Thank you for taking the effort in making this tutorial. Not many tech people could have both technical proficiency and the ability to explain things, making it tremendously easy to understand.
This was fantastic. I tried to setup traefik a few months ago but didn't ever get it to work. It works now and I switched all my containers to it. Thank you!
This is the best video on Traefik. I have Traefik running on Tailscale with nextDNS as my DNS. Loving the fact that i can deply Traefik in mins with all my configs.
I was having trouble, routing was not working... Then I saw somewhere people saying cookies should be cleared. I did it and it started working! Thanks Christian for the great video!
I was using NPM as my reverse proxy when I started my homelab journey over two years ago. I switched to Traefik because it challenged me to understand how it works. Now I have all my services running on it with Pihole as internal DNS and Cloudflare for external. I appreciate you updating your Traefik tutorial 🤝
Fantastic work! Your "old" Traefik video got me up and running with Traefik in Docker, and I love it! Can't wait for your video on Traefik in k8s, since I'm transitioning to k8s in my homelab these days.
Fantastic video, Christian. Something I've discovered over time is that I can reduce the verbosity of my config by providing some sane defaults in my provider config to do things like specifying the docker network to use, as well as the ability to use custom rules when all of my services are deployed to a domain with a wildcard record like you outlined. I took the opportunity to write these up on my blog, and if it's okay, I can share it in the comments here for you and others to take advantage of.
Great video! Lempa to Implementation (Lempamentation) is what I always say. No need to set the speed of the video to 1.5... CL changed his configuration to speak in 1.5 speed :)
Thanks for a great video. I have been using Traefik 2.9 untill now, and have for some time now, wanted to move to latest version. I haven't had the time to look into it. This video, made me switch from 2.9 to 3.1 in about on hour. Thanks again.
Thank you so much for creating such a detailed and informative video! I very much appreciate the attention to detail and your teaching style. Subscribed!
Thank you Christian! Your videos are always really great. Have you looked into using a single-node docker swarm to make use of the secrets and other swarm features?
Thank you! I'm planning to add these config steps into other videos where it's needed. For example, if we discuss authentik using middlewares and outposts, stay tuned for this topic coming out next year :)
Thank you for this! Very clear and explained well. I would love if you could make a video about adding plugins to traefik. Especially configuring Crowdsec. Thank you!
Thank you for this awesome and easy tutorial. I have just learned from this video after searching more on youtube and google. I am able to setup multiple domain in the same vps using docker. It would be better if you make a load balancer video with docker and traefik
You sir are a legend! Thank you for this brilliant tutorial. I finally learnt what Traefik is and most importantly, got it up and running.. do you have a video on how to setup Authelia with Traefik? that's next for me :)
Thank you so much!! :) No, there's no Authelia video planned, but I've done a video about authentik, in future videos, I will expand the Traefik + Authentik setup.
This is fantastic! I finally understood Traefik 😅. I do have a question, though: In the video, you showed how to configure the Nginx server which is using port 80 for its web interface. How would we set it up for applications that use other ports for their web interface? Thank you for your hard work!
As always, a very interesting video. Now, I would like you to use configurations that are valid in production even if it is for a HomeLab. For example, the UI exposure of port 8080 should be protected. How would this be done? Another question you have not addressed is the number of Traefik you have. Do you install one on each server? If so, how do you route to the Dockers that are on other machines? (and that are obviously not on the same network). Or how do you route to non-Docker applications? I hope you can explain this in the comments or in a new video. Thanks for everything you post.
Protecting the UI is a topic for another video. :) Regarding the other questions, I deploy Traefik on each server and I don't route any external services, yet.
Hey hey! Just come across your video and its very helpful! Looking forward to see your past videos and what you're bringing next! Just a question though: at 23:17 and 35:01 , where the nginx compose file shows, shouldn't the port be declared? I tried exposing my containers without setting the port but I always get an error in traefik the ports aren't exposed. Why is that?
Traefik will recognize the port by itself. However, sometimes containers use multiple ports for different things, and in this case, you have to define which port the Traefik router should use. You can do this by changing the service object, here is a quick example: github.com/ChristianLempa/boilerplates/blob/main/docker-compose/portainer/compose.yaml
@ thank you for coming back! Yeah, I got that later. Not sure why this is the case for Kopia, the Dockerfile I found for it doesn’t seem to have the EXPOSE directive. Maybe that’s the case. Anyway, it’s fixed! Thank you
@@miguelRibeiroAP that makes sense, I think it detects it by the expose settings in the container which are usually defined in the Dockerfile. Glad you found it! :)
excellent as always Christian. Question: What if I have multiple servers running docker containers? Do I run a traefik server per server or do I have one and the containers are managed across the network from a single server? Thanks
Thank you so much! :) I run traefik on each server, since I don't have a better way to transfer the requests from one server to another. Maybe a Docker Swarm setup would be better in this scenario, but that's a topic I might have to look into at some point.
What a journey, but thanks to your video I was able to configure traefik, portainer and pihole... so far, so good with my new adventure setting up my home lab. Thanks!
