From e92f2226fda5177ecb5a3fe0d62a0fd33e2006ad Mon Sep 17 00:00:00 2001 From: scott Date: Fri, 18 Aug 2023 15:08:04 +0000 Subject: [PATCH] Add Traefik Global configuration --- Traefik-Global-configuration.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 Traefik-Global-configuration.md diff --git a/Traefik-Global-configuration.md b/Traefik-Global-configuration.md new file mode 100644 index 0000000..be56555 --- /dev/null +++ b/Traefik-Global-configuration.md @@ -0,0 +1,22 @@ +Traefik is a reverse proxy software which sits in front of all running services on a server. It: + + - [listens on port 80](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L2-L4), and [redirects any requests to https on port 443](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/docker-compose.yml#L26-L30) + - [listens on port 443](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L5-L6) and either forwards that request to a configured service, or responds with a 404 if no matching service is configured + - [watches a static configuration file](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L30-L31) for routing rules. + - [watches the docker service](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L26-L29) for routing rules configured through labels on containers. This allows us to keep the configuration for a service with the service, rather than tying it to a particular server's global configuration. + - [Automatically acquires certificates](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L11-L23) for the configured services, either through HTTP or DNS (TXT record) validation. + +To deploy services on a new server, see the instructions in the README for the [traefik config repository](https://git.tams.tech/TWS/traefik-config) + +To add a service to a server which uses Traefik as a reverse proxy, add labels to the container like + +```yaml +services: + some service: + ... + labels: + traefik.http.routers.{SERVICE_NAME}.rule: Host(`example.com`) || Host(`example.net`) && !PathPrefix(`/service/prefix`) + traefik.http.routers.{SERVICE_NAME}.tls: true + traefik.http.routers.{SERVICE_NAME}.tls.certresolver: letsencrypt +``` +Of course, don't forget to point the configured host's DNS records at the server you're working with! \ No newline at end of file