proxmox
Traefik 3 and FREE Wildcard Certificates with Docker
Traefik 3 and FREE Wildcard Certificates with Docker
#Traefik #FREE #Wildcard #Certificates #Docker
“Techno Tim”
Save 20% on UptimeRobot today!
In today’s Traefik tutorial we’ll get FREE Wildcard certificates to use in our HomeLab and with all of our internal self-hosted services. We’re going to set up Traefik 3 in Docker and get Let’s Encrypt certificates…
source
To see the full content, share this page by clicking one of the buttons below |
Interested to see if the Proxmox console works for anyone else when accessing through the FQDN? I haven't been able to get that working
Having trouble adding another external site, I noticed your website has the start of an entry for PiHole. Can you update the example to include a site that isn't HTTPS from the start like Proxmox.
Thanks for this, very informative!
At 11:07 you say "we need to create a docker network called proxy", but I couldn't see where it's done… Anything special about it? Which driver does it use?
I followed this video step by step, but in the NSLookup i only get the ip-addresses from Cloudflare (ip4 and ipv6), not my local pi-hole dns?
Any help would be very fineπ
i'm having a lot of problems with authentication for the dashboard, I've exec'd into the container and it shows the right output in echo but it still won't let me login, any help would be appreciated
Hi!
So, I got a question you could maybe solve.
Given that I have a service that has the ability to share media how would I achieve that everything under it's specific path is shared to the outside while everything that deals with logins etc is blocked from an outside world (only letting through via VPN or when in local network?
Specifically, I have this problem with immich. Immich can share images under it's path /share/<uuid>. I'd like to have this path exposed to the internet. Is that possible with traefik and if so, how? Do you know this?
I know that it's possible within NGINX.
I want to try out traefik as my main proxy however, I'm not too familiar with it.
If I missed that part in the video please point me to it. I might've missed that.
Anyways: Great video. Gonna setup traefik and report back if I have found out that specific use case if you haven't answered until then. π
your previous video worked great for me, this looks pretty much identical apart from the format of some of files. is it worth switching to traefik 3? like is it a big update?
It looks like if the domain you are using isn't in Google's DNS then Chrome won't resolve the name no matter what local DNS says. I can resolve traefik-dashboard.local.mydomain in bash, firefox and other browsers but not in Chrome.
Does it also work offline? π
Soooo⦠NOT a wildcard certificate
Awesome video! Actually, the first time that I was able to get traefik working. Quick question though Iβm trying to do like you do in your video. Iβm able to get the file provider to show on the traffic dashboard but when I go to the Proxima site, it just downloads a file instead of going to the site. Any ideas?
It's a shame that YouTube only allows for me to like this video once. This was a big upgrade from your last "SSL Everywhere" video. Thanks for taking us on your journey.
Have you tried using Unbound with PiHole? I am using it as a root DNS resolver but also thinking about using it to define my local DNS similar to Bind. I already have my A and CNAME records set up but it was a pain and really donβt want to recreate it. I am looking for ideas on how to easily generate the DNS configuration. I even played around with Ansible as a way to create the Docker containers and configure DNS.
Very comprehensive Tim, well done.
eyelashes can talk
Just neat and on point! Congrats! Been following your videos for a while. A couple of questions:
1. How about exposing multiple ports on Traefik?
2. How about exposing multiple external services?
3. Can you do a more deep insight tutorial about internal DNS setup?
All the best!
Whats a good alternative DNS server? Looking for something different then pi hole.
wow great video, followed the guide I have treafik setup and certificate working great. But I cant get an external server outside docker to get proxied. My config.yml file has the correct server IP. but when I wget fom inside the Treakif container it resolved the traefik host IP and not the external server IP. Seems it is not using the routers rule.
Just use Caddy. I used to be a die hard nginx guy. Not the nginx reverse proxy manager, but standard nginx. But getting auto renewing ssl certs for internal networks to work with letsencrypt was a nightmare. Caddy checks most of the boxes and automatically handles ssl certs for all your internal and external networks. Give it a try!
New video about OpenSSL self-signed certificate? Hell yeah
Awesome! Any recommended specs for the docker host (docker01)?
I just updated to v3 config based on your v2 tutorial, Thank you. I also noticed one more change from traefik: IPWhiteList middleware to IPAllowList… maybe deprecate soon?
Any recommendations to troubleshoot when the cert is from traefik and not from let's encrypt.
Minor opportunity at 12:22– I always get bogged down setting permissions for family samba shares, docker user, etc. Take a minute to talk through the chmod operation
compare to the last video of Traefik , i had 0 issue
love how you explain things very easy and in simple way π
Can you please give me the name or better yet a link to your cool white cabinet (on wheels, with drawers, etc.)?
Greatly appreciate the little detail explanations. Iβd done the wild card certs before on my home lab, but this is filling in several little knowledge holes in my mind.
Excellent content
Thank you Tim, this is what I looking for this is best guide
Uugh my traefik is causing so much problems when i try to deploy my react app.. so many different header settings that cause weird behavior with no freaking error output π΅
That was a great and easy to follow tutorial. Most of that information can also be translated to be used with Nginx Proxy Manager.
Perfect timing! I've been intersted in Traefik and leaving NPM. Thank you Tim!
So Uptime Robot is UptimeKuma?
anotther great tutorial. you mention difference in Docker Swarm. I am running a docker swarm in my homelab so would love to be pointed to documentation for that config. Also can I setup 2 certs in Traefik?
Are the dashboard credential optional?
its not sshhmod its c-h-mod
wonder if this is worth the effort when cloudflare tunnel is available for free
wow….thx man!
I will set this up for sure
π₯π₯π₯
Adding to it, having a local DNS is not necessary. You can add an A record of your host's local IP for the sub-domain in Cloudflare. That works equally well.
Nice video. I have been contemplating moving to traefik and perhaps getting a unifi ultra gateway, but this has convinced me to stick with pfsense with haproxy as it's just much simpler for me, but it's great to know if I ever change my mind, I can refer to this video and get it all working.
IPWhiteList is deprecated. It is recommended to use IPAllowList
Hey Techno Tim,
Trying to deploy on Swarm with 3 replicas and using Swarm as the provider, but hitting a few bumps. It'd be awesome if you could lend a hand with a tutorial! π
Is this possible with cgnat behind my Internet?