I wanted to try Traefik again but while I can get the container to run (first fixed the port 80 issue, then traefik.yaml being a directory, user errors) but when I run it I don't see any messages like in the video, no web UI and when I look at portainer there is nothing in the logs. I restarted and I did get something in the log: command traefik error: yaml: line 2: mapping values are not allowed in this context
3 місяці тому
Danke für das Video. Habe es nun verstanden denk ich.
Useful, concise. Especially with the boilerplates. Would it be possible you do a video about wildcard certs in traefik with cloudflare? You already saved me so much research time with this, and I am really grateful!
Very nice! You have a video some months ago showing how to use selfhosted netbird with quick start guide but it would be very interesting putting it behind Traefik and use Authentik instead of Zitadel. Maybe a video on that?
as of ~2 months ago mine was able to renew them automatically without any extra config. i think letsencrypt also sent an email warning me that they were near expiry so i could keep an eye on it.
@ Well I host everything myself. On my own Proxmox server. Within a VM, using Nginx, etc., etc. Soon I will scale it up, an a Ceph cluster. I already have a OPNsense firewall in between. And I'm busy developing my own DDoS protection layer written in Go.
I’ve been using nginx proxy manager for years, but Traefik is very tempting. I just wish it had a nice GUI to make changes instead of editing a bunch of config files.
Do you have time to update your DNS Bind9 video? Its a bit old. When it runs there are tons of errors around rndc and keys and config to manage the platform as well as maybe include some zone transfer and other basic settings that would be required to make sure DNS is available? Thank you for the great content.
how does this compare with NGINX Proxy Manager? Im running that in HomeAssistant at the moment but was thinking to move to my docker host. Im already familiar with it, but wasnt sure if this is able to do more or do it better?
One thing that's probably worth at least considering is that if you use CLI arguments for the static config in the Docker Compose, this lets you pull from environment variables (or a .env file), Docker secrets, etc., and I am not sure using the traefik.yml can do this. But I am not that far yet, I am in the planning phase. Hell, you might say I'm in the pre-planning phase, as I've had Proxmox installed on a MS-01 for 5-6 months and still haven't decided what distribution I want to use for my Docker host :D
@christian Lempa , Do you know if the host VM where you are running docker needs to be joined to the a local AD server? I followed your steps , however I cant access my test app via FQDN:port
Why do we need a backend in your boilerplate setup if the frontend already handles the requests directly? And why do you include a backend in the setup without explaining its purpose?
Traefik and Caddy are both excellent and have pros and cons for different situations. Check out Zaroxy as well which is a new kid on the block that I think will be a good option for a lot of home-labbers
I'm actually just starting out and was stuck one part, i run the lxc proxmox container and the .env file that doesn't seem to work does it for just yml configuration? So how do you feed the token properly?
Yet another fantastic video that turns something complicated into something easy to understand. Just one question that you didn't cover and that is how do you add a docker host on another machine? I have the docker host that I have installed Traefik on and another that I have docker-proxy on. How would I add that to providers as everything I try prevents Traefik from starting.
Just as an update. I have been unable to find a way directly in traefik but used a docker container called traefik-kop, which solved the issue, and I now have two docker machines using one traefik instance
Hi! this work wonderfully but i want to use traefik (on my OMV VM) on another docker container on my proxmox server, what would be the best way to achieve that? a docker swarm?
There are multiple ways to do this, you could deploy multiple instances of traefik, use external host configs in traefik, or docker swarm would also be a good idea. It depends a bit on your setup and what you want to achieve, why not join our community on discord and raise it as a question.
Do you know if there is any way to use wireguard as a VPN tunnel for something like home-assistant with wireguard running in proxmox, and home-assistant on its own PC/RPI Where only approved devices can access the HA-server from outside the network trough wireguard.
I'm planning on deploying Traefik on Proxmox, how would you handle traefik labels for between LXC containers, since people say LXC can separate services and also some services like Jellyfin requires a LXC for iGPU
I'm not using LXC, so unfortunately I can't be sure, but I don't think LXC has labels. It's really just for Docker (which is the reason why I don't use LXC)
@@christianlempa oh thank you helping. I guess only way to take advantage of traefik label make it more convenient is using a single VM for Docker related services and put Traefik there.
Wow wollte dir gerade schreiben Christian weil du mal ein Video über Kubernetes gemachthattest für TrueNas Scale. Da diese nun bei Docker sind kann ich das Video als passende Anleitung nehmen oder fehlt etwasspezifisches?
Kein edit unter iOS hm. Mir gings dabei nebst reverse proxy auch etwas um den Vergleich mit dem cloudflare DNS Tunnel Proxy Teil. Wollte nur Nextcloud Publisher und überlege nun ob Proxy oder einfach den Tunnel zu nehmen. Oder macht eine Kombination Sinn?
Damit dürfte es nun soweit klar sein =). Muss nur schauen ob ich ein docker Manager nehme oder truenas intern irgendwas gebastelt hat. Acme läuft ja schon in truenas aber ja so würde es mir schon besser gefallen mit configs.
Great video @Christian Lempa! Thanks for the refreshed content! This was helpful! I've been banging my head against the keyboard for the last week or so getting Wazuh to be accessible to my domain behind Traefik. Does anyone have any insight? Thanks!
