2021-03-02 18:38:44 +02:00
# Traefik
2020-06-17 08:23:01 +02:00
2025-10-30 09:45:46 -04:00
[](https://build.coopcloud.tech/coop-cloud/traefik)
2020-09-25 13:38:22 +02:00
2020-06-17 08:23:01 +02:00
> https://docs.traefik.io
2021-03-02 18:38:44 +02:00
<!-- metadata -->
2025-12-30 10:18:46 +00:00
* **Maintainer**: [@p4u1 ](https://git.coopcloud.tech/p4u1 ), [@decentral1se ](https://git.coopcloud.tech/decentral1se ), [@javielico ](https://git.coopcloud.tech/javielico )
2025-11-04 18:54:51 +01:00
* **Status**: `stable`
2021-03-02 18:38:44 +02:00
* **Category**: Utilities
2025-11-04 18:54:51 +01:00
* **Features**: ?
2021-11-23 12:19:06 +02:00
* **Image**: [`traefik` ](https://hub.docker.com/_/traefik ), 4, upstream
2021-03-02 18:38:44 +02:00
* **Healthcheck**: Yes
* **Backups**: No
* **Email**: N/A
2021-11-23 12:19:06 +02:00
* **Tests**: 2
2021-03-02 18:38:44 +02:00
* **SSO**: ? (Keycloak)
<!-- endmetadata -->
## Basic usage
1. Set up Docker Swarm and [`abra` ]
2. `abra app new traefik`
2023-01-19 16:02:28 -08:00
3. `abra app config YOURAPPDOMAIN` - be sure to change `DOMAIN` to something that resolves to
2021-03-02 18:38:44 +02:00
your Docker swarm box
2022-10-13 16:51:46 +00:00
4. `abra app deploy YOURAPPDOMAIN`
2021-03-02 18:38:44 +02:00
2025-11-05 15:31:06 +01:00
## Configuring basic auth
1. Create the usersfile locally: `htpasswd -c usersfile <username>`
2. Uncomment the Basic Auth section in your .env file
3. Insert the secret: `abra app secret insert < domain > usersfile v1 -f usersfile
2025-11-20 16:42:15 +00:00
4. Redploy your app: `abra app deploy -f <domain>`
2025-11-05 15:31:06 +01:00
2023-03-06 20:57:59 -05:00
## Configuring wildcard SSL using DNS
Automatic certificate generation will Just Work™ for most recipes which use a fixed
number of subdomains. For some recipes which need to work across arbitrary
subdomains, like
[`federatedwiki` ](https://git.coopcloud.tech/coop-cloud/federatedwiki/ ) and
[`go-ssb-room` ](https://git.coopcloud.tech/coop-cloud/federatedwiki/ ), you'll
need to give Traefik access to your DNS provider so that it can carry out
Letsencrypt DNS challenges.
1. Use Gandi or OVH for DNS 🤡 (support for other providers can be easily added,
see [the `lego` docs ](https://go-acme.github.io/lego/dns/#dns-providers ).
2. Run `abra app config YOURAPPDOMAIN`
3. Uncomment e.g. `ENABLE_GANDI` and the related `SECRET_.._VERSION` line, e.g.
`SECRET_GANDIV5_API_KEY_VERSION`
4. Generate an API key for your provider
5. Run `abra app secret insert YOURAPPDOMAIN SECRETNAME v1 SECRETVALUE` , where
2024-10-03 19:40:34 -04:00
`SECRETNAME` is from the compose file (e.g. `compose.gandi-api-key.yml` ) e.g.
2023-03-06 20:57:59 -05:00
`gandiv5_api_key` and `SECRETVALUE` is the API key.
2024-10-03 19:40:34 -04:00
- For Gandi, you can use either the deprecated API Key or a GandiV5 Personal
Access Token, in which case use compose.gandi-personal-access-token.yml.
2023-03-06 20:57:59 -05:00
6. Redeploy Traefik, using e.g. `abra app deploy YOURAPPDOMAIN -f`
2025-12-26 13:23:06 -03:00
## Blocking scrapers with [Anubis](https://anubis.techaro.lol/)
Uncomment the lines on the Anubis section of the configuration. Set
a domain name for the cookies and a domain that will serve Anubis
redirection service. Optionally and for [added
security](https://anubis.techaro.lol/docs/admin/configuration/redirect-domains),
set a list of the domain names for the apps that are going to be
protected.
After deploying these changes, go to each recipe that supports Anubis
and follow the process there. **Enabling Anubis here is not enough for
protection your apps.**
2026-01-14 13:19:50 -05:00
## Enabling onion service
Uncomment the line in the config setting `ONION_ENABLED=1` . This will create a new entrypoint on port 9052 which can be used to bypass forced SSL. For more details, see the [onion recipe ](https://recipes.coopcloud.tech/onion ).
2021-03-02 18:38:44 +02:00
[`abra` ]: https://git.autonomic.zone/autonomic-cooperative/abra
