44 lines
1.7 KiB
Markdown
44 lines
1.7 KiB
Markdown
# Traefik
|
|
|
|
**Purpose:** Reverse proxy and TLS termination for all homelab services.
|
|
|
|
| Property | Value |
|
|
| -------------- | ------------------ |
|
|
| Status | Running |
|
|
| Image | `traefik:v3.6` |
|
|
| Ports | `80:80`, `443:443` |
|
|
| Created by | jens |
|
|
| Restart policy | `unless-stopped` |
|
|
| Compose file | [`../services/traefik/docker-compose.yml`](../services/traefik/docker-compose.yml) |
|
|
|
|
---
|
|
|
|
## Configuration
|
|
|
|
- HTTP (port 80) → automatically redirects to HTTPS
|
|
- HTTPS (port 443) → TLS termination via Let's Encrypt
|
|
- TLS wildcard certificate for `*.home.jens.pub` and `home.jens.pub`
|
|
- Certificate resolver: **Let's Encrypt** via **DNS-01 challenge** (Namecheap provider)
|
|
- DNS resolvers used for challenge: `1.1.1.1`, `8.8.8.8`
|
|
- Docker provider: auto-discovers containers via socket (opt-in with `traefik.enable=true`)
|
|
- Dashboard: enabled, exposed at `traefik.home.jens.pub` (secured, no insecure mode)
|
|
|
|
## Environment Variables (sensitive)
|
|
|
|
| Variable | Description |
|
|
| --------------------- | --------------------------------------- |
|
|
| `NAMECHEAP_API_USER` | Namecheap account username |
|
|
| `NAMECHEAP_API_KEY` | Namecheap API key for DNS challenge |
|
|
| `NAMECHEAP_SOURCE_IP` | Whitelisted IP for Namecheap API access |
|
|
|
|
## Volumes
|
|
|
|
| Volume | Mount |
|
|
| ---------------------- | ------------------------------------------- |
|
|
| `/var/run/docker.sock` | `:ro` — Docker socket for service discovery |
|
|
| `traefik_acme` | `/acme` — Let's Encrypt certificate storage |
|
|
|
|
## Networks
|
|
|
|
- `proxy` (external)
|