diff --git a/.env b/.env.example similarity index 61% rename from .env rename to .env.example index 50026e6..4e40846 100644 --- a/.env +++ b/.env.example @@ -1,4 +1,4 @@ PUID=1000 PGID=1000 TIMEZONE=Europe/Berlin -ROOT_DOMAIN_NAME=local.dev \ No newline at end of file +ROOT_DOMAIN_NAME=local.dev diff --git a/.gitignore b/.gitignore index 6d6f055..82a109f 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,7 @@ secrets/* !secrets/.gitkeep !secrets/cf_api_key !secrets/cf_email +.env # Traefik AppData/traefik-proxy/access.log diff --git a/ReadMe.md b/ReadMe.md index dc184a4..27d77cd 100644 --- a/ReadMe.md +++ b/ReadMe.md @@ -1,15 +1,120 @@ # Traefik-Proxy - with additional Cloudflare support -Traefik reverse proxy that (optionally) supports for Cloudflare and traefik hub. +This repository provides a configuration for setting up Traefik as a reverse proxy for websites. +It supports optionally a Cloudflare integration, and can optionally be coupled with a [authentik server](https://github.com/erkenes/docker-authentik) for user authentication. -## Installation +## Prerequisites -Update the `.env` file to your purposes and then run +Before you begin, ensure you have the following prerequisites: -```shell -docker compose up -d +- [Docker](https://www.docker.com/) installed and configured on your server. +- [Docker Compose](https://docs.docker.com/compose/install/) installed. +- A registered domain name for your websites. +- (Optional) A [Cloudflare](https://www.cloudflare.com/) account with an API key and email address if you plan to use Cloudflare. + +## Getting Started + +1. Clone this repository to your server: + ```shell + git clone https://github.com/erkenes/docker-traefik.git + ``` + +2. Navigate to the repository directory: + ```shell + cd traefik-reverse-proxy + ``` + +3. Create a `.env` file and configure your settings. You can use the provided `.env.example` + ```shell + cp .env.example .env + ``` + +4. Change the root domain in the `.env` file to match your domain. Traefik will be available with `trafik.ROOT_DOMAIN_NAME`. + You also have to change the root domain in the file [AppData/traefik-proxy/traefik.yml](AppData/traefik-proxy/traefik.yml) + ```yaml + entryPoints: + https: + http: + tls: + domains: + # ToDo: Replace domain + - main: 'traefik.local.dev' + sans: + - '*.local.dev' + ``` + +5. Start Traefik + ```shell + docker compose -f docker-compose.yml up -d + ``` + +6. Your Traefik reverse proxy is now up and running, ready to route incoming traffic to your web services. + +## Optional Cloudflare Integration + +You have to follow the upper instructions first. + +1. Add your cloudflare api credentials to the secret files + - `secrets/cf_api_key` for the api key + - `secrets/cf_email` for your email address + +2. Start Traefik + ```shell + docker compose -f docker-compose.cloudflare.yml up -d + ``` + +3. Your Traefik reverse proxy is now up and running, ready to route incoming traffic to your web services. + +## Optional Authentication Server + +If you wish to use an authentication server for user authentication, refer to the documentation of [this repository](https://github.com/erkenes/docker-authentik) for setup instructions. + +## Usage + +o use this Traefik reverse proxy, configure your web services to include the appropriate labels in their Docker Compose files. +Consult the Traefik documentation for details on how to configure routing and SSL certificates. + +```yaml +version: '3.9' +services: + whoami: + image: traefik/whoami + networks: + - traefik-proxy + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.whoami-rtr.rule=Host(`whoami.$DOMAIN`)" + - "traefik.http.routers.whoami-rtr.entrypoints=https" + - "traefik.http.routers.whoami-rtr.tls=true" +networks: + traefik-proxy: + external: true ``` +## Troubleshooting + +If you encounter issues or need further assistance, please check the logs of the Traefik container for error messages. +Additionally, refer to the documentation for Traefik for detailed configuration options and troubleshooting tips. + +## License + +This project is licensed under the [MIT License](LICENSE). + +## Acknowledgments + +- [Traefik](https://traefik.io/): The reverse proxy and load balancer used to manage web traffic. + +## Contributing + +Contributions are welcome! If you have any improvements, bug fixes, or feature requests, please open an issue or submit a pull request. + +--- + +Happy proxying! + +--- + ## Use a custom local certificate Install the RootCA from the directory `certs`. The wildcard domain `*.local.dev` and `local.dev` are now valid.