pkartch/traefik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bd1dc1abedde5edd9c40a7d888c2c276c63dd6f5
traefik/SETUP-INSTRUCTIONS.md
Paul R Kartchner bd1dc1abed Initial Traefik reverse proxy configuration 
Configure Traefik v2.10 with:
- Automatic HTTPS using Let's Encrypt
- HTTP to HTTPS redirect
- Docker service discovery
- Security headers middleware
- Dashboard with basic auth

Configured services:
- Mealie (recipes.pkartchner.com)
- Gogs (git.pkartchner.com)
- Traefik Dashboard (traefik.pkartchner.com)

Features:
- Automatic SSL certificate management
- Force HTTPS on all services
- Security headers (HSTS, frame options, XSS protection)
- Docker network isolation

Next steps: Configure DNS records and port forwarding (see SETUP-INSTRUCTIONS.md)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-20 19:07:55 +00:00

5.3 KiB
Raw Blame History

Traefik Setup - Next Steps

Current Status

Traefik has been successfully installed and configured! Here's what's done:

  • Traefik container running
  • Mealie connected to Traefik network
  • HTTP to HTTPS redirect working
  • Automatic SSL with Let's Encrypt configured
  • Gogs routing configured

What You Need to Do

1. Configure DNS Records ⚠️ REQUIRED

Before SSL certificates can be obtained, you need to add DNS A records pointing to your server's public IP address:

Type    Name                            Value (Points to)
----    ----                            -----------------
A       recipes.pkartchner.com          YOUR_PUBLIC_IP
A       git.pkartchner.com              YOUR_PUBLIC_IP
A       traefik.pkartchner.com          YOUR_PUBLIC_IP  (optional - for dashboard)

How to find your public IP:

curl ifconfig.me

Where to add DNS records:

  • Log in to your domain registrar (where you bought pkartchner.com)
  • Go to DNS management
  • Add the A records above
  • Wait 5-60 minutes for DNS propagation

2. Configure EdgeRouter Port Forwarding

Forward ports 80 and 443 from your EdgeRouter to this server:

WAN Port    LAN IP              LAN Port    Protocol
--------    ------              --------    --------
80          YOUR_SERVER_IP      80          TCP
443         YOUR_SERVER_IP      443         TCP

EdgeRouter CLI commands:

configure
set port-forward auto-firewall enable
set port-forward hairpin-nat enable
set port-forward wan-interface eth0
set port-forward rule 1 description "HTTP to Traefik"
set port-forward rule 1 forward-to address YOUR_SERVER_IP
set port-forward rule 1 forward-to port 80
set port-forward rule 1 original-port 80
set port-forward rule 1 protocol tcp
set port-forward rule 2 description "HTTPS to Traefik"
set port-forward rule 2 forward-to address YOUR_SERVER_IP
set port-forward rule 2 forward-to port 443
set port-forward rule 2 original-port 443
set port-forward rule 2 protocol tcp
commit
save
exit

3. Verify SSL Certificates (After DNS Propagates)

Once DNS is configured and propagated:

# Check Traefik logs for SSL certificate generation
docker logs traefik -f

# You should see messages like:
# "Server responded with a certificate"
# "Certificate obtained for domain recipes.pkartchner.com"

4. Test Your Setup

After DNS propagation and SSL certificates are obtained:

Test Mealie:

# Should redirect to HTTPS and show valid certificate
curl -I https://recipes.pkartchner.com

Test Gogs:

# Should redirect to HTTPS and show valid certificate
curl -I https://git.pkartchner.com

Access Traefik Dashboard:

URL: https://traefik.pkartchner.com
Username: admin
Password: change-this-password

5. Change Traefik Dashboard Password

Generate a new password hash:

apt install apache2-utils
echo $(htpasswd -nb admin YourNewPassword) | sed -e s/\\$/\\$\\$/g

Update the password in /srv/docker-compose/traefik/docker-compose.yml:

- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$NEW_HASH"

Then restart Traefik:

cd /srv/docker-compose/traefik
docker compose restart

Troubleshooting

SSL Certificate Errors

If you see "DNS problem: NXDOMAIN" in logs:

  • DNS records are not set up yet or haven't propagated
  • Wait for DNS propagation (can take up to 24 hours)
  • 🔍 Check DNS with: dig recipes.pkartchner.com or nslookup recipes.pkartchner.com

Can't Access Services

  1. Check if Traefik is running:

    docker ps | grep traefik

  2. Check Traefik logs:

    docker logs traefik --tail 50

  3. Verify containers are on Traefik network:

    docker network inspect traefik

  4. Test local access:

    curl -H "Host: recipes.pkartchner.com" http://localhost

503 Service Unavailable

  • Check if Mealie/Gogs containers are running
  • Verify they're on the Traefik network
  • Check container logs

Services Summary

Service Domain Backend Port Status
Mealie recipes.pkartchner.com localhost:9091 Configured
Gogs git.pkartchner.com gogs.pkartchner.com:3000 Configured
Traefik traefik.pkartchner.com localhost:8080 Configured

Important Security Notes

  1. Firewall: Only ports 80, 443, and 22 (SSH) should be open to the internet
  2. Dashboard: Change the default Traefik dashboard password immediately
  3. Backups: acme.json contains your SSL certificates - back it up
  4. Updates: Regularly update Traefik for security patches

Quick Commands

# View Traefik dashboard locally
curl http://localhost:8080/dashboard/

# Check SSL certificates
docker exec traefik cat /acme.json | jq .

# Restart all services
cd /srv/docker-compose/traefik && docker compose restart
cd /srv/docker-compose/mealie && docker compose restart

# View logs
docker logs traefik -f
docker logs mealie -f

When Everything is Working

You should be able to:

Reference in New Issue View Git Blame Copy Permalink