- Clone the repo.
- Configure Cloudflare
- DNS Challenge (for LetsEncrypt verification) is enabled by default for cloudflare.
- For a list of providers other than cloudflare, check here.
- Setup OAuth *
- Configure environmental variables (
.env
file)- Rename the included
env.example
to.env
. - Edit variables in
.env
file. - All variables (ie.
$XXX
) in docker-compose.yml come from.env
file stored in the same place as docker-compose.yml. - Ensure good permissions for the
.env
file (recommended: 640).
- Rename the included
- Edit
docker-compose.yml
to include only the services you want or add additional services to it. Be sure to read the comments for each app and create any required files. - Setup the network and traefik mounts:
docker network create --gateway 192.168.90.1 --subnet 192.168.90.0/24 t2_proxy Subnet range 192.168.0.0/16 covers 192.168.0.0 to 192.168.255.255 touch $USERDIR/traefik2/acme/acme.json chmod 600 $USERDIR/traefik2/acme/acme.json touch $USERDIR/traefik2/traefik.log
- (Optional) Put non-docker apps behind Traefik proxy by renaming
traefik/rules/app.toml.example
totraefik/rules/app.toml
and editing its contents.
* If OAuth is not configured then removing it from the middlewares chain should be sufficient to allow other services to be accessable, although it would be better to just update the middlewares used by each individual service.
[http.middlewares.chain-oauth]
[http.middlewares.chain-oauth.chain]
- middlewares = [ "middlewares-rate-limit", "middlewares-secure-headers", "middlewares-oauth"]
+ middlewares = [ "middlewares-rate-limit", "middlewares-secure-headers"]
For restricting public access, I use two sets of HTTP(S) entrypoints where one pair is the portforwarded to the internet
For a great point of reference see here