Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
docker_notes:docker-reverse-proxy [2024-12-20 Fri wk51 19:41] – [Typical labels in Docker Compose] baumkpdocker_notes:docker-reverse-proxy [2025-01-07 Tue wk02 09:00] (current) – [Cloudsec] baumkp
Line 1: Line 1:
 {{tag>linux docker traefik "reverse proxy" proxy openssl ssl certificate portainer cloudsec}} {{tag>linux docker traefik "reverse proxy" proxy openssl ssl certificate portainer cloudsec}}
-======Reverse Proxy Server======+======Reverse Proxy Server - Traefik======
 I seem to have gotten the Traefik reverse proxy working according to Techno Tim [[https://docs.technotim.live/posts/traefik-portainer-ssl/|Put Wildcard Certificates and SSL on EVERYTHING]] ([[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl|github reference_files for traefik-portainer-ssl]]).  Also see [[https://www.youtube.com/watch?v=IBlZgrwc1T8&t=990s|Jim's Garage Your Traefik Isn't Secure]] ([[https://github.com/JamesTurland/JimsGarage/tree/main/Traefik-Secure|JimsGarage/Traefik-Secure/]] I seem to have gotten the Traefik reverse proxy working according to Techno Tim [[https://docs.technotim.live/posts/traefik-portainer-ssl/|Put Wildcard Certificates and SSL on EVERYTHING]] ([[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl|github reference_files for traefik-portainer-ssl]]).  Also see [[https://www.youtube.com/watch?v=IBlZgrwc1T8&t=990s|Jim's Garage Your Traefik Isn't Secure]] ([[https://github.com/JamesTurland/JimsGarage/tree/main/Traefik-Secure|JimsGarage/Traefik-Secure/]]
  
Line 71: Line 71:
  
 <code yml>labels: <code yml>labels:
-      # Enable Traefik for this specific "backend" service+      # Enable Traefik for this service
       - "traefik.enable=true"       - "traefik.enable=true"
       # Tell Traefik to specifically use the network "proxy", specifically declared       # Tell Traefik to specifically use the network "proxy", specifically declared
Line 89: Line 89:
       - "traefik.http.routers.container_name-secure.service=linkwarden"       - "traefik.http.routers.container_name-secure.service=linkwarden"
       - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"       - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.middlewares.container_name-ipwhitelist.ipwhitelist.sourcerange=127.0.0.0/8, 198.168.0.0/16, 172.16.    0.0/12, 10.0.0.0/8" 
       # Define the port inside of the Docker service to use       # Define the port inside of the Docker service to use
       - "traefik.http.services.container_name.loadbalancer.server.port=3000" # make sure the loadbalancer is the last line!! </code>       - "traefik.http.services.container_name.loadbalancer.server.port=3000" # make sure the loadbalancer is the last line!! </code>
  
- *Traefik:  +When the docker compose ''loadbalancer.server.port'' label is used an external port does not needed to be defined as Traefik can directly access the defined ''docker.network'' This simplifies the need to share host ports! 
-    *[[https://community.traefik.io/t/understanding-difference-between-labels-in-a-container-vs-defining-in-the-config-yml/16246|Understanding difference between labels in a container vs defining in the config.yml]] + 
-    *[[https://doc.traefik.io/traefik/providers/docker/|Traefik & Docker]] +  *Traefik:  
-    *[[https://docs.docker.com/engine/manage-resources/labels/|Docker object labels]] +     *[[https://community.traefik.io/t/understanding-difference-between-labels-in-a-container-vs-defining-in-the-config-yml/16246|Understanding difference between labels in a container vs defining in the config.yml]] 
-    *[[https://doc.traefik.io/traefik/v3.2/reference/dynamic-configuration/docker/|Docker Configuration Reference]] +     *[[https://doc.traefik.io/traefik/providers/docker/|Traefik & Docker]] 
-    *[[https://doc.traefik.io/traefik/middlewares/http/headers/|Headers]] +     *[[https://docs.docker.com/engine/manage-resources/labels/|Docker object labels]] 
-    *[[https://doc.traefik.io/traefik/middlewares/overview/|Middlewares]] +     *[[https://doc.traefik.io/traefik/v3.2/reference/dynamic-configuration/docker/|Docker Configuration Reference]] 
-    *[[https://doc.traefik.io/traefik/middlewares/http/redirectscheme/|RedirectScheme]] +     *[[https://doc.traefik.io/traefik/middlewares/http/headers/|Headers]] 
-    *[[https://community.traefik.io/t/how-to-configure-traefik-2-with-tls-traefik-2-tls-101/3928|How to configure Traefik 2 with TLS - Traefik 2 & TLS 101]]+     *[[https://doc.traefik.io/traefik/middlewares/overview/|Middlewares]] 
 +     *[[https://doc.traefik.io/traefik/middlewares/http/redirectscheme/|RedirectScheme]] 
 +     *[[https://community.traefik.io/t/how-to-configure-traefik-2-with-tls-traefik-2-tls-101/3928|How to configure Traefik 2 with TLS - Traefik 2 & TLS 101]]
   *[[https://requestly.com/blog/what-are-x-forwarded-headers-and-why-it-is-used/|What are X-forwarded Headers, and why it is used?]]   *[[https://requestly.com/blog/what-are-x-forwarded-headers-and-why-it-is-used/|What are X-forwarded Headers, and why it is used?]]
   *[[https://www.geeksforgeeks.org/http-headers-x-forwarded-proto/|HTTP headers | X-Forwarded-Proto]]   *[[https://www.geeksforgeeks.org/http-headers-x-forwarded-proto/|HTTP headers | X-Forwarded-Proto]]
Line 229: Line 230:
  
  
-<- docker_notes:init|Back ^ docker_notes:index|Start page ^ docker_notes:docker-dokuwiki|Next ->+<- docker_notes:init|Back ^ docker_notes:index|Start page ^ docker_notes:security|Next ->