@@OverAndOverAndOver you actually want Nginx Proxy Manager for that - it certainly does ssl certs, custom ports, access rules, custom paths, etc. But it's advanced configs is a bit difficult.
10:19 where you mention about exposing the dashboard, I cant quite understand what you mean. Dont do this in production ...so do what instead? If you dont open the port from the router what difference does it makes if you bind port 8080 of the host to the port 8080 inside the docker? PS even thougjh all of your videos are quite nice and presentation also you speak too fast (even though i can understand you ) and the general meaning \explanation is lost at the end.
Yeah if you don't open it on the router you should be fine. The warning is there to encourage you to use internal docker network with a reverse proxy and authentication mechanism if you want to expose it to the public
Traefik is such a PITA. Super hard to debug configuration issues as soon as things gets only slightly more complicated. Just not worth it. The only positive is that it's easy to use from docker - that's about it.
Great tutorial. But imho it's a terrible idea to spread the whole configuration over all your docker containers. I would assume it's way safer to have configuration like this in one central well known place 😊
Cheers Christain, I have recently forced myself to build up my Home lab and your videos are absolutely amazing. I dont normally leave a comment but Traefik has been a bit of a mind melting beast so i thought I need to share my appreciation here :p
This is a perfect tutorial and speed, thanks dude. You hit the important points quickly. Too many tutorials and overviews are 30-60+ minutes. Not sure who has that kind of time to watch. Usually we’re trying to quickly solve a problem. We may not need to become an Uber infrastructure expert, but need to learn enough quickly to solve problems and know where to keep ourselves out of trouble. Thanks again!
Plenty of us have the time. 💀💀💀💀💀😂😂 The average person, unlike me nowadays, spends hours a day on social media, and builds up extra anxiety, depression, etc. 😂💀🙊🤓
The only point I don't understand is how to install Portainer with it because it seems like he has installed it before installing Traefik. And I don't know how he got this with a SSL cert and the domain working...
@@chibiichen I believe you should just add the same labels in the portainer docker compose file - obviously you will need to change the host label to point to your portainer
Man, i'm really struggling with cloudflare DNS challenge. I would love an update to this guide. You kinda sorta not really put stuff in the boilerplate, but it has zero context. Thank you!
Awsome video explaining a very complex topic. Struggled for setting up traefik for some weeks, so this was what i was looking for. Alot of good info here.. Keep it up!
Hello! thank you for your great youtube content, I would like to use traefik for the first time, and I want to keep my legacy services that are not in containers (no docker), is it possible to set up DNS challenge with cloudflare for this setup? I mean without any configuration related to docker? I have not found any docs, tutorials that can help me, should I put the api token from cloudflare in a linux environment variable? thank you!
Hi Christian, great content,helped me a lot! About exchanging certs from staging to production - normally you don't do this, because you have separate containers for staging and production, also two different routes/domains for these service. Thanks a lot for your great job!
like your clip, plan to switch and your clip helped a little along the way. But what I haven't find a answer if i have have several different servers. lets say a web server which is pure server and another docker server different machine. etc.. Would appreciate it if you could make one that also points to other servers in the same network.
hi Christian thanks for the great content i follow the tutorial but unfortunately i got error 404 page not found and i did the || label but got same error
Traefik exposes your docker socket, this is a security concern if an attacker get access to Traefik from internet, they can access everything as root in your server. This should be mentionned and maybe explain how to overcome it with a proxy socket. Good video otherwise.
Cant figure out why im getting these closed port errors. Any idea? time="2021-11-25T21:27:27Z" level=error msg="Error while starting server: accept tcp [::]:80: use of closed network connection" entryPointName=web time="2021-11-25T21:27:27Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=websecure I checked that these ports are open from outside.
@@christianlempa I have been searching around but not much luck in the solutions. I actually think its unrelated to the issue im having. I think this error is it trying to connect with ipv6 from the looks of it. My real issue is getting a 404 on every page and not being secure and im not sure why. I have done everything you did in the video.
Hi, just wondering why in the your latest boilerplate docker-compose.yml file, it no longer has the volume for the ssl certificates. Is this no longer necessary? Won't they still get lost if the container is stopped?
Im following the steps described in the video and Im getting "command traefik error: yaml: line 41: did not find expected key" not matter what I change. I even modified the volumes based off @christian github and still getting same results. :(
You’re great at explaining things but horrible at showing step by step. I’ve been going through your videos for 2 days trying to make a reverse proxy in either docker or proxmox and none of your videos help. Somehow you’re using VSCode, not explaining where that file needs to be. Am I supposed to make directories? Again I can follow what you’re saying but you’re step by step execution on screen doesn’t translate.
Compered to NPM this is a pretty complicated install but worth doing for some considering NPM has some issues. Nice work sir, one day I will take the time to learn how to do this, for now I will stick with NPM.
@@chibiichen The biggest one, which ive found out only today while trying to use it with docker swarm, is that the webUI still doesn't have support for loadbalanced upstreams. It was first submitted as a missing feature on the github 4 years ago, cited as coming with v3 which is still nowhere to be seen. As things stand, if I want to run my docker swarm setup through NPM, i'd have to manually edit configuration files any time I want to add or remove a service, which then breaks any time I make changes. The fact this feature was put off, saved for v3, which still hasn't come after all this time is a major reason for moving away.
This is probably a silly question, but Traefik can handle reverse-proxying for things that aren't Docker/K8s containers right? All of my services run in a bunch of Proxmox nodes, and while I do have quite a few services that are in docker containers, a pretty significant amount of them are also LXCs that run through Proxmox as well. I currently use Nginx Proxy Manager, but I'm finding that there are often times where I feel the configuration I need goes against the grain of what it's designed for, and I'd also like to maybe start doing some automation as well and I've heard Traefik's API is quite nice (whereas NPM does have an API that the dashboard consumes, but it's not well documented at all) so Traefik seems to be shaping up to be a pretty decent candidate to replace NPM for me so long as I can just tell it "When you get a request at this host, redirect it to this IP + Port".
Awesome video! Does anyone know how to add a 2nd web server so it's load balanced? I duplicated my 1st web server container with a different name but Traefik treats it as a separate service. I have been reading through their documentation but haven't been able to figure it out.
Thank you very much for this interessting video. Maybe you should mention that it is not a good practise to put all your containers in the traefik network. Best practise is to create a new "proxy" network for every container that needs to explicitly expose a service via traefik. This will ensure all your backend containers of your service stack (databases, etc...) are not accessible from traefik and also most important are not accessible from other docker containers running behinde traefik web proxy.
Fantatsic tutorial, but :) using your configuration I recieve errors in Portainer log entry: 2022/02/05 14:26:58 command traefik error: yaml: line 19: did not find expected key Any ideas, as everything looks great to me? Thanks
Great video. If I want to set it up only on local network, do I still need to buy a domain? I assume using a local dns server would solve it without a domain.
Thanks! No you don't need to buy a domain, when it's local, but you'll need to mess around with self-signed certs then, I guess. Might be not as straightforward, but possible. Btw I'm also using self-signed certs locally.
Thank you for this tutorial! Did you also managed to get multiple simple docker hosts controlled by traefik without using something like e.g. docker swarm?
Great video but I have a question. Would you say it is secure to expose dashboard/admin webui to specific IP, let's say VPN IP? As far as I know you can do it by simply adding the desired IP to -p
It's a viable option, I also sometimes do firewall rules based on my static public IP or internal VPN ip. However, it's probably not the "best" way to do it, I'll explain that in a future video soon, when we talk more about modern network security concepts which will go away from traditional vpn (internal/external network) concepts! Stay tuned, there is more stuff in that space coming :)
Can you not have the traefik docker install route to services on your local network outside of its docker network? Some of my services are just running in separate VMs instead of containers.
@@christianlempa is not boring at all and i like the content pretty much. Would be nice just reduce 1x speed so we are not stress to enjoy your tutorial.
I am having an issue, I started using VS code which I love btw thank you for that, but the issue with my Traefik container is whenever I make changes to the config.yaml file it never changes anything. I can right click and compose down and compose up which does restart it with no issues but does not change anything with the config file, the other container with labels works no issues. But the config is a no go. Also I have tried to execute the bash command docker-compose up -d --force-recreate and I get error's saying the docker-compose file is invalid with the networks option I have and the environment variables in the file. Although I can right click in vs code and use up and down no issues. I am stuck here I don't understand. If you need to see logs I can send you whatever you think. I am just so lost. Would appreciate some help. Oh and BTW I used all of your templates.
Amazing video , It did worked a 100% , Now i want to route traffic to my old server . How i do that ? Do I set up an htpp provider ? your help is greatly appreciated
Can we using proxy reversing to the docker container while we using UFW ? i try using UFW to allow port 80 and 443 but it blocked port expose docker, how to using UFW instead using proxy reverse to docker container ?
except its not configurable if you like the defaults, okay. But if you want to forward to a port, your screwed.... Its kind of useless... NPM seems to be broke, but there is no way to move the stuff over. you shouldn't have to setup pages of text on docker files of every single container just to forward a port.
nginx proxy manager sucks big time...its slow AF and custom locations simply don't work. looking at te grief with setting traefik up i'll stick with manual nginx proxy management...
You may have covered this and I just missed it but can I configure a proxy to connect to a service running at a different IP address? I have a Bitwarden and a website running on a Raspberry Pi that I would like to connect to. Thank you.
Sure, you can add a dynamic configuration in the Traefik config file to route a connection to a custom IP address, that could be anywhere. It might be not as straightforward as on the same node, but it's technically possible.
Christian, I really love these tutorials, I only mis a few topics here for traefik. These are: Access list External application (via dynamic yml file) Hope you can address these maybe in a next video. Keep up the good work! Btw I’m running traefik now thanks to your latest nginx “little projects” video. Cost me 6 days because the traefik config file cannot handle tabs but only spaces…. Yeah😂
Ive seen another youtuber just created a Script wich installs docker, docker Compose, Proton, nginx in a row - after asking you to give you skip possibility. Would be awesome if you could create a similar git, just replaced with traefik instead nginx.
dude i love the content, the topics, and the production quality, BUT SLOW DOWN PLEASE!!!! lol Like just even taking a breath between steps so i at least have time to pause the video and catch up would be great! Other than that great work!
Other than that you make top notch content. And I will give you credit for fantastic English. I have a hard time with some of the German youtubers but other than the pace being a bit fast you are easy to watch and understand.
I came there to say this. I’ll have to listen to it again anyway as I wasn’t watching the video. I listen to videos while doing errands and try ton understand as much as possible without the visual component.
I'm using HTTPChallenge, letsencrypt tries to connect on port 80 to your domain to verify it. That doesn't work with wildcard certs, then you'd need to switch to DNS Challenge with API keys.
Christian, how do u do traefik labels when a container uses multiple ports e.g. 6060:80 3262:8080 4363:9354 And then there is also the possibility of a multiple container images in the docker compose which also use their own ports. Is there any docker compose example how this type of traefik deployment would look like? If it was just one port, i would know how to do as i got that to work. but i'm having issues figuring how to deal with multiple ports required x-x;
Hi Christian! Saubere Arbeit ! Wie wäre es mal mit einem Video über traefik 3? Bin grad dran das zu konfigurieren - klappt auch ganz gut nur meine UDM ProSE gui will nicht :( hast du nen Tipp?
So, I didn't get the overall architecture of the solution from the video... What containers are involved? Where traefik should be present: should it exist only in a container or outside web server has to be used as well? What is the role of traefik: is it a standalone solution, or just a UI wrapper for raw configuration files? How nginx and traefik have to communicate with each other, too many questions to understand something... P.S. And also, I don't think, that using the same tool as a reverse proxy and load balancer is the best idea due to different tasks they are intended to solve. As usual, the tool, developed entirely for solving only one specific task allows for better flexibility and tuning. In particular, I'm not sure, that it's easy (is possible at all) to tune up load balancing strategies in this case...
Danke Christian! Question, maybe basic, so sorry if so. So, say I deploy a Linode Linux server, then put Docker on it and install Portainer to manage the docker. Then I run through this tutorial to put a get Traefix setup as a container. How can I put Portainer behind Traefik? Or do I need to? Thanks again
time="2023-02-11T19:03:58Z" level=error msg="The ACME resolver \"production\" is skipped from the resolvers list because: unable to get ACME account: permissions 70 for /etc/traefik/certs/acme-production.json are too open, please use 600" time="2023-02-11T19:03:58Z" level=error msg="The ACME resolver \"staging\" is skipped from the resolvers list because: unable to get ACME account: permissions 70 for /etc/traefik/certs/acme-staging.json are too open, please use 600" Unable to change it because its a NFS
Hi. You helped me a lot in getting to know traefik. However, I need help with nextcloud, specifically nextcloudpi on docker. After setting everything up. I'm getting an Internal Server Error on the page.
I have a question related to using traefik with kubernetes. So at home I have a k3s cluster with 2 raspis where i would like to run some application ans theres also a Synology NAS which exposes some services aswell. I'm quite new to the whole networking stuff so I'm trying to figure out how to setup traefik the best way. If its setup inside kubernetes for example would it still be possible to route incomming traffic to other machines in the network such as the NAS?
I noticed the github repository shows a git clone option but has not much information about how to run that. Is there a way to install this without using docker, or kubernetes? I followed your video for nginx reverse proxy in the past. Now that manager has caused a lot of problems and cant for the life of me get it fixed and want to just throw it away honestly.
Hello Christian, I had a question about the routes. When I have a standalone OpenVPN server on the network and I want to route it through Traffik, it doesn't work. Do you know how to approach this problem? First of all OVPN can be accessed via TCP or UDP. I would be glad about a feedback.
Thank you for your videos. This just a suggestion. It would be easier to follow and more enjoyable if you could speak slower. You speak so fast that your breathing sounds heavy when you catch your breath. If you're concerned about the video being too long, simply break it into parts and label each part with its corresponding order: 1, 2 3 etc. Thank you.
Thanks for this excellent video. I watch it at speed rate of 0,75 to follow it. 😁 But it is interesting actually and I want also apply this for my TrueNas server.
I thought it was replacing the portainer. To me it's useless and unnecessarily complicated. I stay with Portainer + Nginx Proxy Manager, I can assign a subdomain to a container in 15 seconds and a few clicks.
Do you think a video about how you approach 'bind mounts vs named volumes' would be worth making? I see that it's kind of a mixed bag in your boiler plate templates.
Great video. However, it is a little deceiving that this is labeled a Traefik tutorial when it depends on Portainer for functionality. Having set up Traefik as a standalone tool, it has almost no functionality out of the box and you end up using config files like any other reverse proxy.
Tips for your life: say is complex, never say is complicated. If you says is complicated during a business meeting you can generate an avalanche of bad impressions in your direction.
Very good video and tutorial. I have a pfsense router in front of my Truescale server. so now I am confused wherethe reverse proxy should be configured and how to do that and still pass traffic through the pfsense router. Can you help / or do another video as this is a very common setup and confusing where the certificates all go. I would like to use a wild card certificate on both the Pfsense and Truescale servers
I use traefik but nginx is way easier. Thanks again my bald online friend.
Haha, you're welcome
my nginx reverse proxy won't make the ssl :// kinda queless
I agree,, nginx is much easier, simple and powerful
Nginx won't give me let's encrypt certs or even just act as a reverse proxy, it sucks
@@OverAndOverAndOver you actually want Nginx Proxy Manager for that - it certainly does ssl certs, custom ports, access rules, custom paths, etc. But it's advanced configs is a bit difficult.
I followed this tutorial line by line but I can't access the dashboard? What could I possibly be doing wrong?
same problem
Traefik is ridiciously hard to use, feels like a 2nd job and expect problems at every step, at every container.
10:19 where you mention about exposing the dashboard, I cant quite understand what you mean. Dont do this in production ...so do what instead? If you dont open the port from the router what difference does it makes if you bind port 8080 of the host to the port 8080 inside the docker?
PS even thougjh all of your videos are quite nice and presentation also you speak too fast (even though i can understand you ) and the general meaning \explanation is lost at the end.
Yeah if you don't open it on the router you should be fine. The warning is there to encourage you to use internal docker network with a reverse proxy and authentication mechanism if you want to expose it to the public
Traefik is such a PITA. Super hard to debug configuration issues as soon as things gets only slightly more complicated. Just not worth it. The only positive is that it's easy to use from docker - that's about it.
The configuration files are very convoluted and the documentation is copious without saying much. Yes, PITA sums it up.
Great tutorial. But imho it's a terrible idea to spread the whole configuration over all your docker containers. I would assume it's way safer to have configuration like this in one central well known place 😊
Thanks! Well everybody has his own way of doing things ;)
What do you mean by 'spread the whole configuration over all your docker containers'?
@@lucEast well the config gets attached to the container, rather than having all of it in a central place, where you can clearly see the connections.
Cheers Christain, I have recently forced myself to build up my Home lab and your videos are absolutely amazing. I dont normally leave a comment but Traefik has been a bit of a mind melting beast so i thought I need to share my appreciation here :p
This is a perfect tutorial and speed, thanks dude. You hit the important points quickly. Too many tutorials and overviews are 30-60+ minutes. Not sure who has that kind of time to watch. Usually we’re trying to quickly solve a problem. We may not need to become an Uber infrastructure expert, but need to learn enough quickly to solve problems and know where to keep ourselves out of trouble. Thanks again!
Thank you bro!
Plenty of us have the time. 💀💀💀💀💀😂😂 The average person, unlike me nowadays, spends hours a day on social media, and builds up extra anxiety, depression, etc. 😂💀🙊🤓
The only point I don't understand is how to install Portainer with it because it seems like he has installed it before installing Traefik. And I don't know how he got this with a SSL cert and the domain working...
@@chibiichen
I believe you should just add the same labels in the portainer docker compose file - obviously you will need to change the host label to point to your portainer
Man, i'm really struggling with cloudflare DNS challenge. I would love an update to this guide. You kinda sorta not really put stuff in the boilerplate, but it has zero context.
Thank you!
Awsome video explaining a very complex topic. Struggled for setting up traefik for some weeks, so this was what i was looking for. Alot of good info here.. Keep it up!
Was using traefik but now I switched to caddy.
For simple configuration is easier.
For complex configuration is easier.
Hello! thank you for your great youtube content, I would like to use traefik for the first time, and I want to keep my legacy services that are not in containers (no docker), is it possible to set up DNS challenge with cloudflare for this setup? I mean without any configuration related to docker? I have not found any docs, tutorials that can help me, should I put the api token from cloudflare in a linux environment variable? thank you!
Hi Christian, great content,helped me a lot! About exchanging certs from staging to production - normally you don't do this, because you have separate containers for staging and production, also two different routes/domains for these service. Thanks a lot for your great job!
Too much GUI tbh. Portainer is cool and all, but what if I just want a docker-compose file to configure my entire homelab?
like your clip, plan to switch and your clip helped a little along the way. But what I haven't find a answer if i have have several different servers. lets say a web server which is pure server and another docker server different machine. etc..
Would appreciate it if you could make one that also points to other servers in the same network.
hi Christian thanks for the great content i follow the tutorial but unfortunately i got error 404 page not found and i did the || label but got same error
Traefik exposes your docker socket, this is a security concern if an attacker get access to Traefik from internet, they can access everything as root in your server. This should be mentionned and maybe explain how to overcome it with a proxy socket. Good video otherwise.
Thank you, but that’s not really correct. Traefik doesn’t expose the socket itself, Traefik uses the socket to collect events from the daemon.
Cant figure out why im getting these closed port errors. Any idea?
time="2021-11-25T21:27:27Z" level=error msg="Error while starting server: accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-11-25T21:27:27Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=websecure
I checked that these ports are open from outside.
I've not seen this error message before :/ Have you reported it on the github project?
@@christianlempa I have been searching around but not much luck in the solutions. I actually think its unrelated to the issue im having. I think this error is it trying to connect with ipv6 from the looks of it. My real issue is getting a 404 on every page and not being secure and im not sure why. I have done everything you did in the video.
I only get error 404 using everything in a fresh install
Great video... And THANK YOU for properly referring to /etc/ as etcetera and not as Etsy
its extra terrestrial conf... everybody knows that!!!
Awesome! Exactly what I was looking for. Best traefik totorial I found so far! Thank you!
Thank you so much :)
Hi, just wondering why in the your latest boilerplate docker-compose.yml file, it no longer has the volume for the ssl certificates. Is this no longer necessary? Won't they still get lost if the container is stopped?
I'm storing the certs in the /etc/traefik/certs folder which is alredy stored in a volume, so I thought I could remove it.
@@christianlempa Thanks for replying. Makes sense 🙂
Im following the steps described in the video and Im getting "command traefik error: yaml: line 41: did not find expected key" not matter what I change. I even modified the volumes based off @christian github and still getting same results. :(
You’re great at explaining things but horrible at showing step by step. I’ve been going through your videos for 2 days trying to make a reverse proxy in either docker or proxmox and none of your videos help. Somehow you’re using VSCode, not explaining where that file needs to be. Am I supposed to make directories? Again I can follow what you’re saying but you’re step by step execution on screen doesn’t translate.
oh my goodness! I saw quite a lot of similar tutorial, this one is the simplest and the most understandingable video I have even seen!
Thank you so much :)
Still not decided between Traefik and NPM? Watch this 😜 -> ruclips.net/video/scrtJ1U4wJU/видео.html
Compered to NPM this is a pretty complicated install but worth doing for some considering NPM has some issues.
Nice work sir, one day I will take the time to learn how to do this, for now I will stick with NPM.
What issues does NPM have?
@@chibiichen The biggest one, which ive found out only today while trying to use it with docker swarm, is that the webUI still doesn't have support for loadbalanced upstreams. It was first submitted as a missing feature on the github 4 years ago, cited as coming with v3 which is still nowhere to be seen. As things stand, if I want to run my docker swarm setup through NPM, i'd have to manually edit configuration files any time I want to add or remove a service, which then breaks any time I make changes. The fact this feature was put off, saved for v3, which still hasn't come after all this time is a major reason for moving away.
This is probably a silly question, but Traefik can handle reverse-proxying for things that aren't Docker/K8s containers right? All of my services run in a bunch of Proxmox nodes, and while I do have quite a few services that are in docker containers, a pretty significant amount of them are also LXCs that run through Proxmox as well.
I currently use Nginx Proxy Manager, but I'm finding that there are often times where I feel the configuration I need goes against the grain of what it's designed for, and I'd also like to maybe start doing some automation as well and I've heard Traefik's API is quite nice (whereas NPM does have an API that the dashboard consumes, but it's not well documented at all) so Traefik seems to be shaping up to be a pretty decent candidate to replace NPM for me so long as I can just tell it "When you get a request at this host, redirect it to this IP + Port".
sir please do a video on hosting multiple websites with docker & nginx using subdomains
thx for the video, but the config files from your video is different from the github, that's a bit confusing
Slightly off topic question but what software do you use for your drawing/blur effect in the video?
Awesome video! Does anyone know how to add a 2nd web server so it's load balanced? I duplicated my 1st web server container with a different name but Traefik treats it as a separate service. I have been reading through their documentation but haven't been able to figure it out.
