I've never posted a comment on a youtube channel, but you deserved it. After long 8 years (Hours) doing research, you solved my problem in video with 40 minutes. So many thanks.
Spectacular video. I appreciate that you have a corroborating document site for the stuff you reference in here, as well. I also appreciate how meticulous you are in the details and troubleshooting. Thanks a ton, Tim.
Would you consider adding another video to a Traefik series where you integration Authentik with Traefik ? I know you did a video about Authelia sometime back but it would great to see an update with Authentik and an outpost with Traefik. Also I love this video especially from the self hosted side and not having to have private records in an external DNS. But is your Traefik container reachable from the outside or do we just need Let's encrypt to find a valid domain for DNS auth and then it will issue the wildcard cert to the traefik container. Love you content
Thank you so much for the updated tutorial. Not sure if you got my email about the last one not working but this one works now. Tip for anyone with the certs not loading: just force recreate the container and it should load. I think this happens because the first time the certs are getting created but not read, and the second time it can actually read them.
Greatly appreciate the little detail explanations. I’d done the wild card certs before on my home lab, but this is filling in several little knowledge holes in my mind. Excellent content
HAHAHA you gotta be kidding me. I spent the 2 last weeks with your previous video and other resources trying to set up Traefik and the rest of my homelab. I literally closed the YT video minutes ago as I was finally able to make everything work. Before going to bed, I decided to check a video from my feed to cool down and what do I see if its not this taunting title XD. Anyway, I'll watch it later as it may allow me to enhance my fresh configuration. Thanks for that 😊
I followed this tutorial but I just keep on getting TRAEFIK DEFAULT CERT. I have everything the same except pihole. I use adguard and I have configure my domains in there. It resolve but does not get the lets encrypt cert
@@SenorHamburgler I like to tinker and spin up new things quite often, NPM is great for ease of use. Traefik is just more powerful and diverse, especially with docker, kubernetes and promox. Nothing wrong with NPM, just having the knowledge of how traffic work is good on the cv as well. :)
I'm a web dev and let's say that I watch, read and write a whole lot of tutorials/documents. The quality level of your tutorials is up there man, I learn more than what you teach from your videos. You do deserve the compliment.
It's a shame that UA-cam only allows for me to like this video once. This was a big upgrade from your last "SSL Everywhere" video. Thanks for taking us on your journey.
Took me a while to figure out but, note to self: using .yaml extension will break things.... switched it back to yml and it worked just like the video. Great tutorial!
Everything went well for me until around the 27 minute mark. I followed along well until there; keep getting can't connect to that domain error. Double and triple checked the steps like crazy. Dunno what I'm doing wrong.
Appreciate the update. Another great video that explains what is needed to be done, how to do it and why it has to be done. Your videos are so much more than simple 'follow me' instructions and really do help to provide some understanding. Thank you.
Great video, Tim! Proxmox has its own ACME integration, so I personally prefer that way (because traefik is running as a VM on my Proxmox, so I want to prevent a race condition when the VM is down, Proxmox is not available through Traefik But for anything else - Traefik is great
I had the same thought about Proxmox. Any TLS termination with the right certificates should be made directly on Proxmox anyway. If you want to be agressive, this should be the same for most services as well (internal certificates with local CA between internal containers to reverse proxy // letsencrypt certificates on the reverse proxy to the rest of the world)
@@xDrShadowxcan you explain a little more this solution for Proxmox? If It uses its own ACME for talking to Let's Encrypt, then we need to create its CNAME on CF instead of Pihole. Right?
Hey, This is super interesting and your acknowledgement and sort of rant about the docker secret feature, Awesome ! I have a question though: Say you are using tailscale currently, which doesn't support subdomains ? The 2 level subdomain thingy that you did, using cloudflare. Would that even work ? Could I use a WireGuard server that I deploy on DigitalOcean
Thanks for this. Real easy to follow and worked on my first attempt. I am testing this as a replacement to Nginx Proxy Manager. No nice text based config, but NPM is 100x easier and faster to setup and add sites. Good to have a back up though!