I just can't get it to run, i keep getting error=command traefik error: read /etc/traefik/traefik.yaml: is a directory no clue where to look, i took over the same information in the guide except the ports.
@@christianlempa After hours of faffing about i gave up. Tried nginx proxy manager which is running now... however it doesn't like some things which i haven't figured out either. This is all a big mystery to me. Running into issues like 'to many redirects' on my nextcloud server. When changing the forwarding back to 80/443 on that IP it just works again. Through wireguard vpn it works fine also.
thank you :) I avoid using nginx proxy manager, because I don't believe it's a good project. I've made one video at some point explaining it: ua-cam.com/video/uaixCKTaqY0/v-deo.htmlsi=KSSPWqEn_WpX3bQw
@christianlempa oh wow I guess I missed this video. I never realized NPM had that many issues and the dev team was so small. I just checked and they currently have 718 open bugs. Thanks again for another insightful video!
Thank you soo much for this video, it really helped. Query, do you play that white piano on the back ground. If yes we need to see a video of you doing so please. Putting in a special request
Thank you so much! :D Maybe I'm gonna record something in the coming weeks and put it on social media or maybe a second private channel... but I can't promise, long time I didn't play
hello is there any way to expose my home server to the world. assuming that my Internet provider blocks changing ports in the router, the IP address is not public and dynamic and I cannot connect an external router. and buying a domain costs a bit
I have definitely in the party of not using the version of Traefik automatically installed by K3S but now I am wondering why! Have you explored using installed version. It is installed using a Helm Custom Resource and dropping a file in `/var/lib/rancher/k3s/server/manifests` that contains a couple of HelmChart resources. You should be able to update that file and have it automatically updated with your changes. What is the real benefit of removing all of the resources installed automatically by Helm and then reinstalling a custom version? It has to be more than just changing namespace.
Thank you! Currently, I'm using for each server a separate Traefik instance, but maybe I'm going to rethink that setup next year with using Docker Swarm... we'll see ;)
So If I am running game servers that use UDP and or TCP ports. I should use routes for traefik to prevent breaking connectivity once traefik is online ?
Hi! I haven't watched the video, yet, but skipped over the timeline/chapters. Are you talking about redirecting requests from one traefik to another to a service, too, or would you like to make a tutorial for that? For example, I, currently, am running a immich in my homelab. However, I'd like to expose /share/* to the outside. Since you usually do not have a stable IP address, I thought of going through a VPS of mine which. So, any request to /share/* coming from the outside will be directed at my VPS and from there, traefik should route it via my VPN connection to my local traefik which will forward it to immich itself. I have never really gotten it to work with traefik. Can you do a tutorial like that? Do you have any other ideas (except for Cloudflare tunnels) regarding that? Any clues on what might have gone wrong? :D
@christianlempa that'd be so cool! It might be a 'niche' case, but I think a lot of people could benefit from something like this as it secures services and your home network down, and you can use static IPs (if you don't have one)!
I still can't wrap my head around any reverse proxy besides NPM. Or maybe it's me, my use case is a bit odd (1:1 subdomains for every container I want to reverse proxy)
Thanks for video Christian !! Please can you make a video to handle /static/, /media/ files for custom website (like a website on django) with nginx proxy manager, thanks !!
I really need to manage TLS for local webapp, I can´t understand why the majority of reverse proxy doesn't support that. I just found Caddy useful for that kind of scenario, but I prefer something with a nice UI. :(
@newaira333 i know it but he doesn't handle local TLS. I don't expose service on internet so I don't want to have a internet domain just for having cert from let's encrypt. Caddy handle this very well but I don't like the way to use it.
@@mattiavadala7870 You can self-host your certificate authority / manager with "Smallstep". And for the domain name, self-host your DNS. If this information can help you
Traefik is great when it works but tbh.. i've had to tinker so much to get it to work with my sonarr and radarr containers.. Not to mention i still havent gotten my own react applications to work behind traefik.
Can somebody please explain to me why we need web applications now to do what a few lines of config file of the major webservers have been doing for decades? What timeline is this? This is just more stuff to maintain on top of all the stuff thats going on...WHY? Just expose a port, point reverse proxy to port, be done. Load balancing is also not a new concept. Am I getting old here? Am I being naive? Honestly idk why we need all of this... Is this simply a new webserver/balancer/proxy contender with a GUI and tons of buzz words?
Most webservers won't have the smarts to go out and get the SSL certificate using DNS challenge, nor intelligently parse the backend docker or kubernetes. This is a smart layer 7 protocol router/reverse proxy that is separate from whatever web server or application you want to use. You could use this to frontend the web gui of IoT applications where you may not have control of the web server. Nginx web proxy can do similar, or Caddy, or HAProxy. Think of this as a single proxy for a farm of servers or applications. Doing it in webserver typically does it for that single server and you would have to configure it for every server you had in play. This can be in front of apache and nginx at the same time if both happen to be in separate containers or separate servers/nodes.