Really one of the best guides on this subject. Thanks! Would love to see a way to secure the traefik dash natively (without teleport)
Thanks! There will be something new coming ;)
Thank you very much for this interessting video.
Maybe you should mention that it is not a good practise to put all your containers in the traefik network.
Best practise is to create a new "proxy" network for every container that needs to explicitly expose a service via traefik. This will ensure all your backend containers of your service stack (databases, etc...) are not accessible from traefik and also most important are not accessible from other docker containers running behinde traefik web proxy.
Thanks! Yeah that might be a topic for a separate video.
"You could now just wait for a 90 days HAHA" - that's probably the best part xD
:D
a proxy shouldn't be written for EBPF?
Fantatsic tutorial, but :)
using your configuration I recieve errors in Portainer log entry:
2022/02/05 14:26:58 command traefik error: yaml: line 19: did not find expected key
Any ideas, as everything looks great to me? Thanks
Mostly this is because the traefik.yml config isn't indented correctly.
Brilliant I will take a look at the YAML indentation, thanks
used Visual Studio Code instead and no errrors, thanks for your help.
Great starter video, it really helped me move from NPM to Traefik - thanks Christian and Merry Christmas! 🙂
Great video. If I want to set it up only on local network, do I still need to buy a domain? I assume using a local dns server would solve it without a domain.
Thanks! No you don't need to buy a domain, when it's local, but you'll need to mess around with self-signed certs then, I guess. Might be not as straightforward, but possible. Btw I'm also using self-signed certs locally.
Very useful 👌
Thanks a lot
Caddy2 seems to be more light weight and at least as easy as Traefik
honestly this tutorial is just incredibly good!
Glad you think so!
Cool, all traffic 80 -> 443 -> container, but how to make 80 -> 80 for a some container ?
You can always apply the redirection rules to individual containers with labels.
Thank you for this tutorial! Did you also managed to get multiple simple docker hosts controlled by traefik without using something like e.g. docker swarm?
followed along but like most of your videos it does not work on my end
Great video but I have a question. Would you say it is secure to expose dashboard/admin webui to specific IP, let's say VPN IP? As far as I know you can do it by simply adding the desired IP to -p
It's a viable option, I also sometimes do firewall rules based on my static public IP or internal VPN ip. However, it's probably not the "best" way to do it, I'll explain that in a future video soon, when we talk more about modern network security concepts which will go away from traditional vpn (internal/external network) concepts!
Stay tuned, there is more stuff in that space coming :)
@@christianlempa For me it's the option that keeps me from learning iptables he-he. I am always tuned, keep up great work.
Can you not have the traefik docker install route to services on your local network outside of its docker network? Some of my services are just running in separate VMs instead of containers.
Bro, i hope you can slow down your speech. I like your channel but would be nice you can slow down your speech.
Thanks for your feedback! Yeah it's hard to find that balance between "not beeing boring" and "too fast". I'll take care next one ;)
@Karl Klammer that's the Overkill version 🤣
@@christianlempa is not boring at all and i like the content pretty much. Would be nice just reduce 1x speed so we are not stress to enjoy your tutorial.
@@christianlempa I'm not a native English speaker myself, and I find the pace to be well suited. (I agree that speaking too slowly can get boring.)
@Karl Klammer Same, but not just him. Otherwise I can't pay attention. Not always 2x, tho.
Lifesaver. You're so good at what you do. BTW I love how you pronounce the word "container". 😊
Thanks mate ;)
I am having an issue, I started using VS code which I love btw thank you for that, but the issue with my Traefik container is whenever I make changes to the config.yaml file it never changes anything. I can right click and compose down and compose up which does restart it with no issues but does not change anything with the config file, the other container with labels works no issues. But the config is a no go. Also I have tried to execute the bash command docker-compose up -d --force-recreate and I get error's saying the docker-compose file is invalid with the networks option I have and the environment variables in the file. Although I can right click in vs code and use up and down no issues. I am stuck here I don't understand. If you need to see logs I can send you whatever you think. I am just so lost. Would appreciate some help. Oh and BTW I used all of your templates.
Amazing video , It did worked a 100% , Now i want to route traffic to my old server . How i do that ? Do I set up an htpp provider ? your help is greatly appreciated
Can we using proxy reversing to the docker container while we using UFW ?
i try using UFW to allow port 80 and 443 but it blocked port expose docker, how to using UFW instead using proxy reverse to docker container ?
run:
"ufw allow in on docker0"
then change DEFAULT_FORWARD_POLICE to “ACCEPT” in /etc/default/ufw
reload using:
"ufw reload"
except its not configurable if you like the defaults, okay. But if you want to forward to a port, your screwed.... Its kind of useless... NPM seems to be broke, but there is no way to move the stuff over. you shouldn't have to setup pages of text on docker files of every single container just to forward a port.
