalancer.server.url=http://192.168.1.85:80"
networks: networks:
proxy: proxy: