Differences

This shows you the differences between two versions of the page.

--- services:traefik [2026/02/07 00:05] – external edit 127.0.0.1
+++ services:traefik [2026/02/08 08:34] (current) – created - external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ====== Traefik ======
-Reverse proxy and TLS termination.
+Reverse Proxy mit automatischer TLS-Terminierung.
-===== Access =====
+===== Details =====
-^ Item ^ Value ^
+^ Key ^ Value ^
-| Dashboard | [[http://10.100.161.102:8080]] |
 | Container | CT 102 |
 | IP | 10.100.161.102 |
-| Ports | 80, 443, 8080 |
+| Ports | 80, 443 |
+| RAM | 512 MB |
-===== Installation =====
+===== Features =====
-<code bash>
+  * Let's Encrypt Wildcard-Zertifikat (*.home.miskam.xyz)
-# Container erstellen (nesting + keyctl für Let's Encrypt)
+  * DNS Challenge via Cloudflare
-pct create 102 local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst \
+  * Automatische HTTP→HTTPS Redirect
-  --hostname traefik \
+  * Dynamic Configuration (File Provider)
-  --memory 512 --swap 256 \
-  --cores 1 \
-  --net0 name=eth0,bridge=vmbr0,tag=160,ip=10.100.161.102/23,gw=10.100.161.254 \
-  --features nesting=1,keyctl=1 \
-  --unprivileged 1 \
-  --start 1
-# Traefik installieren
+===== Konfiguration =====
-pct exec 102 -- bash -c '
-apt update && apt install -y wget
-# Binary herunterladen
+<code>
-wget https://github.com/traefik/traefik/releases/download/v3.3.3/traefik_v3.3.3_linux_amd64.tar.gz
+/etc/traefik/
-tar xzf traefik_*.tar.gz
+├── traefik.yml          # Static config
-mv traefik /usr/local/bin/
+├── acme.json            # Let's Encrypt certs
-chmod +x /usr/local/bin/traefik
+└── dynamic/
+    └── services.yml     # Service routes
-# Verzeichnisse anlegen
-mkdir -p /etc/traefik/conf.d /etc/traefik/ssl
-touch /etc/traefik/ssl/acme.json
-chmod 600 /etc/traefik/ssl/acme.json
-'
-# Hauptkonfiguration
-pct exec 102 -- tee /etc/traefik/traefik.yaml << 'YAML'
-api:
-  dashboard: true
-  insecure: true
-entryPoints:
-  web:
-    address: ":80"
-    http:
-      redirections:
-        entryPoint:
-          to: websecure
-          scheme: https
-  websecure:
-    address: ":443"
-providers:
-  file:
-    directory: /etc/traefik/conf.d
-    watch: true
-certificatesResolvers:
-  letsencrypt:
-    acme:
-      email: admin@miskam.xyz
-      storage: /etc/traefik/ssl/acme.json
-      dnsChallenge:
-        provider: cloudflare
-        resolvers:
-          - "1.1.1.1:53"
-          - "8.8.8.8:53"
-YAML
-# Systemd Service
-pct exec 102 -- tee /etc/systemd/system/traefik.service << 'SERVICE'
-[Unit]
-Description=Traefik
-After=network.target
-[Service]
-Type=simple
-ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.yaml
-Restart=always
-[Install]
-WantedBy=multi-user.target
-SERVICE
-# Cloudflare Token (für DNS Challenge)
-pct exec 102 -- mkdir -p /etc/systemd/system/traefik.service.d
-pct exec 102 -- tee /etc/systemd/system/traefik.service.d/cloudflare.conf << 'OVERRIDE'
-[Service]
-Environment="CF_DNS_API_TOKEN=DEIN_CLOUDFLARE_TOKEN"
-OVERRIDE
-pct exec 102 -- systemctl daemon-reload
-pct exec 102 -- systemctl enable --now traefik
 </code>
-==== Cloudflare API Token ====
+===== Routes =====
-  - [[https://dash.cloudflare.com/profile/api-tokens|Cloudflare API Tokens]]
+^ Host ^ Backend ^
-  - "Create Token" → "Edit zone DNS" Template
+| n8n.home.miskam.xyz | 10.100.161.111:5678 |
-  - Zone: miskam.xyz
+| vault.home.miskam.xyz | 10.100.161.112:8080 |
-  - Token in Vaultwarden speichern
+| wiki.home.miskam.xyz | 10.100.161.113:80 |
+| status.home.miskam.xyz | 10.100.161.114:3001 |
+| monitoring.home.miskam.xyz | 10.100.161.115:3000 |
+| git.home.miskam.xyz | 10.100.161.116:3000 |
-===== TLS / Let's Encrypt =====
+===== Logs =====
-  * **Provider:** Let's Encrypt
+<code bash>
-  * **Challenge:** DNS-01 via Cloudflare API
+journalctl -u traefik -f
-  * **Domain:** *.home.miskam.xyz (Wildcard)
-  * **Auto-Renewal:** Ja (Traefik)
-  * **Validity:** 90 Tage
-===== Routen =====
-==== Service URLs ====
-^ Service ^ Valid SSL (.home.miskam.xyz) ^ Internal (.srv.internal) ^
-| n8n | https://n8n.home.miskam.xyz | https://n8n.srv.internal |
-| Vaultwarden | https://vault.home.miskam.xyz | https://vault.srv.internal |
-| DokuWiki | https://wiki.home.miskam.xyz | https://wiki.srv.internal |
-| Uptime Kuma | https://status.home.miskam.xyz | https://status.srv.internal |
-| Checkmk | https://monitoring.home.miskam.xyz | https://monitoring.srv.internal |
-| Proxmox | https://hv-04.home.miskam.xyz | https://hv-04.srv.internal:8006 |
-===== Configuration =====
-^ File ^ Purpose ^
-| /etc/traefik/traefik.yaml | Main config |
-| /etc/traefik/conf.d/ | Dynamic routes |
-| /etc/traefik/ssl/acme.json | Certificates |
-===== Route hinzufügen =====
-<code yaml>
-# /etc/traefik/conf.d/myservice.yml
-http:
-  routers:
-    myservice:
-      rule: "Host(`myservice.home.miskam.xyz`) || Host(`myservice.srv.internal`)"
-      service: myservice
-      entryPoints:
-        - websecure
-      tls:
-        certResolver: letsencrypt
-        domains:
-          - main: "*.home.miskam.xyz"
-  services:
-    myservice:
-      loadBalancer:
-        servers:
-          - url: "http://10.100.161.XXX:PORT"
 </code>
-Traefik lädt Änderungen automatisch (file provider).
+===== Ansible =====
-===== Management =====
 <code bash>
-# Status
+ansible-playbook site.yml --limit traefik
-pct exec 102 -- systemctl status traefik
-# Logs
-pct exec 102 -- journalctl -u traefik -f
-# Restart
-pct exec 102 -- systemctl restart traefik
-# Zertifikat prüfen
-echo | openssl s_client -connect n8n.home.miskam.xyz:443 2>/dev/null | openssl x509 -noout -dates
-# Gespeicherte Zertifikate
-pct exec 102 -- cat /etc/traefik/ssl/acme.json | jq '.letsencrypt.Certificates[].domain'
 </code>
-===== Related =====
+===== Links =====
-  * [[network:overview|Network Overview]] - DNS setup
+  * [[https://doc.traefik.io/traefik/|Traefik Docs]]
-  * [[infrastructure:containers|Containers]] - CT 102 details
+  * [[infrastructure:tls-certificates|TLS Setup]]