Traefik in truenas scale + Domain like Cloudflare
Oh yeah that sounds like a good setup ;)
nginx proxy manager sucks big time...its slow AF and custom locations simply don't work. looking at te grief with setting traefik up i'll stick with manual nginx proxy management...
It appears ngnix is MUCH more performant than traefik.
When hammering the server with thousands of connections... nginx is vastly faster.
This was a seriously great video. Thank you so much for this! Love the content.
Thank you so much! ;)
damn bro, you're hella fast! thanks for sharing some of your skillz!
You may have covered this and I just missed it but can I configure a proxy to connect to a service running at a different IP address? I have a Bitwarden and a website running on a Raspberry Pi that I would like to connect to. Thank you.
Sure, you can add a dynamic configuration in the Traefik config file to route a connection to a custom IP address, that could be anywhere. It might be not as straightforward as on the same node, but it's technically possible.
Great video, but can I also use traefik to get certificates from my local services without having an external dns pointing to it?
Great work. Thank you very much for all the knowledge sharing!
Glad it was helpful!
Christian, I really love these tutorials, I only mis a few topics here for traefik.
These are:
Access list
External application (via dynamic yml file)
Hope you can address these maybe in a next video. Keep up the good work!
Btw I’m running traefik now thanks to your latest nginx “little projects” video. Cost me 6 days because the traefik config file cannot handle tabs but only spaces…. Yeah😂
Ive seen another youtuber just created a Script wich installs docker, docker Compose, Proton, nginx in a row - after asking you to give you skip possibility.
Would be awesome if you could create a similar git, just replaced with traefik instead nginx.
It’s just easier to learn how to install things yourself
@@crazycorg1 not easier but more useful yes ;)
SSL Certs part deprecated!!!!!!
Wow. If I had a choice, not sure I'd use Traefik. Too complicated.
Do you have any videos on the middleware, such as how to load it, use it and set it up correctly?
dude i love the content, the topics, and the production quality, BUT SLOW DOWN PLEASE!!!! lol Like just even taking a breath between steps so i at least have time to pause the video and catch up would be great! Other than that great work!
Good idea, I know that I need to improve on my video pacing, hopefully I'll get better over time :D
Other than that you make top notch content. And I will give you credit for fantastic English. I have a hard time with some of the German youtubers but other than the pace being a bit fast you are easy to watch and understand.
I came there to say this. I’ll have to listen to it again anyway as I wasn’t watching the video. I listen to videos while doing errands and try ton understand as much as possible without the visual component.
I watch it with speed of 1.75.
Refer to button most top right (cog wheel)
Inside you will find speed control. Adjust accordingly to fit your -IQ- individual needs.
I dont understand how traefik obtained letsencrypt certificate without any domain hosting service api key or smth?
I'm using HTTPChallenge, letsencrypt tries to connect on port 80 to your domain to verify it. That doesn't work with wildcard certs, then you'd need to switch to DNS Challenge with API keys.
@@christianlempa oh, ofcourse, thanks:)
Dark works very poorly with youtube videos ... we can't read the text.
Christian, how do u do traefik labels when a container uses multiple ports e.g.
6060:80
3262:8080
4363:9354
And then there is also the possibility of a multiple container images in the docker compose which also use their own ports.
Is there any docker compose example how this type of traefik deployment would look like?
If it was just one port, i would know how to do as i got that to work. but i'm having issues figuring how to deal with multiple ports required x-x;
Thanks, you made this look easy! =)
Thank you! :)
Hi Christian! Saubere Arbeit ! Wie wäre es mal mit einem Video über traefik 3? Bin grad dran das zu konfigurieren - klappt auch ganz gut nur meine UDM ProSE gui will nicht :( hast du nen Tipp?
So, I didn't get the overall architecture of the solution from the video... What containers are involved? Where traefik should be present: should it exist only in a container or outside web server has to be used as well? What is the role of traefik: is it a standalone solution, or just a UI wrapper for raw configuration files? How nginx and traefik have to communicate with each other, too many questions to understand something...
P.S. And also, I don't think, that using the same tool as a reverse proxy and load balancer is the best idea due to different tasks they are intended to solve. As usual, the tool, developed entirely for solving only one specific task allows for better flexibility and tuning. In particular, I'm not sure, that it's easy (is possible at all) to tune up load balancing strategies in this case...
Hi. I get too many redirects error. What could be the solution?
Danke Christian! Question, maybe basic, so sorry if so. So, say I deploy a Linode Linux server, then put Docker on it and install Portainer to manage the docker. Then I run through this tutorial to put a get Traefix setup as a container. How can I put Portainer behind Traefik? Or do I need to? Thanks again
Hi, if is possible it will be great an updated tutorial about docker and trafik but with cloudflare dnsChallenge. Thanks again!