Do you use traefik for externally accessible services? How do you typically separate those? Different docker hosts? How do you do the networking since you don't need to modify the internal DNS?
anotther great tutorial. you mention difference in Docker Swarm. I am running a docker swarm in my homelab so would love to be pointed to documentation for that config. Also can I setup 2 certs in Traefik?
Hi Tim! Great tutorial! I've followed the steps and wondering if you could give some insights as to why I can't open the traefik dashboard after setting local dns using pihole. I can get pings from the url, and when I use curl, it says Moved Permanently. Hoping you could see this. Thanks Tim!
Thanks for the local only explanation. Every one of these I've seen before expects you to want to directly expose things externally. Yes I want to access from outside, but only after I've connected to WG/OVPN One question, can this be done without the local subdomain? Would you just need to remove the . local subdomain from the examples provided?
I'm confused with all the .local references. If you have a domain name and Cloudflare, why wouldn't you just put a wildcard CNAME on your Cloudflare DNS settings? This is the the part that confused me so much doing the records on pi-hole.
If you are familiar with cloudflare, could you please tell me: - Can I buy a domain from any provider and register it (transfer) it for cloudflare and manage it as if i bought it from them? so I can use their tunnel service and other features? - Do you think cloudflare tunnel is better than reverse proxy to expose your home server to public?
@@MKBUHDD I only can answer your first question. You can buy a domain nearly anywhere, you just have to set the nameserver in your dns settings (where your domain is) to the cloudflare nameservers shown in your account. After that you have the full experience of dns settings at cloudflare as far as I know.
Great video! But afer watching it, I applied the ideas to configure Caddy. Traefik is excellent, but the configuration file is a bit complex and lengthy.
Great informative, educational video. This video helped me so much to get traefik working. Very detailed vid and additional documentation provided. Keep up the great work. Many thanks.
The only thing I do not understand is how to get certs on multiple external apps. What would the config.yml look like for 2 or 3 services, not just proxmox?
Great setup to locally access it, but what if I wanted to access some of these services remotely aswell. Can I use and modify the same setup or do I need to make an entire different setup?
I had to remove the basic auth and .env because the traefik container would not move past the login prompt for the dashboard even though I put the user name and password in correctly, but I would love to see video on how to get the dashboard working with Authentik. 👍
Thanks for this, very informative! At 11:07 you say "we need to create a docker network called proxy", but I couldn't see where it's done... Anything special about it? Which driver does it use?
Whats the biggest new thing here, compared to v2? How bad of an idea would it be to just upgrade? At first glance i haven't noticed that at least the important settings changed that much
Is this considered an update your other guide on setting up Traefik on Portainer? Also, can I follow this guide for my reverse proxy to use with Pterodactyl? I know your Pterodactyl guide is from a couple years ago so I assume that’s why it links to the older Traefik+Portainer guide. Thanks!
this is perfect timing i just rewatched your old traefik video yesterday cuz i’m having some weird connection issues with my traefik server that i setup last year that has been working great for me. i might re-spin up my server with traefik 3 this weekend to see if resolves my issues. thanks tim!
i followed to a tee.... i get the certificates with no problem (in the test mode) - but i can't access the traefik dashboard. I keep getting 404 page not found. I get it if i add :80 or :443. I have both ports exposed on by router
Interesting tutorial! I think it'll really help some people in setting Traefik up, which at first use, can be a bit daunting. However, Traefik now officially supports HTTP3, so I think you should open both ports 443 tcp as well as udp in your compose file. Make sure to update your firewall settings / port forwards as well. - 80:80 - 443:443/tcp - 443:443/udp Also, one of the strengths of Traefik is that after adding the "config" volume once, you shouldn't have to run "docker compose up" when changing config.yaml. Lastly, I personally like to also use logs, so choose to add this volume as well: "- /opt/traefik/logs:/logs:rw" and try to name compose files "compose.yml", as it saves a few keystrokes.
hi, thank you for the video! I did everything as shown. I have no errors / logs, all variables are correctly showing up in debug mode. My issue is I cant access traefik dashboard. it says 404 page not found when I do it via the domain that I gave, even when I try to access the dashboard using local ip address of my proxmox docker lxc container with port 80, 443 or 8080. I can't seem to resolve it, can you please suggest what should I do? I even changed traefik image from 3.0 to latest. I am out of options to try by searching online.
