gbanyan/GB-Traefik
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4 Commits 2 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Gbanyan f88169f1b2 Readme typo fix
2025-04-16 16:08:16 +08:00
.gitignore
first commit
2025-04-16 16:02:10 +08:00
docker-compose.yaml
first commit
2025-04-16 16:01:11 +08:00
dynamic.yml
first commit
2025-04-16 16:01:11 +08:00
README.md
Readme typo fix
2025-04-16 16:08:16 +08:00
traefik.yml
first commit
2025-04-16 16:01:11 +08:00

README.md

GB Traefik Setup

This repository contains the configuration files and setup instructions for deploying Traefik, a modern reverse proxy and load balancer.

Configuration files is customized for Gbanyan personal usage.

Prerequisites

  • Docker installed on your system
  • Docker Compose (if using docker-compose.yml)

Getting Started

  1. Clone this repository:

    git clone https://gitea.gbanyan.net/gbanyan/GB-Traefik.git
cd GB-Traefik

  2. Update the traefik.yml and docker-compose.yml files as needed for your environment.

  3. Start Traefik:

    docker compose up -d

  4. Access the Traefik dashboard (if enabled) at http://<your-domain-or-ip>:8080.

Configuration

  • .env: Cloudflare E-mail and API Token for SSL DNS Challenge
  • Traefik Configuration: Modify traefik.yml, dynamic.yml to customize Traefik's behavior.
  • Docker Compose: Use docker-compose.yml to define services and networks.

Detail:

My traefik is split into internal and external entrypoint.

Internal entrypoint is for private and secure service without exposing.

Each entrypoint is binded to different ip address for isolation.

Then, other docker service is attached to different entrypoint guided by label in docker compose

label: 
    - "traefik.http.routers.service-name.entrypoints=websecure"

Besides the entrypoint setup, I add cloudflare proxy (for exposing real ip to access.log for crowdsec to read), crowdsec-firewall-bouncer, compression with brotli middlrewares method in traefik.yml and dynamic.yml

Adding middlewares is also guided by labels:

label: 
    - "traefik.http.routers.service-name.middlewares=cloudflarewarp@file,crowdsec@file,compress-middleware@file"

The order of middlewares is meaningful.

Traefik has ability to apply SSL certs automatically. Just offer the required DNS API authentication (Like cloudflare).

Please refer the traefik documentation.

The following is an example of a docker service I hosted in its docker-compose.yaml:

labels:
      - "traefik.enable=true"
      - "traefik.http.routers.ghost.entrypoints=websecure"
      - "traefik.http.routers.ghost.rule=Host(`blog.gbanyan.net`)"
      - "traefik.http.services.ghost.loadbalancer.server.port=2368"
      - "traefik.http.routers.ghost.tls.certresolver=letsencrypt"
      - "traefik.http.routers.ghost.middlewares=cloudflarewarp@file,crowdsec@file,compress-middleware@file"
      - "com.centurylinklabs.watchtower.enable=true"
      - "traefik.docker.network=traefik_default"

I mount the access.log for crowdsec firewall to read.

Description
Gbanyan Personal Traefik Configuration.
Readme 1.9 MiB