traefiktraefik:latesthttps://registry.hub.docker.com/_/traefikbridgeshfalsehttps://github.com/benderstwin/docker-templates/issuesTraefik is a modern reverse-proxy. You must have a traefik.toml config located in your appdata/traefik directory. Example template with very little modification needed is available here https://raw.githubusercontent.com/benderstwin/Portainer-Templates/master/traefik.toml
Note on SSL - easiest method is to use a free account at cloudflare.
In cloudflare:
Set up DNS records.
-use CNAMES for subdomains to point to TLD
On the crypto tab in cloudflare
-request wildcard ssl cert (universal) for edge
-generate origin cert and key
-enable SSL client authentication
-turn on SSL Full (strict)
NOTE: It is possible to use Traefik with ACME (Lets Encrypt). This will require modification beyond the scope of this template (although you could modify the traefik.toml pretty easily to enable this).
TO ADD APPS TO TRAEFIK:
Traefik uses labels to assign proxy behavior
Add these labels to your other containers to enable proxy
Available Labels:
traefik.enable=true #required to proxy:Enable Traefik to expose app to the frontend and proxy
traefik.backend=ombi #required:name of the container Traefik should map to on the back end (sonarr, radarr, jackett etc...)
traefik.frontend.rule=Host:ombi.domain.com #required/optional: Sets the subdomain rule.
traefik.frontend.rule=Host:domain.com; PathPrefixStrip: /ombi #optional for using subfolders
traefik.port=3579 #required:container port to send traffic to. Source container port, not the mapping in unraid
traefik.frontend.auth.basic.usersFile=/shared/.htpasswd ## This is what sets up the front end interface to use the generated .htaccess file. Add this line to any site you want additional security on.
traefik.docker.network=bridge #required: Specify the docker network
traefik.frontend.headers.SSLRedirect=true #optional but might as well if you are using SSL
traefik.frontend.headers.STSSeconds=315360000 #optional
traefik.frontend.headers.browserXSSFilter=true #optional
traefik.frontend.headers.contentTypeNosniff=true #optional
traefik.frontend.headers.forceSTSHeader=true #may be required
traefik.frontend.headers.SSLHost=domain.com #required
traefik.frontend.headers.STSIncludeSubdomains=true #may be required
traefik.frontend.headers.STSPreload=true #optional
traefik.frontend.headers.frameDeny=true #optionalhttp://127.0.0.1:8080https://raw.githubusercontent.com/benderstwin/docker-templates/master/Bender-traefik.xmlhttps://raw.githubusercontent.com/benderstwin/docker-templates/master/images/traefik.pngI do it for the famebridge443443tcp80808080tcp/mnt/user/appdata/traefik/etc/traefikrw/mnt/user/appdata/traefik/shared/sharedrw/var/run/docker.sock/var/run/docker.sockrotruetraefikHost:traefikhome.domain.comdomain.com/mnt/user/appdata/traefik/mnt/user/appdata/traefik/shared4438080/shared/.htpasswdbridgetrue315360000truetruetruetruetruetrue/var/run/docker.sock80801543869167Traefik is a modern reverse-proxy. You must have a traefik.toml config located in your appdata/traefik directory. Example template with very little modification needed is available here https://raw.githubusercontent.com/benderstwin/Portainer-Templates/master/traefik.toml
Note on SSL - easiest method is to use a free account at cloudflare.
In cloudflare:
Set up DNS records.
-use CNAMES for subdomains to point to TLD
On the crypto tab in cloudflare
-request wildcard ssl cert (universal) for edge
-generate origin cert and key
-enable SSL client authentication
-turn on SSL Full (strict)
NOTE: It is possible to use Traefik with ACME (Lets Encrypt). This will require modification beyond the scope of this template (although you could modify the traefik.toml pretty easily to enable this).
TO ADD APPS TO TRAEFIK:
Traefik uses labels to assign proxy behavior
Add these labels to your other containers to enable proxy
Available Labels:
traefik.enable=true #required to proxy:Enable Traefik to expose app to the frontend and proxy
traefik.backend=ombi #required:name of the container Traefik should map to on the back end (sonarr, radarr, jackett etc...)
traefik.frontend.rule=Host:ombi.domain.com #required/optional: Sets the subdomain rule.
traefik.frontend.rule=Host:domain.com; PathPrefixStrip: /ombi #optional for using subfolders
traefik.port=3579 #required:container port to send traffic to. Source container port, not the mapping in unraid
traefik.frontend.auth.basic.usersFile=/shared/.htpasswd ## This is what sets up the front end interface to use the generated .htaccess file. Add this line to any site you want additional security on.
traefik.docker.network=bridge #required: Specify the docker network
traefik.frontend.headers.SSLRedirect=true #optional but might as well if you are using SSL
traefik.frontend.headers.STSSeconds=315360000 #optional
traefik.frontend.headers.browserXSSFilter=true #optional
traefik.frontend.headers.contentTypeNosniff=true #optional
traefik.frontend.headers.forceSTSHeader=true #may be required
traefik.frontend.headers.SSLHost=domain.com #required
traefik.frontend.headers.STSIncludeSubdomains=true #may be required
traefik.frontend.headers.STSPreload=true #optional
traefik.frontend.headers.frameDeny=true #optional/tmp/GitHub/AppFeed/templates/BendersRepository/Bender-traefik.xml