I can't say anything about getting old 😆, but just a few ideas why this is useful. Imagine you don't have to worry about managing config lines on your web server / proxy, or use additional services to manage TLS certificates. You can all do it with just 4 lines in your docker-compose files, which you use for application deployment. Also, when it comes to Kubernetes, it has so many advantages.
Haven't seen it yet, but i always have some issues with traefik 😂. There for i even started to use/learn iptable rules, virtual network interfaces, certbot and ufw. At the end its the same as Treafik
Well, that's not true. What you use is a firewall solution working on the TCP/IP layer, but Traefik is a reverse proxy, meaning it hooks into the HTTP requests, can do some modifications to the requests and forward it.
@@christianlempa Thanks! I love how you just manage the containers using compose, command line and VS Code connected through SSH. Do you still use Portainer or something like that?
Thank you for taking the effort in making this tutorial. Not many tech people could have both technical proficiency and the ability to explain things, making it tremendously easy to understand.
Thank you so much for the kind words and the wonderful feedback! 🤗
Probably this is best video on Traefik.
Thank you so much! :)
This was fantastic. I tried to setup traefik a few months ago but didn't ever get it to work. It works now and I switched all my containers to it. Thank you!
Awesome! Glad it helped you :)
this video about trafik is much better than the first one you made
Thank you so much! Appreciate it :)
Love your video, I was having a hard time understanding traefik via their docs, and now everything makes sense thanks to you.
Oh I'm glad you say this! Thank you :)
This is the best video on Traefik. I have Traefik running on Tailscale with nextDNS as my DNS. Loving the fact that i can deply Traefik in mins with all my configs.
THank you so much! :)
I was having trouble, routing was not working... Then I saw somewhere people saying cookies should be cleared. I did it and it started working!
Thanks Christian for the great video!
Awesome, glad you sorted it out ;) And thanks!
This solves my problem with reverse proxying to a bunch of services defined in a different docker compose. Thank you so much!
Great to hear!
I was using NPM as my reverse proxy when I started my homelab journey over two years ago. I switched to Traefik because it challenged me to understand how it works. Now I have all my services running on it with Pihole as internal DNS and Cloudflare for external. I appreciate you updating your Traefik tutorial 🤝
Can you explain a little more about PiHole and Cloudflare? Can you give an example of a service and how you define it in each of them? Thanks.
Awesome! Yeah, NPM is honestly not a great project imo, it's a good idea to migrate :)
@@christianlempaWhat makes it a subpar option?
Fantastic work! Your "old" Traefik video got me up and running with Traefik in Docker, and I love it! Can't wait for your video on Traefik in k8s, since I'm transitioning to k8s in my homelab these days.
Awesome! :D
Fantastic video, Christian. Something I've discovered over time is that I can reduce the verbosity of my config by providing some sane defaults in my provider config to do things like specifying the docker network to use, as well as the ability to use custom rules when all of my services are deployed to a domain with a wildcard record like you outlined. I took the opportunity to write these up on my blog, and if it's okay, I can share it in the comments here for you and others to take advantage of.
I would be interested in this write up
@@joshs2022 Me too ;-)
Thanks for the kind words, feel free to share it ;)
I'd be interested as well
Thank you Christian, very helpful as always!
Thank you :)
Perfect video about traefik. Very clear and easy to follow. Thank you.
Thank you so much 😊
Great video! Lempa to Implementation (Lempamentation) is what I always say. No need to set the speed of the video to 1.5... CL changed his configuration to speak in 1.5 speed :)
Haha thank you so much! Appreciate it :D
Great video and it was a pleasure to see updated traefik tutotial. Hope to see more advance tutorial about middlewares etc 😊
Great suggestions! I'll include a basic tutorial about middlewares in my video about authentik + traefik
Thanks for a great video. I have been using Traefik 2.9 untill now, and have for some time now, wanted to move to latest version. I haven't had the time to look into it. This video, made me switch from 2.9 to 3.1 in about on hour. Thanks again.
Awesome! Glad it was helpful :)
Thank you so much for creating such a detailed and informative video! I very much appreciate the attention to detail and your teaching style. Subscribed!
You are so welcome!
Perfect timing. Thank you.
You're welcome!
Best Traefik Video ever
Thank you so much :)
I always enjoy watching your amazing tutorials. Thanks for sharing.
You are so welcome!
Thank you very much for this easy-to-understand video. Really great content that makes me want more.
Thank you so much 😊 hope you’ll find something cool on my channel
Holy smokes! It works! Thank you so much for this great tutorial.
Thank you! :)
Thank you very much for this fantastic walkthrough.
Glad you enjoyed it!
Amazing Christian!
Thanks! :)
Crystal clear 🤘🏻❤
Thanks :)
👏- thank you for a awesome tutorial!
Glad it was helpful!
thank you i love the way you explain everything in details
Thank you so much!
Thank you Christian!
Your videos are always really great.
Have you looked into using a single-node docker swarm to make use of the secrets and other swarm features?
Thank you! :) Not yet, but it's on my list
amazing video and way to explain !
Glad you liked it!