Hi, first off, thank you so much for this tutorial. Nice and easy to follow! That said I am having an issue I hope you can help with. I'm using a wildcard A record for my addresses through cloudflare and I'm not using PiHole at all. When I try to configure Traefik for workloads outside of docker using your template with my own information I get "Internal Server Error" when trying to load the webpage. Is this because i'm not using PiHole? If so, what do I need to change to fix the error?
Hey - can I use this Traefik container to cleanly reverse proxy containers in *other* docker environments? I could set it up in the 'external' way like you did for Proxmox, and I'm happy to do that, just wondering if there is maybe a cleaner way to do that (or even a second Traefik instance for the second docker environment..)
@Tim, I didn't catch why mix traefik and nginx(specific need, or just showing compatibility?), and also, why pihole instead of cnames on cloudflare(is it a cost thing, security thing? or just having pihole already in the mix?)
I am having issues with generating a certificate for the domains there is an acme erorr presenting the cloudflare token. I also went through all the troubleshooting steps everything checks out any ideas?
Minor opportunity at 12:22- I always get bogged down setting permissions for family samba shares, docker user, etc. Take a minute to talk through the chmod operation
Is there a guide for creating a setup with some applications you want to expose to the public and some you want local only, and having wildcard certificates created for it all through traefik?
A few notes: You are using both cli config and YAML config on the Traefik container. Move that all into the YAML file. Also you shouldn't be specifying your email for cloudflare, you should be using a scoped taken instead. Also at this point you should be enabling strictSNI and a minimum TLS version of 1.2
Hi how do you use separate instances of traefik to talk to one another like how you had in your home lab? Could you do a tutorial on it? like connecting docker to kubernetest to another kubernetes cluster.
Is it possible to give us an example of having multiple external servers in the config.yml file? It works for the ProxMox you gave an example of but whenever I try to add section for Home Assistant it errors out when I run docker compose and complains about line 13 file provider. Thx
Thanks Tim! this video really helpful as I was looking for your previous video to troubleshoot certificate error I encountered since last week, then manage to replace with this setup 👍
Thank you for your great content. I am trying to get Traefik and Cloudflare running in Proxmox LXC helper scripts. The chalenge I am haveing is getting the cloudflare api token running in the LXC because enviroment variables are a bit different than in docker secrets. Would you consider doing a video on getting this setup and running?
This is great and all.... but only for internal services. If you want to have a public-facing service, you can't do a second-level wildcard cert going through cloudflare without paying for a cert from them.
Finally a video that shows you how to set up traefik successfully. Just one question that i dont think you covered. I have to servers both running docker. How do i run only one instance of traefik for both.
Had to say this... It's got to be absolutely one the best well rounded , well thought, in depth traefik install walk-throughd I have come accross thus far,.., thanks and well done Tim..
Great video thanks for the files as well. What if I do not want to use an internal DNS resolver, but use cloudflare can I do that also? As I do not mind using the internal urls to get to my services.
The version at the start of the docker-compose.yaml designates the spec you're using. This does matter, some properties may behave differently or not exist in older versions, I've run into this particularly with swarm related properties.
@@nospamas8926 when I updated my system I had to install docker compose instead of docker-compose as I was getting errors. After I installed docker compose I got errors 'version is obsolete' so I removed it from all of my docker-compose.yamls
Getting a "Gateway Timeout" for external services on different VLAN. Can ping the services from inside the traefik container so not sure what the issue is.
Is there a good solution for automatic Split-DNS if I don't want to use a "local"-subdomain? How do you handle services that should be accessible publicly as well as locally?
Hello mate, to better understand what makes it different from Cloudflare Zero Trust’s tunnels is just the local domain name as opposed to a paid domain one?
