Comment

Comment on Traefik and external services

No worries for the question. It’s not terribly intuitive.

The configs live on the Traefik server. In my static traefik.yml config I have the following providers section, which adds the file provider in addition to the docker provider which you likely already have:

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    directory: /config
    watch: true

And in the /config folder mapped into the Traefik container I have several files for services external to docker. You can combine them or keep them separate since the watch: true setting tells it to read in all files (and it’s near instant when you create them, no need to restart Traefik).

Here is my homeassistant.yml in that folder (I have a separate VM running HASS outside of Docker/Traefik):

http:
  routers:
    homeassistant-rtr:
      entryPoints:
      - https
      service: homeassistant-svc
      rule: "Host(`home.example.com`)"
      tls:
        certResolver: examplecom-dns

  services:
    homeassistant-svc:
      loadBalancer:
        servers:
          - url: "http://hass1.internal.local:8123"

Hope this helps!

source

Sort:hotnew top

Hellmo_Luciferrari@lemm.ee ⁨4⁩ ⁨months⁩ ago
so in my traefik.yml file I have cloudflare set as my certresolver as follows:

certificatesResolvers: cloudflare: acme: email: email@example.com storage: acme.json caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default) # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging dnsChallenge: provider: cloudflare #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all aut> #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted resolvers: - "1.1.1.1:53" - "1.0.0.1:53"

And I had to get the secret mounted via the docker-compose file.

So where you have:

tls:

certResolver: examplecom-dns

Do I have to redefine all of the same information I did in my Traefik yml but in this separate config.yml?

(I did set it up in my traefik.yml and docker-compose.yml to mount and use this config, which I had commented out for later use.

Thank you so much for the help!
source
- IHawkMike@lemmy.world ⁨4⁩ ⁨months⁩ ago
  I think you’re close.
  
  You need to change service: pihole-rtr to service: pihole-svc.
  
  Do I have to redefine all of the same information I did in my Traefik yml but in this separate config.yml?
  
  No, you just need to reference it like you have. Define once, reference many.
  
  source
  - Hellmo_Luciferrari@lemm.ee ⁨4⁩ ⁨months⁩ ago
    I hate to report back, but something isn’t quite working for pihole behind Traefik.
    
    running “docker logs traefik” returns no error, and yet no certificate was presented to my pihole.
    
    Not sure what else I might be missing or that I might have wrong.
    
    source
    IHawkMike@lemmy.world ⁨4⁩ ⁨months⁩ ago
    Can you see the router and service in the Traefik dashboard and do they show any errors there?
    
    source
    -> View More Comments
  - Hellmo_Luciferrari@lemm.ee ⁨4⁩ ⁨months⁩ ago
    I will give this a shot! Thank you for the help. I will report back, in hopes that between your knowledge and my fumbles that someone else too can learn from this!
    
    source