Basic Auth

• BasicAuth - Traefik | Site | v2.0
• Generate password
• Htpasswd Generator – Create htpasswd - hostingcanada.org bash echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g

# Declaring the user list
#
# Note: all dollar signs in the hash need to be doubled for escaping.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
labels:
  - "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"

REMINDERS

• ARTICULATE A QUESTION
• START BY READING THE DOCUMENTATION
• OODA, ACT TOWARDS A DIRECTION
• Search “Homelab Traefik”
• Troubleshooting
• Check Service Name and Label Name
• Restart Service
• Restart Traefik
• acme.json needs the right permissions or TLS certs will not work, should use docker-volume.
• Middlewares

• Authelia

  • Get subpath working with
  • Getting Started - Authelia
  • Traefik 2.x - Authelia

  Setup completed successfully.

  You can now visit the following locations: - https://public.dentropy.xyz - Bypasses Authelia - https://traefik.dentropy.xyz - Secured with Authelia one-factor authentication - https://secure.dentropy.xyz - Secured with Authelia two-factor authentication (see note below)

  You will need to authorize the self-signed certificate upon visiting each domain. To visit https://secure.dentropy.xyz you will need to register a device for second factor authentication and confirm by clicking on a link sent by email. Since this is a demo with a fake email address, the content of the email will be stored in './authelia/notification.txt'. Upon registering, you can grab this link easily by running the following command: 'grep -Eo '"https://.*" ' ./authelia/notification.txt'.

• Getting Started

• Basic Example - Traefik
  • Works great, not need HTTPs and to secure the dashboard
• Random Questions
• What is the difference between docker-compose ports vs expose - Stack Overflow
• Port
• docker - Traefik v2 [how to route to specific port] - Stack Overflow
• Traefik redirect / (root) to sub path with Docker labels
• routing - Route Traefik to subfolder - Server Fault
• TOML file examples
• Traefik as Reverse Proxy for Docker Services | by Aral Can Kaymaz | Medium
• Setup Traefik - FM Lab
• HTTPS
• traefik-letsencrypt-compose/docker-compose.yml at master · bubelov/traefik-letsencrypt-compose · GitHub
  • Tried could not get working
• TLS Challenge - Traefik
  • Works
• Traefik Proxy with HTTPS - Docker Swarm Rocks
  • Docker Swarm
• Dashboard
• Traefik V2 Docker Compose file with LetsEncrypt and HTTPS redirect - Traefik dashboard and simple whoami service · GitHub
  • Does not work
• How to expose Traefik 2.x dashboard securely on Docker Swarm :: Aloïs Micard — Tech Blog
  • Uses Docker Swarm
• Traefik 2 - Advanced configuration with Docker Compose | mmorejon
  • Uses plugins
• Useful Blog Posts
• Traefik v2 - Advanced Configuration
• Ultimate Docker Home Server with Traefik 2, LE, and OAuth / Authelia [2020]
• Redit Posts
• yet another Traefik show-off :D : homelab
• Traefik v2 - Advanced Config with Examples : homelab
• Oauth

• Google OAuth Tutorial for Docker and Traefik - Authentication for Services

• Sample docker-compose with Traefik v2.0 and Lets Encrypt · GitHub

• Internal HTTPS with Let's Encrypt, Linode DNS and Traefik

SUPER HELPFUL

docker - Traefik v2 and Invalid Lets Encrypt Certificate - Stack Overflow

ACME v2 Production Environment & Wildcards - API Announcements - Let's Encrypt Community Support

ANOTHER PROBLEM SOLVED

"Gateway Timeout" with docker · Issue #1254 · traefik/traefik · GitHub

How to redirect http to https with Traefik 2.0 and Docker Compose labels? - Stack Overflow