Hi Tim, just had a question for you please. I initially set up my Docker computer (running Debian 12) with a network SMB shared folder (from my NAS) mounted in /home/user/DockerFilesOnNASfolder/ (set to automatically mount upon boot). I have tried and failed to run several different Docker containers (including Traefik, Frigate, and Portall), if the files are within that network folder. Simply moving them to e.g. /home/user/DockerFilesNOTOnNASfolder (i.e. a folder on the computer running Docker) solves the problems I've had. I wanted to have all my Docker stuff on my NAS so it was backed up in real-time, but obviously this isn't working. Is there a better way of backing things up? Thanks for your thoughts.
Thanks for the great tutorial Tim. I'd been struggling to get either Proxmox or Portainer to work properly behind Traefik, but I got it working by following your video. Question. How do you get something like AdGuard Home or Pi-Hole to work with Traefik? AGH requires a location for the SSL certificates, so how do you get it to read the acme.json file? Also, how do you get AGH to work with DoT and DoH?
Hi Tim, thanks for sharing this amazing video. I only need more help setting up multiple routers in the config file you showed us. can you explain how I can add more external servers outside docker to my config. like my firewall interface, other homeserver, printers etc
Great video, but doesn't seem to work for me.. Once I get to the DNS part and setup the record with cloudflare.. it only ever points back to the TrueNas login page and I don't know what to do..
I've never posted a comment on a youtube channel, but you deserved it. After long 8 years (Hours) doing research, you solved my problem in video with 40 minutes. So many thanks.
@@pedrohcunha6857 awesome! Nice work! Appreciate it!
Just finished your traefik series when I saw you posted this, thank you for answering my subconscious prayer 🙏🏼 Keep up the great work!
Baby, wake up techno tim uploaded about traefik. It's time to update your homelab
I felt this so hard 🤣🤣🤣🤣
I upgrade all dockers once a week or so so Traefik is on v3.1.2 already 🙂
@@osaether his guide is perfect for learning and deploying
My point is: I haven't noticed any changes. Do I need to reconfigure anything?
Spectacular video. I appreciate that you have a corroborating document site for the stuff you reference in here, as well. I also appreciate how meticulous you are in the details and troubleshooting. Thanks a ton, Tim.
I am a simple man. I see Techno Tim , I watch , I like.
I share
I simp
Would you consider adding another video to a Traefik series where you integration Authentik with Traefik ? I know you did a video about Authelia sometime back but it would great to see an update with Authentik and an outpost with Traefik.
Also I love this video especially from the self hosted side and not having to have private records in an external DNS. But is your Traefik container reachable from the outside or do we just need Let's encrypt to find a valid domain for DNS auth and then it will issue the wildcard cert to the traefik container.
Love you content
I can't fathom how easy you made this process, which I have been unable to do with other tutorials. You're doing great work Tim!
Thank you so much for the updated tutorial. Not sure if you got my email about the last one not working but this one works now. Tip for anyone with the certs not loading: just force recreate the container and it should load. I think this happens because the first time the certs are getting created but not read, and the second time it can actually read them.
compare to the last video of Traefik , i had 0 issue
love how you explain things very easy and in simple way 😍
Greatly appreciate the little detail explanations. I’d done the wild card certs before on my home lab, but this is filling in several little knowledge holes in my mind.
Excellent content
I've also learned way more than I was expecting
Sweet, I used most of your last Traefik video (never got external access working, but internal worked just fine, and that's all I needed, really)
This video gave me the info I needed to finish my migration to Traefik. Thank you Techno Tim!
This might be the definitive guide for Traefik 3
HAHAHA you gotta be kidding me.
I spent the 2 last weeks with your previous video and other resources trying to set up Traefik and the rest of my homelab.
I literally closed the YT video minutes ago as I was finally able to make everything work.
Before going to bed, I decided to check a video from my feed to cool down and what do I see if its not this taunting title XD.
Anyway, I'll watch it later as it may allow me to enhance my fresh configuration. Thanks for that 😊
Bro I love you! Over the past weeks I made like three or for attemps to get this running. this vid did it in under an hour
@@metallusmelandril7380 thank you! Nice work!
I followed this tutorial but I just keep on getting TRAEFIK DEFAULT CERT. I have everything the same except pihole. I use adguard and I have configure my domains in there. It resolve but does not get the lets encrypt cert
yes the same here, but Im using pi-hole. Anyone else? @TechnoTim can help us?
