Hi
I got the cloud and box working with a RaspberryPI in the local network. But this has downsides:
- The PI is slow (and in my case unreliable, i guess it goes to sleep)
- The cloud is not accessible from other networks
So i want to make it work behind traefik.
My setup
NAS
Local DNS
There is
- a zone for my domain to the NAS
- an A record which points to the traefik server’s IP
- a CNAME for the teddycloud which points to the traefik’s domain
Dyn DNS
For outside access there is a dynDNS pointing my domain at my public IP. IPv6 is deactivated. No other records.
Docker
I run every service as a docker container or stack on the NAS. I use portainer for conveniance but that should not interfere with anything else.
Macvlan
I setup a Macvlan network so the traefik server gets it’s own IP in the network. (see section router)
Traefik
Traefik is configured to NOT redirect http to https. It uses docker as configuration source and lives in the same proxy network as the teddycloud.
Teddy Cloud
- Default but
- the custom domain
- increased log level to 4
- increased settings level to 2
Webinterface HTTP onlyis ticked (after flashing)
Here are the traefik labels. They might be intresting for others too since they work as intended (see results)
labels:
- traefik.enable=true
- traefik.http.routers.teddycloud-1-http.entrypoints=web
- traefik.http.routers.teddycloud-1-http.rule=Host(`teddycloud.mydomain.xyz`)
- traefik.tcp.routers.teddycloud-1-tcp.entrypoints=websecure
- traefik.tcp.routers.teddycloud-1-tcp.rule=HostSNI(`teddycloud.mydomain.xyz`)
- traefik.tcp.routers.teddycloud-1-tcp.tls.passthrough=true
- traefik.tcp.routers.teddycloud-1-tcp.service=teddycloud-1-https-service
- traefik.tcp.services.teddycloud-1-https-service.loadbalancer.server.port=443
Router
- Ports 80 and 443 are forwarded to traefik
- the NAS IP is set as local DNS
Results so far
Everything seems to work as intended but the box cannot connect even after waiting a day baucause of DNS reasons.
More results:
- Teddycloud is accessible in http and https (with unsafe certificate warning) from the local network and the internet
- In treafik’s log every request is logged. http(s) connections by a browser can be observed. There were no requests by the box. Not even when refreshing (3s on one ear)
- The box seems to ignore the local DNS, which does not matter
- The https connection shows the teddycloud cert
More results:
- The box does not support SNI therefore I tested an http router, which I can’t get to work
http:
routers:
tc-1-https:
entrypoints: websecure
rule: Host(`tc.domain.me`)
service: tc-1-https-service
services:
tc-1-https-service:
loadbalancer:
passhostheader: true
servers:
- url: https://172.21.0.3:443 # docker container url
serverstransport: mytransport
serversTransports:
mytransport:
serverName: tc-1-https-service
insecureSkipVerify: true
certificates:
- certFile: /etc/traefik/certs/tc/tc-cert.pem
keyFile: /etc/traefik/certs/tc/tc-key.pem
rootCAs:
- /etc/traefik/certs/tc/ca-root.pem
Help wanted
Has anyone got it working with traefik?
Any help or hints to what I am missing are highly appreciated.
Thanks for reading!