Add Traefik Global configuration

scott 2023-08-18 15:08:04 +00:00
parent 2ef4a020c6
commit e92f2226fd

@ -0,0 +1,22 @@
Traefik is a reverse proxy software which sits in front of all running services on a server. It:
- [listens on port 80](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L2-L4), and [redirects any requests to https on port 443](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/docker-compose.yml#L26-L30)
- [listens on port 443](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L5-L6) and either forwards that request to a configured service, or responds with a 404 if no matching service is configured
- [watches a static configuration file](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L30-L31) for routing rules.
- [watches the docker service](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L26-L29) for routing rules configured through labels on containers. This allows us to keep the configuration for a service with the service, rather than tying it to a particular server's global configuration.
- [Automatically acquires certificates](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L11-L23) for the configured services, either through HTTP or DNS (TXT record) validation.
To deploy services on a new server, see the instructions in the README for the [traefik config repository](https://git.tams.tech/TWS/traefik-config)
To add a service to a server which uses Traefik as a reverse proxy, add labels to the container like
```yaml
services:
some service:
...
labels:
traefik.http.routers.{SERVICE_NAME}.rule: Host(`example.com`) || Host(`example.net`) && !PathPrefix(`/service/prefix`)
traefik.http.routers.{SERVICE_NAME}.tls: true
traefik.http.routers.{SERVICE_NAME}.tls.certresolver: letsencrypt
```
Of course, don't forget to point the configured host's DNS records at the server you're working with!