traefik

Acme-DNS

Web A simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges. Sounds promising, right ? Let’s give try ;) https://github.com/joohoi/acme-dns Setup fireup a new OpenBSD VM let’s do it in London. ip: 100.10.20.30 patch, update, add go doas su - syspatch pkg_add -Vu pkg_add go clone repo and build acme-dns cd /root git clone https://github.com/joohoi/acme-dns cd acme-dns export GOPATH=/tmp/acme-dns go build cp acme-dns /usr/local/sbin/ Create Selfsign Cert the RESTful API need’s a Cert.

Docker - Kuma Monitoring

Intro got a hint to try a nice monitoring tool. kuma. https://github.com/louislam/uptime-kuma pre-condition you have traefik running and a wildcard certificate for a domain. see the previous posts … .env we need few variables, edit the touch section appropriately cat << 'EOF' > .env # touch HOST="kuma" DOMAIN="your.domain" PORT=3001 # don't touch SERVICE="${HOST}" EOF docker-compose.yml … and the docker compose file … cat << 'EOF' > docker-compose.yml version: '3.3' networks: traefik: external: true services: uptime-kuma: image: louislam/uptime-kuma:1 container_name: uptime-kuma restart: always volumes: - .

Docker - Traefik - HugoBlog

Intro as i’m playing with traefik & docker, why not duplicate this blog in container ? for fun and profit ? let’s give at try … pre-condition you have traefik running and a wildcard certificate for a domain. see the previous posts … docker compose cat << 'EOF' > docker-compose.yml version: '3' services: hugo: image: jakejarvis/hugo-extended:latest ports: - 1313:1313 volumes: - ./src:/src command: server --buildDrafts --buildFuture --bind 0.0.0.0 restart: always networks: - traefik labels: - "traefik.

Docker - Traefik - Wildcard Cert

Intro TLS is must, but do you wanna generate a own Certificate for each Service you Provide ? Specially, when you have a *.domain.tld Record set ? Trafik is able to handle that for you. Let’s Encrypt offers the possibility to use DNS Validation for Wildcard Domains. Here is a list of Providers that can automate DNS Verfication. Helpful URL https://doc.traefik.io/traefik/user-guides/docker-compose/acme-dns/ https://www.digitalocean.com/community/tutorials/how-to-use-traefik-v2-as-a-reverse-proxy-for-docker-containers-on-ubuntu-20-04 https://www.carluccio.de/reverse-proxy-traefik-mit-wildcard-zertifikaten/ https://linuxblog.xyz/posts/traefik-2-docker-compose/ https://medium.com/@KagundaJM/proxy-buffalo-app-with-traefik-and-lets-encrypt-on-digitalocean-505060edef4c Fully Example with Docker Compose, Traefik, Digital Ocean Prepare Env cd /where/ever/you/want mkdir data touch data/acme.

Docker - Traefik - Redirect

Simple (simple ???) Redirect for all Requests to another Page. At least, it works … docker-compose.yml whoami5: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.redirect-regex.redirectregex.permanent=false" - "traefik.http.middlewares.redirect-regex.redirectregex.regex=(.)*" - "traefik.http.middlewares.redirect-regex.redirectregex.replacement=https://blog.stoege.net" - "traefik.http.routers.whoami5.middlewares=redirect-regex" - "traefik.http.routers.whoami5.rule=Host(`redirect.your.domain.de`)" - "traefik.http.routers.whoami5.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami5.tls=true" sha256: f98bc4f9d6b271b301836a764b2e27e64eb9f6c774b5d7ce1887ed421ffbef75

Docker - Traefik - IPWhitelist

Whitelist IP Range docker-compose.yml whoami: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, x.x.x.x/y" - "traefik.http.routers.whoami.middlewares=test-ipwhitelist@docker" - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)" - "traefik.http.routers.whoami.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami.tls=true" -> only “localhost” and SRC IP x.x.x.x/y can access this URL. Rest will be blocked. -> Disadvantage. Container needs to be restartet if the Source Range gets modified! we can do this better :) Move to File you may want to put your “IP Ranges” to a dedicated File and import it where needed.

Docker - Traefik - Stripprefix

Strip Prefix Let’s assume you have a URL “https://whoami.your.domain.de/removeme" and you wanna get rid of the “removeme” before passing the Request to the Webserver. Stripprefix is your friend … docker-compose.yml whoami: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/wegdamit,/removeme" - "traefik.http.routers.whoami.middlewares=test-stripprefix@docker" - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)" - "traefik.http.routers.whoami.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami.tls=true" sha256: 0620c0c2d7ae033f2536f6797a048772e52a09119367f4864f8bb2a754d2ea57

Docker - Traefik - Ratelimiting

docker-compose.yml let’s limit the Requests to 10 Req / 10 Seconds. whoami: image: containous/whoami labels: - "traefik.enable=true" - "traefik.http.middlewares.test-ratelimit.ratelimit.average=10" - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=0" - "traefik.http.middlewares.test-ratelimit.ratelimit.period=10s" - "traefik.http.routers.whoami.middlewares=test-ratelimit@docker" - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)" - "traefik.http.routers.whoami.tls.certresolver=letsencrypt" - "traefik.http.routers.whoami.tls=true" restart container docker compose -f docker-compose.yml up -d Test Limiting with Curl user@docker:~$ while true; do echo $(date); curl -s https://whoami.your.domain.de |grep "Too" ; sleep 0.1; done Wed Oct 12 18:43:57 CEST 2022 Too Many Requests Wed Oct 12 18:43:58 CEST 2022 Too Many Requests Wed Oct 12 18:43:58 CEST 2022 Too Many Requests Test Limit with hey, 10 Concurrent 100 Requests, 10 Concurrent, Wait 1 Second between Poll