Traefik and external services

Submitted ⁨⁨5⁩ ⁨months⁩ ago⁩ by ⁨Hellmo_Luciferrari@lemm.ee⁩ to ⁨selfhosted@lemmy.world⁩

Hello Selfhosted peeps!

So I just got Traefik v3 setup inside my docker environment, and successfully got SSL certs for my services hosted within docker. However, I have an external device hosting PiHole and Wireguard-UI. I am looking to use the docker instance of Traefik v3 to obtain SSL certs for the internal use only for PiHole and Wireguard-UI.

I am still new to Traefik, and have no idea if this is possible, or how I would go about doing this.

Any tips, suggestions, links to documentation; I am all ears.

Video

Notes for above video

These 2 resources I utilized to help further my understanding.

Thank you

source

Comments

Sort:hotnew top

IHawkMike@lemmy.world ⁨5⁩ ⁨months⁩ ago
I use the Traefik file provider for this.

doc.traefik.io/traefik/providers/file/

It picks up all my .yml configs in the watched folder which define the routers and services external to Docker.

source
- Hellmo_Luciferrari@lemm.ee ⁨5⁩ ⁨months⁩ ago
  Would the file provider configs live on the Traefik server, or would they need to be on the external service. Reading through this, and looking at the example configuration files doesn’t really seem to point that out. Sorry for the noob questions.
  
  Trying to understand this, but the way the documentation is written is different than I am used to.
  
  Thank you!
  
  source
  - IHawkMike@lemmy.world ⁨5⁩ ⁨months⁩ ago
    No worries for the question. It’s not terribly intuitive.
    
    The configs live on the Traefik server. In my static traefik.yml config I have the following providers section, which adds the file provider in addition to the docker provider which you likely already have:
    
    providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false file: directory: /config watch: true
    
    And in the /config folder mapped into the Traefik container I have several files for services external to docker. You can combine them or keep them separate since the watch: true setting tells it to read in all files (and it’s near instant when you create them, no need to restart Traefik).
    
    Here is my homeassistant.yml in that folder (I have a separate VM running HASS outside of Docker/Traefik):
    
    http: routers: homeassistant-rtr: entryPoints: - https service: homeassistant-svc rule: "Host(`home.example.com`)" tls: certResolver: examplecom-dns services: homeassistant-svc: loadBalancer: servers: - url: "http://hass1.internal.local:8123"
    
    Hope this helps!
    
    source
    -> View More Comments

Decronym@lemmy.decronym.xyz ⁨5⁩ ⁨months⁩ ago

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

Fewer Letters	More Letters
DNS	Domain Name Service/System
HASS	Home Assistant automation software
PiHole	Network-wide ad-blocker (DNS sinkhole)
SSL	Secure Sockets Layer, for transparent encryption

[Thread #857 for this sub, first seen 8th Jul 2024, 19:35] [FAQ] [Full list] [Contact] [Source code]

source