0

I’m trying to configure Traefik using Docker Compose for both local and external access through Cloudflare (with the proxy enabled).

This configuration works well, but it seems redundant to have multiple entry points for HTTP, creating two. I attempted to simplify this setup, but whenever I make changes, DNS access stops working, and I can only access it locally.

Can someone help me with this configuration?

Thank you in advance!

Here is my current configuration:

services:
  traefik:
    user: root
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    cap_add:
      - NET_BIND_SERVICE
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    environment:
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./acme.json:/acme.json
    labels:
      - 'traefik.enable=true'

      - 'traefik.http.routers.traefik-http.entrypoints=http'
      - 'traefik.http.routers.traefik-http.rule=Host(`traefik.mydomain`)'
      - 'traefik.http.routers.traefik-http.middlewares=redirect-to-https'

      - 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'

      - 'traefik.http.routers.traefik-https.entrypoints=https'
      - 'traefik.http.routers.traefik-https.rule=Host(`traefik.mydomain`)'
      - 'traefik.http.routers.traefik-https.tls=true'
      - 'traefik.http.routers.traefik-https.tls.certresolver=cloudflare'
      - 'traefik.http.routers.traefik-https.service=api@internal'
      - 'traefik.http.routers.traefik-https.middlewares=traefik-auth'

      - 'traefik.http.middlewares.traefik-auth.basicauth.users=user:password'

      - 'traefik.http.routers.traefik-additional.rule=Host(`traefik.mydomain`)'
      - 'traefik.http.routers.traefik-additional.entrypoints=http'
      - 'traefik.http.routers.traefik-additional.service=api@internal'
      - 'traefik.http.routers.traefik-additional.middlewares=traefik-auth'

networks:
  proxy:
    external: true

I adjusted it to this:

services:
  traefik:
    user: root
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    cap_add:
      - NET_BIND_SERVICE
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    environment:
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./acme.json:/acme.json
    labels:
      - 'traefik.enable=true'
      
      - 'traefik.http.routers.traefik-http.entrypoints=http'
      - 'traefik.http.routers.traefik-http.rule=Host(`traefik.mydomain`)'
      - 'traefik.http.routers.traefik-http.middlewares=http-to-https-redirect'

      - 'traefik.http.middlewares.http-to-https-redirect.redirectscheme.scheme=https'
      - 'traefik.http.middlewares.http-to-https-redirect.redirectscheme.permanent=true'

      - 'traefik.http.routers.traefik-https.entrypoints=https'
      - 'traefik.http.routers.traefik-https.rule=Host(`traefik.mydomain`)'
      - 'traefik.http.routers.traefik-https.tls=true'
      - 'traefik.http.routers.traefik-https.tls.certresolver=cloudflare'
      - 'traefik.http.routers.traefik-https.service=api@internal'
      - 'traefik.http.routers.traefik-https.middlewares=dashboard-auth'

      - 'traefik.http.middlewares.dashboard-auth.basicauth.users=user:password'

networks:
  proxy:
    external: true

Here is my traefik.yml file:

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

api:
  dashboard: true
  debug: true
  insecure: true

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  cloudflare:
    acme:
      email: "myemail"
      storage: "/acme.json"
      dnsChallenge:
        provider: "cloudflare"

Any advice or suggestions would be greatly appreciatedtraefik dashboard

Improve this question

1 Answer 1

Reset to default
0

I haven't worked with Cloudflare in a couple of years, but have you tried setting up origin connection over HTTPS without cert verification?

As far as I remember, there were 4 modes of connecting to Origin:

  1. HTTP
  2. HTTPS with certificate verification
  3. HTTPS without certificate verification
  4. HTTPS with "self-signed" certificate

CF always defaulted to HTTP. So you'd have to explore Origin connection settings to solve this.

Note: pretty sure last option was Enterprise-only, since it required setting up a CA and providing a certificate for establishing trust, and you can still have Let's Encrypt on Origin, but it's a bit more fiddly - you would have to set up DNS validation.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.