gbanyan/GB-Traefik
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8 Commits 2 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Gbanyan 44a8560f5a Fix Cloudflare Trusted IP settings
2025-04-21 18:59:59 +08:00
.gitignore
first commit
2025-04-16 16:02:10 +08:00
docker-compose.yaml
Traefik Dashboard Port Change
2025-04-18 12:56:51 +08:00
dynamic.yml
Fix Cloudflare Trusted IP settings
2025-04-21 18:59:59 +08:00
README.md
Fix Cloudflare Trusted IP settings
2025-04-21 18:59:59 +08:00
traefik.yml
Fix Cloudflare Trusted IP settings
2025-04-21 18:59:59 +08:00

README.md

GB Traefik Setup

This repository contains the configuration files and setup instructions for deploying Traefik, a modern reverse proxy and load balancer.

Configuration files is customized for Gbanyan personal usage.

Prerequisites

  • Docker installed on your system
  • Docker Compose (if using docker-compose.yml)

Getting Started

  1. Clone this repository:

    git clone https://gitea.gbanyan.net/gbanyan/GB-Traefik.git
cd GB-Traefik

  2. Update the traefik.yml and docker-compose.yml files as needed for your environment.

  3. Start Traefik:

    docker compose up -d

  4. Access the Traefik dashboard (if enabled) at http://<your-domain-or-ip>:8080.

Configuration

  • .env: Cloudflare E-mail and API Token for SSL DNS Challenge
  • Traefik Configuration: Modify traefik.yml, dynamic.yml to customize Traefik's behavior.
  • Docker Compose: Use docker-compose.yml to define services and networks.

Detail:

My traefik is split into internal and external entrypoint.

Internal entrypoint is for private and secure service without exposing.

Each entrypoint is binded to different ip address for isolation.

Then, other docker service is attached to different entrypoint guided by label in docker compose

label: 
    - "traefik.http.routers.service-name.entrypoints=websecure"

Besides the entrypoint setup, I add cloudflare proxy (for exposing real ip to access.log for crowdsec to read), crowdsec-firewall-bouncer, compression with brotli middlrewares method in traefik.yml and dynamic.yml

Adding middlewares is also guided by labels:

label: 
    - "traefik.http.routers.service-name.middlewares=cloudflarewarp@file,crowdsec@file,compress-middleware@file"

The order of middlewares is meaningful.

Traefik has ability to apply SSL certs automatically. Just offer the required DNS API authentication (Like cloudflare).

Please refer the traefik documentation.

The following is an example of a docker service I hosted in its docker-compose.yaml:

labels:
      - "traefik.enable=true"
      - "traefik.http.routers.ghost.entrypoints=websecure"
      - "traefik.http.routers.ghost.rule=Host(`blog.gbanyan.net`)"
      - "traefik.http.services.ghost.loadbalancer.server.port=2368"
      - "traefik.http.routers.ghost.tls.certresolver=letsencrypt"
      - "traefik.http.routers.ghost.middlewares=cloudflarewarp@file,crowdsec@file,compress-middleware@file"
      - "com.centurylinklabs.watchtower.enable=true"
      - "traefik.docker.network=traefik_default"

I mount the access.log for crowdsec firewall to read.

PS: Because I access my traefik dashboard through my local network. I commented out the authetication method for dashboard.

Discussion and Changelog

  1. Traefik vs Nginx
  • Performance: Nginx is still better at high traffic. After all it is written in C. Traefik 3 though claims it has higher 20% performance than before. The latency still showed a little higher than nginx.
  • Docker Deployment Ease: Traefik is easier for docker service deployment. In my environment, I can assign each docker stack with labels and then guides the traefik to add Let's encrypt SSL.
  1. ChangeLog:
  • 2025.4.21 Add the defaulthost rule for container name for lazy writing. But commented out for precision.
  • 2025.4.21 Fix the trused IP settings to let the traefik-plugin-cloudflare tackle it.
  • 2025.4.18 Add Souin HTTP Cache Middleware (in feature branch, not merge into main)
  • 2025.4.18 Temp disable the compression middleware. It has MIME type bugs.
Description
Gbanyan Personal Traefik Configuration.
Readme 1.9 MiB