Netbird/traefik-stack/readme.md

# Traefik Reverse Proxy Setup

A simple Docker Compose setup for Traefik reverse proxy with automatic HTTPS certificates.

## Quick Start

1. **Clone and configure**
   ```bash
   git clone https://github.com/yblis/netbird-traefik
   cd netbird-traefil/traefik-setup
   ```

2. **Edit configuration files**
   - In `docker-compose.yml`: Replace `traefik.domain.com` with your domain
   - In `data/traefik.toml`: Replace `admin@domain.com` with your email
   - In `docker-compose.yml`: Replace `YOURHASHBASICPASSWORD` with your hashed password

3. **Set up DNS**
   - Create an A record pointing your domain to your server IP
   - Example: `traefik.yourdomain.com` → `your.server.ip`

4. **Create required files**
   ```bash
   mkdir -p data
   touch data/acme.json
   chmod 600 data/acme.json
   ```

5. **Start Traefik**
   ```bash
   docker-compose up -d
   ```

## Configuration Details

### Domain Setup
Replace these values in the configuration files:
- `traefik.domain.com` → Your actual domain
- `admin@domain.com` → Your email for Let's Encrypt
- `YOURHASHBASICPASSWORD` → Your hashed password (see below)

### Generate Password Hash
```bash
echo $(htpasswd -nb admin yourpassword) | sed -e s/\\$/\\$\\$/g
```

### Access Points
- **Traefik Dashboard**: `https://traefik.yourdomain.com`
- **HTTP**: Port 80 (redirects to HTTPS)
- **HTTPS**: Port 443
- **Dashboard Direct**: Port 8001 (HTTP only)

## Features

- ✅ Automatic HTTPS with Let's Encrypt
- ✅ HTTP to HTTPS redirection
- ✅ Basic authentication for dashboard
- ✅ Docker integration
- ✅ File-based service configuration

## File Structure

```
.
├── docker-compose.yml
└── data/
    ├── traefik.toml
    ├── services.toml
    └── acme.json
```

## Adding Services

To add a new service behind Traefik, add these labels to your service in docker-compose:

```yaml
labels:
  - "traefik.http.routers.myapp.rule=Host(`myapp.yourdomain.com`)"
  - "traefik.http.routers.myapp.entrypoints=https"
  - "traefik.http.routers.myapp.tls.certresolver=webssl"
  - "traefik.http.services.myapp.loadbalancer.server.port=80"
```

## Troubleshooting

- Check logs: `docker-compose logs traefik`
- Verify DNS resolution: `nslookup traefik.yourdomain.com`
- Ensure ports 80 and 443 are open
- Check acme.json permissions: `ls -la data/acme.json` (should be 600)
Create readme.md 2025-09-07 13:43:46 +00:00			`# Traefik Reverse Proxy Setup`

			`A simple Docker Compose setup for Traefik reverse proxy with automatic HTTPS certificates.`

			`## Quick Start`

			`1. Clone and configure`
			```bash
			`git clone https://github.com/yblis/netbird-traefik`
			`cd netbird-traefil/traefik-setup`
			```

			`2. Edit configuration files`
			- In `docker-compose.yml`: Replace `traefik.domain.com` with your domain
			- In `data/traefik.toml`: Replace `admin@domain.com` with your email
			- In `docker-compose.yml`: Replace `YOURHASHBASICPASSWORD` with your hashed password

			`3. Set up DNS`
			`- Create an A record pointing your domain to your server IP`
			- Example: `traefik.yourdomain.com` → `your.server.ip`

			`4. Create required files`
			```bash
			`mkdir -p data`
			`touch data/acme.json`
			`chmod 600 data/acme.json`
			```

			`5. Start Traefik`
			```bash
			`docker-compose up -d`
			```

			`## Configuration Details`

			`### Domain Setup`
			`Replace these values in the configuration files:`
			- `traefik.domain.com` → Your actual domain
			- `admin@domain.com` → Your email for Let's Encrypt
			- `YOURHASHBASICPASSWORD` → Your hashed password (see below)

			`### Generate Password Hash`
			```bash
			`echo $(htpasswd -nb admin yourpassword) \| sed -e s/\\$/\\$\\$/g`
			```

			`### Access Points`
			- Traefik Dashboard: `https://traefik.yourdomain.com`
			`- HTTP: Port 80 (redirects to HTTPS)`
			`- HTTPS: Port 443`
			`- Dashboard Direct: Port 8001 (HTTP only)`

			`## Features`

			`- ✅ Automatic HTTPS with Let's Encrypt`
			`- ✅ HTTP to HTTPS redirection`
			`- ✅ Basic authentication for dashboard`
			`- ✅ Docker integration`
			`- ✅ File-based service configuration`

			`## File Structure`

			```
			`.`
			`├── docker-compose.yml`
			`└── data/`
			`├── traefik.toml`
			`├── services.toml`
			`└── acme.json`
			```

			`## Adding Services`

			`To add a new service behind Traefik, add these labels to your service in docker-compose:`

			```yaml
			`labels:`
			- "traefik.http.routers.myapp.rule=Host(`myapp.yourdomain.com`)"
			`- "traefik.http.routers.myapp.entrypoints=https"`
			`- "traefik.http.routers.myapp.tls.certresolver=webssl"`
			`- "traefik.http.services.myapp.loadbalancer.server.port=80"`
			```

			`## Troubleshooting`

			- Check logs: `docker-compose logs traefik`
			- Verify DNS resolution: `nslookup traefik.yourdomain.com`
			`- Ensure ports 80 and 443 are open`
			- Check acme.json permissions: `ls -la data/acme.json` (should be 600)