@@Synoap Yeah me too, did you find a fix?
**knows he can create/edit file in one step but prefers two steps** Bravo good sir! So satisfying...
Perfect timing! I've been intersted in Traefik and leaving NPM. Thank you Tim!
Why may I ask? I use NPM and it's so seamless and easy
@@SenorHamburgler I like to tinker and spin up new things quite often, NPM is great for ease of use. Traefik is just more powerful and diverse, especially with docker, kubernetes and promox. Nothing wrong with NPM, just having the knowledge of how traffic work is good on the cv as well. :)
I rarely watch 40 mins long videos thru the end. Awesome vidéo tutorial! Been searching a bit online how to do this. Can't wait to set that up :)
Awesome, thank you! That's a huge compliment!
I'm a web dev and let's say that I watch, read and write a whole lot of tutorials/documents. The quality level of your tutorials is up there man, I learn more than what you teach from your videos. You do deserve the compliment.
It's a shame that UA-cam only allows for me to like this video once. This was a big upgrade from your last "SSL Everywhere" video. Thanks for taking us on your journey.
Took me a while to figure out but, note to self: using .yaml extension will break things.... switched it back to yml and it worked just like the video. Great tutorial!
Everything went well for me until around the 27 minute mark. I followed along well until there; keep getting can't connect to that domain error.
Double and triple checked the steps like crazy. Dunno what I'm doing wrong.
Appreciate the update. Another great video that explains what is needed to be done, how to do it and why it has to be done. Your videos are so much more than simple 'follow me' instructions and really do help to provide some understanding. Thank you.
Great video, Tim!
Proxmox has its own ACME integration, so I personally prefer that way (because traefik is running as a VM on my Proxmox, so I want to prevent a race condition when the VM is down, Proxmox is not available through Traefik
But for anything else - Traefik is great
I had the same thought about Proxmox. Any TLS termination with the right certificates should be made directly on Proxmox anyway. If you want to be agressive, this should be the same for most services as well (internal certificates with local CA between internal containers to reverse proxy // letsencrypt certificates on the reverse proxy to the rest of the world)
@@xDrShadowxcan you explain a little more this solution for Proxmox? If It uses its own ACME for talking to Let's Encrypt, then we need to create its CNAME on CF instead of Pihole. Right?
Anonymous window in browser is always the good way for testing changes.
Also firefox containers work too.
Hey, This is super interesting and your acknowledgement and sort of rant about the docker secret feature, Awesome !
I have a question though:
Say you are using tailscale currently, which doesn't support subdomains ? The 2 level subdomain thingy that you did, using cloudflare. Would that even work ? Could I use a WireGuard server that I deploy on DigitalOcean
One of the best tutorials I've followed on youtube, perfect pacing and everything worked first time. Thank you!
Thanks for this. Real easy to follow and worked on my first attempt. I am testing this as a replacement to Nginx Proxy Manager. No nice text based config, but NPM is 100x easier and faster to setup and add sites. Good to have a back up though!
Do you use traefik for externally accessible services? How do you typically separate those? Different docker hosts?
How do you do the networking since you don't need to modify the internal DNS?
anotther great tutorial. you mention difference in Docker Swarm. I am running a docker swarm in my homelab so would love to be pointed to documentation for that config. Also can I setup 2 certs in Traefik?
Hi Tim! Great tutorial!
I've followed the steps and wondering if you could give some insights as to why I can't open the traefik dashboard after setting local dns using pihole.
I can get pings from the url, and when I use curl, it says Moved Permanently. Hoping you could see this. Thanks Tim!
30:00 you can just do > filename to blank out a filename from the terminal.
@TechnoTim any chance of a video explaining how you configure cloudfare to point your local dns running in pi-hole?
Thanks for the local only explanation. Every one of these I've seen before expects you to want to directly expose things externally. Yes I want to access from outside, but only after I've connected to WG/OVPN
One question, can this be done without the local subdomain? Would you just need to remove the . local subdomain from the examples provided?
