In this article we'll install Traefik as dynamic reverse proxy on Linux
It's recommended that you have read the previous steps of this course. You'll find the overview at the end of this blogpost.
Course ingredients:
Install Traefik as dynamic reverse proxy
First create a subdomain monitor.yourDomain.com and point it via DNS entry to your server. You'll need the subdomain for the Traefik dashboard that monitors your services.
sudo apt-get install apache2-utils
## Install apache2-utils package, which includes an htpasswd utility for encrypted passwords
Do you want to continue? [Y/n] y
htpasswd -nb admin secure_password
## Generate encrypted password
Output in Terminal looks like this:
admin:$apr1$rcda74Hq$mbjdZMZTG.KWn8vfN/SNK/
mkdir /var/traefik
## Create a folder for Traefik
cd /var/traefik
## Navigate into the new Traefik folder
nano traefik.toml
## Create and edit file traefik.toml
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
[api]
dashboard = true
[certificatesResolvers.lets-encrypt.acme]
email = "your_email@your_domain"
storage = "acme.json"
[certificatesResolvers.lets-encrypt.acme.tlsChallenge]
[providers.docker]
watch = true
network = "web"
[providers.file]
filename = "traefik_dynamic.toml"
nano traefik_dynamic.toml
## Create and edit file traefik_dynamic.toml
[http.middlewares.simpleAuth.basicAuth]
users = [
"admin:$apr1$ruca84Hq$mbjdMZBAG.KWn7vfN/SNK/"
]
[http.routers.api]
rule = "Host(`monitor.your_domain`)"
entrypoints = ["websecure"]
middlewares = ["simpleAuth"]
service = "api@internal"
[http.routers.api.tls]
certResolver = "lets-encrypt"
docker network create web
## Create a Docker network for Traefik
touch acme.json
## Create new empty file acme.json which Traefik will use for Let's Encrypt information
chmod 600 acme.json
## Grant permissions to the owner of the file only.
Start your Traefik container with the following command:
docker run -d \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $PWD/traefik.toml:/traefik.toml \
-v $PWD/traefik_dynamic.toml:/traefik_dynamic.toml \
-v $PWD/acme.json:/acme.json \
-p 80:80 \
-p 443:443 \
--network web \
--name traefik \
--restart always \
traefik:v2.2
--restart always ## This option will restart the container a reboot of the server.
TROUBLESHOOTING
Stop and disable apache2 or it will block Traefik from working.
Attention: If your server needs to be rebooted then apache2 will be restarted if it is not disabled.
sudo systemctl stop apache2 ## stop the service
sudo systemctl disable apache2 ## disable the service
Also good to know:
sudo systemctl start apache2 ## start the service
sudo systemctl enable apache2 ## enable the service
See you next week for more
Johnnie