eCommons/traefik
0
0
Fork 0
forked from coop-cloud/traefik
Code Pull Requests Activity
Files
16f657dbb1fb953ba3861d9894de0dab97d1877a
traefik/README.md
Zigzagill 25cf7862ed Add Cloudflare as DNS provider (#103) 
<!--
Thank you for doing recipe maintenance work!
Please mark all checklist items which are relevant for your changes.
Please remove the checklist items which are not relevant for your changes.
Feel free to remove this comment.
-->

* [x] I have deployed and tested my changes
LetsEncrypt challenges passed
* [x] I have [updated relevant versions in `abra.sh`](https://docs.coopcloud.tech/maintainers/upgrade/#updating-versions-in-the-abrash)
No relevant versions to update
* [x] I have made my environment variable changes [backwards compatible](https://docs.coopcloud.tech/maintainers/upgrade/#backwards-compatible-environment-variable-changes)
Only new env vars were added
* [ ] I have added a [release note entry](https://docs.coopcloud.tech/maintainers/upgrade/#creating-new-release-notes)
Unsure if this is necessary but I'm happy to add notes if we want them 😄

Reviewed-on: coop-cloud/traefik#103
Reviewed-by: p4u1 <p4u1@noreply.git.coopcloud.tech>
Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>
Co-authored-by: Zigzagill <zigzagill@proton.me>
Co-committed-by: Zigzagill <zigzagill@proton.me>
2026-05-16 23:37:49 +00:00

79 lines
3.5 KiB
Markdown
Raw Blame History

# Traefik
[![Build Status](https://build.coopcloud.tech/api/badges/coop-cloud/traefik/status.svg)](https://build.coopcloud.tech/coop-cloud/traefik)
> https://docs.traefik.io
<!-- metadata -->
* **Maintainer**: [@p4u1](https://git.coopcloud.tech/p4u1), [@decentral1se](https://git.coopcloud.tech/decentral1se), [@javielico](https://git.coopcloud.tech/javielico), [@moritz](https://git.coopcloud.tech/moritz)
* **Status**: `stable`
* **Category**: Utilities
* **Features**: ?
* **Image**: [`traefik`](https://hub.docker.com/_/traefik), 4, upstream
* **Healthcheck**: Yes
* **Backups**: No
* **Email**: N/A
* **Tests**: 2
* **SSO**: ? (Keycloak)
<!-- endmetadata -->
## Basic usage
1. Set up Docker Swarm and [`abra`]
2. `abra app new traefik`
3. `abra app config YOURAPPDOMAIN` - be sure to change `DOMAIN` to something that resolves to
your Docker swarm box
4. `abra app deploy YOURAPPDOMAIN`
## Configuring basic auth
1. Create the usersfile locally: `htpasswd -c usersfile <username>`
2. Uncomment the Basic Auth section in your .env file
3. Insert the secret: `abra app secret insert <domain> usersfile v1 -f usersfile
4. Redploy your app: `abra app deploy -f <domain>`
## Configuring wildcard SSL using DNS
Automatic certificate generation will Just Work™ for most recipes which use a fixed
number of subdomains. For some recipes which need to work across arbitrary
subdomains, like
[`federatedwiki`](https://git.coopcloud.tech/coop-cloud/federatedwiki/) and
[`go-ssb-room`](https://git.coopcloud.tech/coop-cloud/federatedwiki/), you'll
need to give Traefik access to your DNS provider so that it can carry out
Letsencrypt DNS challenges.
1. Use Gandi, OVH, DO, Azure, PorkBun, or Cloudflare for DNS 🤡 (support for
other providers can be easily added, see
[the `lego` docs](https://go-acme.github.io/lego/dns/#dns-providers).
2. Run `abra app config YOURAPPDOMAIN`
3. Uncomment e.g. `ENABLE_GANDI` and the related `SECRET_.._VERSION` line, e.g.
`SECRET_GANDIV5_API_KEY_VERSION`
4. Set `LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER` to your provider, e.g. `gandi`
4. Generate an API key for your provider, probably using their web interface.
5. Run `abra app secret insert YOURAPPDOMAIN SECRETNAME v1 SECRETVALUE`, where
`SECRETNAME` is from the compose file (e.g. `compose.gandi-api-key.yml`) e.g.
`gandiv5_api_key` and `SECRETVALUE` is the API key.
- For Gandi, you can use either the deprecated API Key or a GandiV5 Personal
Access Token, in which case use compose.gandi-personal-access-token.yml.
- See comments for each provider in your env file for specific instructions
6. Redeploy Traefik, using e.g. `abra app deploy YOURAPPDOMAIN -f`
## Blocking scrapers with [Anubis](https://anubis.techaro.lol/)
Uncomment the lines on the Anubis section of the configuration. Set
a domain name for the cookies and a domain that will serve Anubis
redirection service. Optionally and for [added
security](https://anubis.techaro.lol/docs/admin/configuration/redirect-domains),
set a list of the domain names for the apps that are going to be
protected.
After deploying these changes, go to each recipe that supports Anubis
and follow the process there. **Enabling Anubis here is not enough for
protection your apps.**
## Enabling onion service
Uncomment the line in the config setting `ONION_ENABLED=1`. This will create a new entrypoint on port 9052 which can be used to bypass forced SSL. For more details, see the [onion recipe](https://recipes.coopcloud.tech/onion).
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
View Git Blame Copy Permalink