I'm confused with all the .local references. If you have a domain name and Cloudflare, why wouldn't you just put a wildcard CNAME on your Cloudflare DNS settings? This is the the part that confused me so much doing the records on pi-hole.
Well, because he's doing this for LOCAL services only, not ones exposed to the Internet.
If you are familiar with cloudflare, could you please tell me:
- Can I buy a domain from any provider and register it (transfer) it for cloudflare and manage it as if i bought it from them? so I can use their tunnel service and other features?
- Do you think cloudflare tunnel is better than reverse proxy to expose your home server to public?
@@MKBUHDD I only can answer your first question. You can buy a domain nearly anywhere, you just have to set the nameserver in your dns settings (where your domain is) to the cloudflare nameservers shown in your account. After that you have the full experience of dns settings at cloudflare as far as I know.
@@BerliOfficial Thanks for the info, then I will look for a cheap domain. 👍🏻
Great Video, any plans for a video on how to securely expose to the internet?
Great video! But afer watching it, I applied the ideas to configure Caddy. Traefik is excellent, but the configuration file is a bit complex and lengthy.
Great informative, educational video. This video helped me so much to get traefik working. Very detailed vid and additional documentation provided. Keep up the great work. Many thanks.
The only thing I do not understand is how to get certs on multiple external apps. What would the config.yml look like for 2 or 3 services, not just proxmox?
Great setup to locally access it, but what if I wanted to access some of these services remotely aswell. Can I use and modify the same setup or do I need to make an entire different setup?
Please need help...how do I add multiple entries to the config.yml you speak about 35:07 can someone please provide the layout?
Very comprehensive Tim, well done.
36:47 The "secured" middleware chain doesn't seem to be applied to any of the routers. Assuming this is an editing mistake?
I had to remove the basic auth and .env because the traefik container would not move past the login prompt for the dashboard even though I put the user name and password in correctly, but I would love to see video on how to get the dashboard working with Authentik. 👍
how you remove the basic auth ? I am also cannot login the dashboard either. my password generator is correct in .env file. please help..
same problem. i go into container and echo the credentials they show but i cant login. gonna have to lookup removing auth
Thanks for this, very informative!
At 11:07 you say "we need to create a docker network called proxy", but I couldn't see where it's done... Anything special about it? Which driver does it use?
It’s in there!
@@TechnoTim ah, 19:24 - it was so short, just "docker network create proxy", so I totally missed it... Thank you!
Whats the biggest new thing here, compared to v2? How bad of an idea would it be to just upgrade? At first glance i haven't noticed that at least the important settings changed that much
Thanks Tim! finally managed to get Traefik fully working in my homelab, great tutorial as always
Great video. Just wondering, I would like to add zabbix to the mix here. Would I need to adjust the config.yml file ? If so, please advise
how does this video have only 3.4k views? I watched it like 6 times start to finish alone.
Is this considered an update your other guide on setting up Traefik on Portainer? Also, can I follow this guide for my reverse proxy to use with Pterodactyl? I know your Pterodactyl guide is from a couple years ago so I assume that’s why it links to the older Traefik+Portainer guide. Thanks!
this is perfect timing i just rewatched your old traefik video yesterday cuz i’m having some weird connection issues with my traefik server that i setup last year that has been working great for me. i might re-spin up my server with traefik 3 this weekend to see if resolves my issues. thanks tim!
Another great tutorial, Techno Tim. I even got this to run on my Docker Swarm (once I had the correct DNS name).
Thank you. I've been meaning to do this in my homelab for some time. Now I have everything I need.
Great video, thank you Tim! Would you recommend switching to Traefik v3 if already have v2 setup working?
i followed to a tee.... i get the certificates with no problem (in the test mode) - but i can't access the traefik dashboard. I keep getting 404 page not found. I get it if i add :80 or :443. I have both ports exposed on by router
Thanks for the demo and info, once again super helpful documentation. Have a great day Techno Tim
Why don't you let out the pihole part and create the DNS records within cloudflare?
Because he's doing this locally? He's only using cloudflare for the DNS challenge. He was pretty clear about that.
Any recommendations to troubleshoot when the cert is from traefik and not from let's encrypt.