Working HTTP Server (NO TLS)

version: '3'

services:
  reverse-proxy:
    # The official v2.0 Traefik docker image
    image: traefik:v2.0
    # Enables the web UI and tells Traefik to listen to docker
    command:
        #- "--log.level=DEBUG"
        - "--api.insecure=true"
        - "--providers.docker=true"
        - "--providers.docker.exposedbydefault=false"
        - "--entrypoints.web.address=:80"
    ports:
      # The HTTP port
      - "80:80"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - traefik-homelab
networks:
  traefik-homelab:
    external:
      name: traefik-homelab

Traefik

REMINDERS

• ARTICULATE A QUESTION
• START BY READING THE DOCUMENTATION
• OODA, ACT TOWARDS A DIRECTION
• Search “Homelab Traefik”
• Troubleshooting
  • Check Service Name and Label Name
  • Restart Service
  • Restart Traefik
  • acme.json needs the right permissions or TLS certs will not work, should use docker-volume.

• Middlewares

  • Authelia
    • Get subpath working with
    • Getting Started - Authelia
    • Traefik 2.x - Authelia

  Setup completed successfully.

  You can now visit the following locations: - https://public.dentropy.xyz - Bypasses Authelia - https://traefik.dentropy.xyz - Secured with Authelia one-factor authentication - https://secure.dentropy.xyz - Secured with Authelia two-factor authentication (see note below)

  You will need to authorize the self-signed certificate upon visiting each domain. To visit https://secure.dentropy.xyz you will need to register a device for second factor authentication and confirm by clicking on a link sent by email. Since this is a demo with a fake email address, the content of the email will be stored in './authelia/notification.txt'. Upon registering, you can grab this link easily by running the following command: 'grep -Eo '"https://.*" ' ./authelia/notification.txt'.

• Getting Started

  • Basic Example - Traefik
    • Works great, not need HTTPs and to secure the dashboard
• Random Questions
  • What is the difference between docker-compose ports vs expose - Stack Overflow
• Port
  • docker - request forwarding on specific port with traefik(v2) router - Stack Overflow%20router%20-%20Stack%20Overflow)
  • docker - Traefik v2 [how to route to specific port] - Stack Overflow
  • routing - Route Traefik to subfolder - Server Fault
• TOML file examples
  • Traefik as Reverse Proxy for Docker Services | by Aral Can Kaymaz | Medium
  • Setup Traefik - FM Lab
• HTTPS
  • traefik-letsencrypt-compose/docker-compose.yml at master · bubelov/traefik-letsencrypt-compose · GitHub
    • Tried could not get working
  • TLS Challenge - Traefik
    • Works
  • Traefik Proxy with HTTPS - Docker Swarm Rocks
    • Docker Swarm
• Dashboard
  • Traefik V2 Docker Compose file with LetsEncrypt and HTTPS redirect - Traefik dashboard and simple whoami service · GitHub
    • Does not work
  • How to expose Traefik 2.x dashboard securely on Docker Swarm :: Aloïs Micard — Tech Blog
    • Uses Docker Swarm
  • Traefik 2 - Advanced configuration with Docker Compose | mmorejon
    • Uses plugins
• Useful Blog Posts
  • Traefik v2 - Advanced Configuration
  • Ultimate Docker Home Server with Traefik 2, LE, and OAuth / Authelia [2020]
• Redit Posts
  • yet another Traefik show-off :D : homelab
  • Traefik v2 - Advanced Config with Examples : homelab
• Oauth
  • Google OAuth Tutorial for Docker and Traefik - Authentication for Services

Sample docker-compose with Traefik v2.0 and Lets Encrypt · GitHub

• Internal HTTPS with Let's Encrypt, Linode DNS and Traefik

SUPER HELPFUL

docker - Traefik v2 and Invalid Lets Encrypt Certificate - Stack Overflow

ACME v2 Production Environment & Wildcards - API Announcements - Let's Encrypt Community Support

ANOTHER PROBLEM SOLVED

"Gateway Timeout" with docker · Issue #1254 · traefik/traefik · GitHub

How to redirect http to https with Traefik 2.0 and Docker Compose labels? - Stack Overflow

Backlinks

• Dentropy's Ideal DevSecOps Stack
• Supported App List - DentropyCloud