I'm for that SWAG life. It's so simple and comes integrated with Crowdsec and Fail2Ban
Great video! Would love a follow-up that goes through more advanced configuration (such as using Cloudflare origin certs) and label usage.
Thank you! I'm planning to add these config steps into other videos where it's needed. For example, if we discuss authentik using middlewares and outposts, stay tuned for this topic coming out next year :)
@ awesome, keep up the great work!!
Thank you for this! Very clear and explained well.
I would love if you could make a video about adding plugins to traefik. Especially configuring Crowdsec. Thank you!
Thanks! I think that's a great idea, however I have so many other projects, maybe somewhere in Q3-4 this year.
Amazing tutorial, easy to follow. Thank you for sharing.
Super Tutorial, vielen lieben Dank!
Vielen Dank! :)
Thank you for this awesome and easy tutorial. I have just learned from this video after searching more on youtube and google. I am able to setup multiple domain in the same vps using docker. It would be better if you make a load balancer video with docker and traefik
Glad it was helpful! What would you like to see in a future video?
@christianlempa thank you for the reply. I would love to learn about setting up the load balancer for multiple vps using traefik and docker.
You sir are a legend! Thank you for this brilliant tutorial. I finally learnt what Traefik is and most importantly, got it up and running.. do you have a video on how to setup Authelia with Traefik? that's next for me :)
Thank you so much!! :) No, there's no Authelia video planned, but I've done a video about authentik, in future videos, I will expand the Traefik + Authentik setup.
@christianlempa that would be wonderful... Thanks for your reply, and will wait for the video
Thanks Christian!
Thank you! :)
This is fantastic! I finally understood Traefik 😅.
I do have a question, though: In the video, you showed how to configure the Nginx server which is using port 80 for its web interface. How would we set it up for applications that use other ports for their web interface?
Thank you for your hard work!
Awesome! You have to modify the labels for the service objects, e.g. traefik.http.services.service.loadbalancer.server.port=3000
Great and clear video on traefik !! Thnx
Glad it was helpful!
As always, a very interesting video.
Now, I would like you to use configurations that are valid in production even if it is for a HomeLab. For example, the UI exposure of port 8080 should be protected. How would this be done?
Another question you have not addressed is the number of Traefik you have. Do you install one on each server? If so, how do you route to the Dockers that are on other machines? (and that are obviously not on the same network).
Or how do you route to non-Docker applications?
I hope you can explain this in the comments or in a new video.
Thanks for everything you post.
Protecting the UI is a topic for another video. :) Regarding the other questions, I deploy Traefik on each server and I don't route any external services, yet.
Hey hey! Just come across your video and its very helpful! Looking forward to see your past videos and what you're bringing next!
Just a question though: at 23:17 and 35:01 , where the nginx compose file shows, shouldn't the port be declared? I tried exposing my containers without setting the port but I always get an error in traefik the ports aren't exposed. Why is that?
Traefik will recognize the port by itself. However, sometimes containers use multiple ports for different things, and in this case, you have to define which port the Traefik router should use.
You can do this by changing the service object, here is a quick example:
github.com/ChristianLempa/boilerplates/blob/main/docker-compose/portainer/compose.yaml
@ thank you for coming back! Yeah, I got that later. Not sure why this is the case for Kopia, the Dockerfile I found for it doesn’t seem to have the EXPOSE directive. Maybe that’s the case.
Anyway, it’s fixed! Thank you
@@miguelRibeiroAP that makes sense, I think it detects it by the expose settings in the container which are usually defined in the Dockerfile. Glad you found it! :)
just awesome tutorial
Thank you! Cheers!
excellent as always Christian. Question: What if I have multiple servers running docker containers? Do I run a traefik server per server or do I have one and the containers are managed across the network from a single server?
Thanks
Thank you so much! :) I run traefik on each server, since I don't have a better way to transfer the requests from one server to another. Maybe a Docker Swarm setup would be better in this scenario, but that's a topic I might have to look into at some point.
This is incredible
Thx ;)
great tutorial.
Glad you liked it!
What a journey, but thanks to your video I was able to configure traefik, portainer and pihole... so far, so good with my new adventure setting up my home lab. Thanks!
Glad it helped! :)
love your videos, thanks very helpfull!
Glad you like them!
I wanted to try Traefik again but while I can get the container to run (first fixed the port 80 issue, then traefik.yaml being a directory, user errors) but when I run it I don't see any messages like in the video, no web UI and when I look at portainer there is nothing in the logs. I restarted and I did get something in the log: command traefik error: yaml: line 2: mapping values are not allowed in this context
Danke für das Video. Habe es nun verstanden denk ich.
Das freut mich! 😊👏
Useful, concise. Especially with the boilerplates. Would it be possible you do a video about wildcard certs in traefik with cloudflare?
You already saved me so much research time with this, and I am really grateful!
Very nice! You have a video some months ago showing how to use selfhosted netbird with quick start guide but it would be very interesting putting it behind Traefik and use Authentik instead of Zitadel. Maybe a video on that?
Thank you, great suggestions, but currently I don't have time for it, maybe I need to follow-up on it next year
@@christianlempa That would be nice!