Interesting tutorial! I think it'll really help some people in setting Traefik up, which at first use, can be a bit daunting.
However, Traefik now officially supports HTTP3, so I think you should open both ports 443 tcp as well as udp in your compose file.
Make sure to update your firewall settings / port forwards as well.
- 80:80
- 443:443/tcp
- 443:443/udp
Also, one of the strengths of Traefik is that after adding the "config" volume once, you shouldn't have to run "docker compose up" when changing config.yaml.
Lastly, I personally like to also use logs, so choose to add this volume as well: "- /opt/traefik/logs:/logs:rw" and try to name compose files "compose.yml", as it saves a few keystrokes.
Thanks for the great tips! I will also add this to the docs!
will there be a similar update for the Kubernetes version?
hi, thank you for the video! I did everything as shown. I have no errors / logs, all variables are correctly showing up in debug mode. My issue is I cant access traefik dashboard. it says 404 page not found when I do it via the domain that I gave, even when I try to access the dashboard using local ip address of my proxmox docker lxc container with port 80, 443 or 8080. I can't seem to resolve it, can you please suggest what should I do? I even changed traefik image from 3.0 to latest. I am out of options to try by searching online.
thx mate, im from Brazil and u saved my life! Great content, keep doing this job ur awesome! Again, thx a lot!!
Have been running this setup for ages and can recommend it. you can add a star cname in your DNS server so you don't have to add entries every time
Hi, first off, thank you so much for this tutorial. Nice and easy to follow! That said I am having an issue I hope you can help with.
I'm using a wildcard A record for my addresses through cloudflare and I'm not using PiHole at all. When I try to configure Traefik for workloads outside of docker using your template with my own information I get "Internal Server Error" when trying to load the webpage. Is this because i'm not using PiHole? If so, what do I need to change to fix the error?
I have this same issue. Did you ever find a solution?
@@lachlanvanderdrift7013 same here
I did all this over yesterday and today but with some help from Dockge. This was an awesome tutorial!
Great content man, thanks a lot for your all hard work and efforts, much appreciated
Hey - can I use this Traefik container to cleanly reverse proxy containers in *other* docker environments?
I could set it up in the 'external' way like you did for Proxmox, and I'm happy to do that, just wondering if there is maybe a cleaner way to do that (or even a second Traefik instance for the second docker environment..)
@Tim, I didn't catch why mix traefik and nginx(specific need, or just showing compatibility?), and also, why pihole instead of cnames on cloudflare(is it a cost thing, security thing? or just having pihole already in the mix?)
I am having issues with generating a certificate for the domains there is an acme erorr presenting the cloudflare token. I also went through all the troubleshooting steps everything checks out any ideas?
Minor opportunity at 12:22- I always get bogged down setting permissions for family samba shares, docker user, etc. Take a minute to talk through the chmod operation
loved the whole idea of this, brilliant stuff Tim!
Is there a guide for creating a setup with some applications you want to expose to the public and some you want local only, and having wildcard certificates created for it all through traefik?
Fantastic video. Love the section on verifying things were working.
A few notes: You are using both cli config and YAML config on the Traefik container. Move that all into the YAML file. Also you shouldn't be specifying your email for cloudflare, you should be using a scoped taken instead. Also at this point you should be enabling strictSNI and a minimum TLS version of 1.2
I wanted to mess around with swarm a bit more could we get this in a swarm version?
after all we are homelabbing to simulate production environments?
Really helpful ! Thank you ! Could you make a video to explain how to convert that configuration to a docker swarm ?
Hi how do you use separate instances of traefik to talk to one another like how you had in your home lab? Could you do a tutorial on it? like connecting docker to kubernetest to another kubernetes cluster.
Is it possible to give us an example of having multiple external servers in the config.yml file? It works for the ProxMox you gave an example of but whenever I try to add section for Home Assistant it errors out when I run docker compose and complains about line 13 file provider. Thx
Thanks Tim! this video really helpful as I was looking for your previous video to troubleshoot certificate error I encountered since last week, then manage to replace with this setup 👍
Thank you for your great content. I am trying to get Traefik and Cloudflare running in Proxmox LXC helper scripts. The chalenge I am haveing is getting the cloudflare api token running in the LXC because enviroment variables are a bit different than in docker secrets. Would you consider doing a video on getting this setup and running?
