diff --git a/traefik-stack/readme.md b/traefik-stack/readme.md new file mode 100644 index 0000000..3d93a3a --- /dev/null +++ b/traefik-stack/readme.md @@ -0,0 +1,89 @@ +# Traefik Reverse Proxy Setup + +A simple Docker Compose setup for Traefik reverse proxy with automatic HTTPS certificates. + +## Quick Start + +1. **Clone and configure** + ```bash + git clone https://github.com/yblis/netbird-traefik + cd netbird-traefil/traefik-setup + ``` + +2. **Edit configuration files** + - In `docker-compose.yml`: Replace `traefik.domain.com` with your domain + - In `data/traefik.toml`: Replace `admin@domain.com` with your email + - In `docker-compose.yml`: Replace `YOURHASHBASICPASSWORD` with your hashed password + +3. **Set up DNS** + - Create an A record pointing your domain to your server IP + - Example: `traefik.yourdomain.com` → `your.server.ip` + +4. **Create required files** + ```bash + mkdir -p data + touch data/acme.json + chmod 600 data/acme.json + ``` + +5. **Start Traefik** + ```bash + docker-compose up -d + ``` + +## Configuration Details + +### Domain Setup +Replace these values in the configuration files: +- `traefik.domain.com` → Your actual domain +- `admin@domain.com` → Your email for Let's Encrypt +- `YOURHASHBASICPASSWORD` → Your hashed password (see below) + +### Generate Password Hash +```bash +echo $(htpasswd -nb admin yourpassword) | sed -e s/\\$/\\$\\$/g +``` + +### Access Points +- **Traefik Dashboard**: `https://traefik.yourdomain.com` +- **HTTP**: Port 80 (redirects to HTTPS) +- **HTTPS**: Port 443 +- **Dashboard Direct**: Port 8001 (HTTP only) + +## Features + +- ✅ Automatic HTTPS with Let's Encrypt +- ✅ HTTP to HTTPS redirection +- ✅ Basic authentication for dashboard +- ✅ Docker integration +- ✅ File-based service configuration + +## File Structure + +``` +. +├── docker-compose.yml +└── data/ + ├── traefik.toml + ├── services.toml + └── acme.json +``` + +## Adding Services + +To add a new service behind Traefik, add these labels to your service in docker-compose: + +```yaml +labels: + - "traefik.http.routers.myapp.rule=Host(`myapp.yourdomain.com`)" + - "traefik.http.routers.myapp.entrypoints=https" + - "traefik.http.routers.myapp.tls.certresolver=webssl" + - "traefik.http.services.myapp.loadbalancer.server.port=80" +``` + +## Troubleshooting + +- Check logs: `docker-compose logs traefik` +- Verify DNS resolution: `nslookup traefik.yourdomain.com` +- Ensure ports 80 and 443 are open +- Check acme.json permissions: `ls -la data/acme.json` (should be 600)