The Lets Encrypt certificates are usually valid for 90 days. Does Traefik automatically renew the expired certificates that it has created as needed?
as of ~2 months ago mine was able to renew them automatically without any extra config. i think letsencrypt also sent an email warning me that they were near expiry so i could keep an eye on it.
yep indeed! it does it automatic
Would really love to see the video on deploying and configuring Traefik with TLS certs on Kubernetes.
That's coming soon ;)
@christianlempa Will you be using an Ingress or IngressRoute? I prefer IngressRoute as it's easier to configure.
No. No cloudflare. The whole world and internet is depending already too much on the centralized cloudflare services. Just no.
Use duckdns
Do you have any recommendations for alternatives? My domains are registered there
@ Well I host everything myself. On my own Proxmox server. Within a VM, using Nginx, etc., etc. Soon I will scale it up, an a Ceph cluster. I already have a OPNsense firewall in between. And I'm busy developing my own DDoS protection layer written in Go.
@@MelroyvandenBergare you even independent when you don't even make your own silicon smh
I’ve been using nginx proxy manager for years, but Traefik is very tempting. I just wish it had a nice GUI to make changes instead of editing a bunch of config files.
You just have to get used to the config labels, but if you got your templates I think it's even much faster and easier to configure than in a UI.
Do you have time to update your DNS Bind9 video? Its a bit old. When it runs there are tons of errors around rndc and keys and config to manage the platform as well as maybe include some zone transfer and other basic settings that would be required to make sure DNS is available? Thank you for the great content.
Thank you! I don't think the content is outdated, maybe there's something wrong with your config, perhaps we should follow up on discord
Please give us the link of the source code, your description link is not working.
github.com/christianlempa/boilerplates
Great video, thanks. Any reason why you didn't use the HTTP challenge instead? I was thinking that would be simpler?
The HTTP challenge requires an external connection from the letsencrypt server to traefik
Thinking about giving this a go. Currently running my proxies through CF Tunnels, but gives some issues sometimes with responses.
Nice
how does this compare with NGINX Proxy Manager? Im running that in HomeAssistant at the moment but was thinking to move to my docker host. Im already familiar with it, but wasnt sure if this is able to do more or do it better?
One thing that's probably worth at least considering is that if you use CLI arguments for the static config in the Docker Compose, this lets you pull from environment variables (or a .env file), Docker secrets, etc., and I am not sure using the traefik.yml can do this. But I am not that far yet, I am in the planning phase. Hell, you might say I'm in the pre-planning phase, as I've had Proxmox installed on a MS-01 for 5-6 months and still haven't decided what distribution I want to use for my Docker host :D
Hm, you're right, that's an advantage! Just the formatting and size of the CLI arguments are a bit annoying, so I still prefer the config file.
@christian Lempa , Do you know if the host VM where you are running docker needs to be joined to the a local AD server?
I followed your steps , however I cant access my test app via FQDN:port
I'm not sure how this should be related to AD?
great video! but why do all people still use the old compose style xD version declaration in compose files was deprecated long ago lol.
Thanks! I don't know 🤷♂️
What do you use for slides & presentation ?
I'm using Excalidraw+ which has a presentation mode
@@christianlempa I didn't know ExcaliDraw has a "+" version :D For a long time I was wondering how to use the frames etc :D Thanks
Id love to see a guide on setting up a separate mac address and local ip for every container
There's a video: ua-cam.com/video/5grbXvV_DSk/v-deo.html
@@christianlempa Thank you very much, just hope its not outdated at this point, but definitely gonna watch it.
Why do we need a backend in your boilerplate setup if the frontend already handles the requests directly? And why do you include a backend in the setup without explaining its purpose?
I need to update the template, gonna do it the next days ;)
When we can expect 2nd part with Kubernetes ?
It's already there: ua-cam.com/video/vJweuU6Qrgo/v-deo.html
@@christianlempa Thank you :)
Caddy looks very promising as compared to Traefik.
Traefik and Caddy are both excellent and have pros and cons for different situations. Check out Zaroxy as well which is a new kid on the block that I think will be a good option for a lot of home-labbers
Only annoying thing is that they don't have a k8s gateway api provider unlike traefik. There is something on github but its probably some beta
Out of curiosity, why is it promising compared to traefik? (Asking for a friend which is trying to implement traefik in every single stack 😅)
I do like Zoraxy! :D
Currently, for someone like me the best option.
Maybe I'll give Traefik another try after this video.
Caddy is too slow.
I'm actually just starting out and was stuck one part, i run the lxc proxmox container and the .env file that doesn't seem to work does it for just yml configuration? So how do you feed the token properly?
Yet another fantastic video that turns something complicated into something easy to understand.
Just one question that you didn't cover and that is how do you add a docker host on another machine?
I have the docker host that I have installed Traefik on and another that I have docker-proxy on. How would I add that to providers as everything I try prevents Traefik from starting.
Just as an update. I have been unable to find a way directly in traefik but used a docker container called traefik-kop, which solved the issue, and I now have two docker machines using one traefik instance
Thank you! Glad you could solve the issue :)
re the ad: the world really needs more scrapers -,-
Hi! this work wonderfully but i want to use traefik (on my OMV VM) on another docker container on my proxmox server, what would be the best way to achieve that? a docker swarm?