This is great and all.... but only for internal services. If you want to have a public-facing service, you can't do a second-level wildcard cert going through cloudflare without paying for a cert from them.
Finally a video that shows you how to set up traefik successfully.
Just one question that i dont think you covered.
I have to servers both running docker. How do i run only one instance of traefik for both.
dashboard: debug:true doenst do anything?? am i missing something or is the traefik documention not up2date?
Awesome video. Now how can I migrate this to a swarm environment with a public gateway node and the rest, master and workers, behind it?
Had to say this... It's got to be absolutely one the best well rounded , well thought, in depth traefik install walk-throughd I have come accross thus far,.., thanks and well done Tim..
So you added Pihole just for the GUI?
Why not use tags to pass info to Traefik from any running docker image and let it manage the DNS?
Great video thanks for the files as well. What if I do not want to use an internal DNS resolver, but use cloudflare can I do that also? As I do not mind using the internal urls to get to my services.
Should we you docker compose instead of docker-compose? The version at the beginning would be unnecesary then
The version at the start of the docker-compose.yaml designates the spec you're using. This does matter, some properties may behave differently or not exist in older versions, I've run into this particularly with swarm related properties.
@@nospamas8926 when I updated my system I had to install docker compose instead of docker-compose as I was getting errors. After I installed docker compose I got errors 'version is obsolete' so I removed it from all of my docker-compose.yamls
@@nospamas8926 On the newer versions of Docker Compose (2.25+) the version line has been deprecated and will generate a warning if it exists.
Because swarm is the only thing that does not respect the compose spec. And yes, the version should not be used anymore@@nospamas8926
This was fantastic! I was literally looking at how to do this the other day and you've come up trumps yet again. Thank you 😊
Glad I could help!
Getting a "Gateway Timeout" for external services on different VLAN. Can ping the services from inside the traefik container so not sure what the issue is.
Is there a good solution for automatic Split-DNS if I don't want to use a "local"-subdomain?
How do you handle services that should be accessible publicly as well as locally?
Hey Tim - what about using Cloudflare for more than just the DNS - how about also proxying so you hide your home IP from whoever is accessing the URL?
Certainly! Just toggle on proxy in cloudflare when setting this up!
Hello mate, to better understand what makes it different from Cloudflare Zero Trust’s tunnels is just the local domain name as opposed to a paid domain one?
Any reason to use this over nginx proxy manager?
Hi Tim, just had a question for you please.
I initially set up my Docker computer (running Debian 12) with a network SMB shared folder (from my NAS) mounted in /home/user/DockerFilesOnNASfolder/ (set to automatically mount upon boot).
I have tried and failed to run several different Docker containers (including Traefik, Frigate, and Portall), if the files are within that network folder. Simply moving them to e.g. /home/user/DockerFilesNOTOnNASfolder (i.e. a folder on the computer running Docker) solves the problems I've had.
I wanted to have all my Docker stuff on my NAS so it was backed up in real-time, but obviously this isn't working.
Is there a better way of backing things up?
Thanks for your thoughts.
Thanks for the great tutorial Tim. I'd been struggling to get either Proxmox or Portainer to work properly behind Traefik, but I got it working by following your video. Question. How do you get something like AdGuard Home or Pi-Hole to work with Traefik? AGH requires a location for the SSL certificates, so how do you get it to read the acme.json file? Also, how do you get AGH to work with DoT and DoH?
I'm confused, what is significantly different between 2.x and 3?
Hi Tim, thanks for sharing this amazing video. I only need more help setting up multiple routers in the config file you showed us.
can you explain how I can add more external servers outside docker to my config. like my firewall interface, other homeserver, printers etc
Great video, but doesn't seem to work for me.. Once I get to the DNS part and setup the record with cloudflare.. it only ever points back to the TrueNas login page and I don't know what to do..
Had a quick question about ssh and the server. Is the server being referenced just the domain that you own or is it something else?