Yep that's a good one, I'll make that soon :)
@@christianlempa looking for this too as seems no-one has explained it
Any chance you could repeat this tutorial with recent version?
Hey I loved the tut but after I deploy the stack I'm getting the 404 page not found ;(( ideias? :) thks
There's something wrong in your config, you might check again or join our discord and share some details about your setup and error logs
@@christianlempa I'll try again thks. Yes, thanks, already did today ;) dankje
I’m confused: you said Traefik dynamically handles routing, but then you manually set labels? That’s not very reproducible
It does, but I don't like this feature so I turn it off and manually manage it :D
time="2023-02-11T19:03:58Z" level=error msg="The ACME resolver \"production\" is skipped from the resolvers list because: unable to get ACME account: permissions 70 for /etc/traefik/certs/acme-production.json are too open, please use 600"
time="2023-02-11T19:03:58Z" level=error msg="The ACME resolver \"staging\" is skipped from the resolvers list because: unable to get ACME account: permissions 70 for /etc/traefik/certs/acme-staging.json are too open, please use 600"
Unable to change it because its a NFS
Hi. You helped me a lot in getting to know traefik. However, I need help with nextcloud, specifically nextcloudpi on docker. After setting everything up. I'm getting an Internal Server Error on the page.
I have a question related to using traefik with kubernetes. So at home I have a k3s cluster with 2 raspis where i would like to run some application ans theres also a Synology NAS which exposes some services aswell.
I'm quite new to the whole networking stuff so I'm trying to figure out how to setup traefik the best way. If its setup inside kubernetes for example would it still be possible to route incomming traffic to other machines in the network such as the NAS?
I noticed the github repository shows a git clone option but has not much information about how to run that.
Is there a way to install this without using docker, or kubernetes? I followed your video for nginx reverse proxy in the past. Now that manager has caused a lot of problems and cant for the life of me get it fixed and want to just throw it away honestly.
What do you think about HAProxy?
Haven't tried it out, yet. But it's on my list!
@Stefan Sine When configured through pfsense, it's actually quite not that hard, and why would you be running anything else as firewall/router ;)
Can someone explain to me how u can do this without portainer?
Hello Christian,
I had a question about the routes. When I have a standalone OpenVPN server on the network and I want to route it through Traffik, it doesn't work. Do you know how to approach this problem? First of all OVPN can be accessed via TCP or UDP. I would be glad about a feedback.
Nice one, thanks! Is it possible to setup traefik on one Docker Host and NGiNX on another Docker Host and label it without a Docker Swarm?
Haven't done it with swarm, yet :/
@@christianlempa the questions was: without Swarm, but two Docker Hosts
Thank you for your videos. This just a suggestion. It would be easier to follow and more enjoyable if you could speak slower. You speak so fast that your breathing sounds heavy when you catch your breath. If you're concerned about the video being too long, simply break it into parts and label each part with its corresponding order: 1, 2 3 etc. Thank you.
I keep getting this error level=error msg="open /etc/traefik/certs/acme.json: no such file or directory" providerName=acme
Thanks for this excellent video. I watch it at speed rate of 0,75 to follow it. 😁
But it is interesting actually and I want also apply this for my TrueNas server.
I thought it was replacing the portainer. To me it's useless and unnecessarily complicated. I stay with Portainer + Nginx Proxy Manager, I can assign a subdomain to a container in 15 seconds and a few clicks.
Do you think a video about how you approach 'bind mounts vs named volumes' would be worth making? I see that it's kind of a mixed bag in your boiler plate templates.
Maybe it would be nice to do a "docker best practices"? Let me think about it
Great video. However, it is a little deceiving that this is labeled a Traefik tutorial when it depends on Portainer for functionality. Having set up Traefik as a standalone tool, it has almost no functionality out of the box and you end up using config files like any other reverse proxy.
Thanks! Good feedback, bro. In future videos I'm using Docker Compose for that, which is easier to follow, if you don't have Portainer running
Tips for your life: say is complex, never say is complicated. If you says is complicated during a business meeting you can generate an avalanche of bad impressions in your direction.
In this tutorial, Is portioner itself being resolved though Traefik or is Portainer just a container with no SSL?
Very good video and tutorial. I have a pfsense router in front of my Truescale server. so now I am confused wherethe reverse proxy should be configured and how to do that and still pass traffic through the pfsense router. Can you help / or do another video as this is a very common setup and confusing where the certificates all go. I would like to use a wild card certificate on both the Pfsense and Truescale servers
Awesome video! Thank you for sharing you knowledge with us 👍
Thank you! 😉
I used caddy for development, but this one seems promising, hopefully I don't need kube to use this '__')
still at first few minutes of your video
Well done mate. I was waiting with networking for too long with my app built on microservices. Your video was great entrypoint!
please speak little slower, you talk sooo fast
I'll try ;)