There are multiple ways to do this, you could deploy multiple instances of traefik, use external host configs in traefik, or docker swarm would also be a good idea. It depends a bit on your setup and what you want to achieve, why not join our community on discord and raise it as a question.
@@christianlempa Thanks for the answer, didn't knew you have a discord server, doing a jump there right now!
Do you know if there is any way to use wireguard as a VPN tunnel for something like home-assistant
with wireguard running in proxmox, and home-assistant on its own PC/RPI
Where only approved devices can access the HA-server from outside the network trough wireguard.
I'm planning on deploying Traefik on Proxmox, how would you handle traefik labels for between LXC containers, since people say LXC can separate services and also some services like Jellyfin requires a LXC for iGPU
I'm not using LXC, so unfortunately I can't be sure, but I don't think LXC has labels. It's really just for Docker (which is the reason why I don't use LXC)
@@christianlempa oh thank you helping. I guess only way to take advantage of traefik label make it more convenient is using a single VM for Docker related services and put Traefik there.
A link to your mentioned boilerplate repository in the description would be nice
It's in my docs link
Why would I ever allow my services to use the insecure web router (80)?
Shouldn't everything exclusively use HTTPS?
Yes, that's the reason why we're using Traefik
Thanks so much.
You're welcome!
Wow wollte dir gerade schreiben Christian weil du mal ein Video über Kubernetes gemachthattest für TrueNas Scale. Da diese nun bei Docker sind kann ich das Video als passende Anleitung nehmen oder fehlt etwasspezifisches?
Kein edit unter iOS hm. Mir gings dabei nebst reverse proxy auch etwas um den Vergleich mit dem cloudflare DNS Tunnel Proxy Teil. Wollte nur Nextcloud Publisher und überlege nun ob Proxy oder einfach den Tunnel zu nehmen. Oder macht eine Kombination Sinn?
Damit dürfte es nun soweit klar sein =). Muss nur schauen ob ich ein docker Manager nehme oder truenas intern irgendwas gebastelt hat. Acme läuft ja schon in truenas aber ja so würde es mir schon besser gefallen mit configs.
Any reason for Traefik if you’re already having NGINX??
Nginx is just an example, this could be any other application, also non HTTP and TCP/UDP
What about using it across machines, did you ever find a way besides traefik kop?
Great video @Christian Lempa! Thanks for the refreshed content! This was helpful!
I've been banging my head against the keyboard for the last week or so getting Wazuh to be accessible to my domain behind Traefik. Does anyone have any insight? Thanks!
Thank you so much :)
I just can't get it to run, i keep getting error=command traefik error: read /etc/traefik/traefik.yaml: is a directory no clue where to look, i took over the same information in the guide except the ports.
Take the compose project down, remove the directory, create the file first, before you start the container!
@@christianlempa After hours of faffing about i gave up. Tried nginx proxy manager which is running now... however it doesn't like some things which i haven't figured out either. This is all a big mystery to me.
Running into issues like 'to many redirects' on my nextcloud server. When changing the forwarding back to 80/443 on that IP it just works again. Through wireguard vpn it works fine also.
Would you have time to do the same video but for Nginx Proxy Manager? Thanks and you videos are super helpful, very well done, and highly informative!
thank you :) I avoid using nginx proxy manager, because I don't believe it's a good project. I've made one video at some point explaining it: ua-cam.com/video/uaixCKTaqY0/v-deo.htmlsi=KSSPWqEn_WpX3bQw
@christianlempa oh wow I guess I missed this video. I never realized NPM had that many issues and the dev team was so small. I just checked and they currently have 718 open bugs. Thanks again for another insightful video!
@ no problem, thanks for watching :)
Thank you soo much for this video, it really helped. Query, do you play that white piano on the back ground. If yes we need to see a video of you doing so please. Putting in a special request
Thank you so much! :D Maybe I'm gonna record something in the coming weeks and put it on social media or maybe a second private channel... but I can't promise, long time I didn't play
hello is there any way to expose my home server to the world. assuming that my Internet provider blocks changing ports in the router, the IP address is not public and dynamic and I cannot connect an external router. and buying a domain costs a bit
Check out Cloudflare Tunnels
I have definitely in the party of not using the version of Traefik automatically installed by K3S but now I am wondering why!
Have you explored using installed version. It is installed using a Helm Custom Resource and dropping a file in `/var/lib/rancher/k3s/server/manifests` that contains a couple of HelmChart resources. You should be able to update that file and have it automatically updated with your changes.
What is the real benefit of removing all of the resources installed automatically by Helm and then reinstalling a custom version? It has to be more than just changing namespace.
I like to manage the config using the Helm Values instead of modifications I have to put into the configmap
@ You can drop a file with a HelmChartConfig in the same directory and it overrides the values in the HelmChart.
I like your videos very helpful. Maybe you can show traefik with multi-node setup
Thank you! Currently, I'm using for each server a separate Traefik instance, but maybe I'm going to rethink that setup next year with using Docker Swarm... we'll see ;)
So If I am running game servers that use UDP and or TCP ports. I should use routes for traefik to prevent breaking connectivity once traefik is online ?
You can use UDP or TCP routers too!
would be interesting if this can replace wireguard for this usecase.
Hi!
I haven't watched the video, yet, but skipped over the timeline/chapters.
Are you talking about redirecting requests from one traefik to another to a service, too, or would you like to make a tutorial for that?
For example, I, currently, am running a immich in my homelab. However, I'd like to expose /share/* to the outside. Since you usually do not have a stable IP address, I thought of going through a VPS of mine which. So, any request to /share/* coming from the outside will be directed at my VPS and from there, traefik should route it via my VPN connection to my local traefik which will forward it to immich itself.
I have never really gotten it to work with traefik. Can you do a tutorial like that? Do you have any other ideas (except for Cloudflare tunnels) regarding that? Any clues on what might have gone wrong? :D
That's not part of this video, maybe I'll include it in another.
@christianlempa that'd be so cool!
It might be a 'niche' case, but I think a lot of people could benefit from something like this as it secures services and your home network down, and you can use static IPs (if you don't have one)!
Wie heißt die Font/schriftart für deine Visualisierungen Meister? Sieht jedesmal sehr anschaulich aus!
Das ist die Standardschrift von Excalidraw, super tool! :)
@christianlempa alleine das Tool ist ein kurzes Video wert 😅 direkt als Favorit gespeichert 😁
@ Danke! Hatte ich mal überlegt aber ich werde wahrscheinlich mal ein video generell über Tools machen die ich oft verwende
I still can't wrap my head around any reverse proxy besides NPM.
Or maybe it's me, my use case is a bit odd (1:1 subdomains for every container I want to reverse proxy)
You do know that you can define and specify the docker network directly into the docker compose file. Right? 😮
So no need to create it manually via cli..
would love a video on openziti as an alternative to something like twingate.
Maybe at some point, currently I'm happy with Twingate.
Thanks for video Christian !! Please can you make a video to handle /static/, /media/ files for custom website (like a website on django) with nginx proxy manager, thanks !!
You're welcome! :) I'm not using nginx proxy manager anymore, I think you can use traefik for any static website as well.
@@christianlempa Ok thank you
I really need to manage TLS for local webapp, I can´t understand why the majority of reverse proxy doesn't support that. I just found Caddy useful for that kind of scenario, but I prefer something with a nice UI. :(
Nginx Proxy Manager is probably as good as it gets if you want to manage the proxy via a decent GUI
@newaira333 i know it but he doesn't handle local TLS. I don't expose service on internet so I don't want to have a internet domain just for having cert from let's encrypt. Caddy handle this very well but I don't like the way to use it.
@@mattiavadala7870 You can self-host your certificate authority / manager with "Smallstep". And for the domain name, self-host your DNS.
If this information can help you
@68misty50 is absolutely right! hopefully I have time next year to finally get smallstep up and running ;)
probably the most chaotic video on traefik.
Traefik is great when it works but tbh.. i've had to tinker so much to get it to work with my sonarr and radarr containers..
Not to mention i still havent gotten my own react applications to work behind traefik.
Can somebody please explain to me why we need web applications now to do what a few lines of config file of the major webservers have been doing for decades? What timeline is this? This is just more stuff to maintain on top of all the stuff thats going on...WHY? Just expose a port, point reverse proxy to port, be done. Load balancing is also not a new concept. Am I getting old here? Am I being naive? Honestly idk why we need all of this...
Is this simply a new webserver/balancer/proxy contender with a GUI and tons of buzz words?
Most webservers won't have the smarts to go out and get the SSL certificate using DNS challenge, nor intelligently parse the backend docker or kubernetes. This is a smart layer 7 protocol router/reverse proxy that is separate from whatever web server or application you want to use. You could use this to frontend the web gui of IoT applications where you may not have control of the web server. Nginx web proxy can do similar, or Caddy, or HAProxy. Think of this as a single proxy for a farm of servers or applications. Doing it in webserver typically does it for that single server and you would have to configure it for every server you had in play. This can be in front of apache and nginx at the same time if both happen to be in separate containers or separate servers/nodes.
I can't say anything about getting old 😆, but just a few ideas why this is useful. Imagine you don't have to worry about managing config lines on your web server / proxy, or use additional services to manage TLS certificates. You can all do it with just 4 lines in your docker-compose files, which you use for application deployment. Also, when it comes to Kubernetes, it has so many advantages.
Haven't seen it yet, but i always have some issues with traefik 😂. There for i even started to use/learn iptable rules, virtual network interfaces, certbot and ufw. At the end its the same as Treafik
Well, that's not true. What you use is a firewall solution working on the TCP/IP layer, but Traefik is a reverse proxy, meaning it hooks into the HTTP requests, can do some modifications to the requests and forward it.
What's the advantage of Traefik over NPM for reverse proxying?
I've made a video on NPM, in my opinion, it's not a reliable project.
@@christianlempa Thanks! I love how you just manage the containers using compose, command line and VS Code connected through SSH. Do you still use Portainer or something like that?