This was fantastic. I tried to setup traefik a few months ago but didn't ever get it to work. It works now and I switched all my containers to it. Thank you!
What a journey, but thanks to your video I was able to configure traefik, portainer and pihole... so far, so good with my new adventure setting up my home lab. Thanks!
This is the best video on Traefik. I have Traefik running on Tailscale with nextDNS as my DNS. Loving the fact that i can deply Traefik in mins with all my configs.
I was using NPM as my reverse proxy when I started my homelab journey over two years ago. I switched to Traefik because it challenged me to understand how it works. Now I have all my services running on it with Pihole as internal DNS and Cloudflare for external. I appreciate you updating your Traefik tutorial 🤝
Fantastic video, Christian. Something I've discovered over time is that I can reduce the verbosity of my config by providing some sane defaults in my provider config to do things like specifying the docker network to use, as well as the ability to use custom rules when all of my services are deployed to a domain with a wildcard record like you outlined. I took the opportunity to write these up on my blog, and if it's okay, I can share it in the comments here for you and others to take advantage of.
Fantastic work! Your "old" Traefik video got me up and running with Traefik in Docker, and I love it! Can't wait for your video on Traefik in k8s, since I'm transitioning to k8s in my homelab these days.
Thanks for a great video. I have been using Traefik 2.9 untill now, and have for some time now, wanted to move to latest version. I haven't had the time to look into it. This video, made me switch from 2.9 to 3.1 in about on hour. Thanks again.
Great video! Lempa to Implementation (Lempamentation) is what I always say. No need to set the speed of the video to 1.5... CL changed his configuration to speak in 1.5 speed :)
Thank you! I'm planning to add these config steps into other videos where it's needed. For example, if we discuss authentik using middlewares and outposts, stay tuned for this topic coming out next year :)
Thank you for this awesome and easy tutorial. I have just learned from this video after searching more on youtube and google. I am able to setup multiple domain in the same vps using docker. It would be better if you make a load balancer video with docker and traefik
I’ve been using nginx proxy manager for years, but Traefik is very tempting. I just wish it had a nice GUI to make changes instead of editing a bunch of config files.
Traefik and Caddy are both excellent and have pros and cons for different situations. Check out Zaroxy as well which is a new kid on the block that I think will be a good option for a lot of home-labbers
excellent as always Christian. Question: What if I have multiple servers running docker containers? Do I run a traefik server per server or do I have one and the containers are managed across the network from a single server? Thanks
Thank you so much! :) I run traefik on each server, since I don't have a better way to transfer the requests from one server to another. Maybe a Docker Swarm setup would be better in this scenario, but that's a topic I might have to look into at some point.
You sir are a legend! Thank you for this brilliant tutorial. I finally learnt what Traefik is and most importantly, got it up and running.. do you have a video on how to setup Authelia with Traefik? that's next for me :)
Thank you so much!! :) No, there's no Authelia video planned, but I've done a video about authentik, in future videos, I will expand the Traefik + Authentik setup.
Useful, concise. Especially with the boilerplates. Would it be possible you do a video about wildcard certs in traefik with cloudflare? You already saved me so much research time with this, and I am really grateful!
As always, a very interesting video. Now, I would like you to use configurations that are valid in production even if it is for a HomeLab. For example, the UI exposure of port 8080 should be protected. How would this be done? Another question you have not addressed is the number of Traefik you have. Do you install one on each server? If so, how do you route to the Dockers that are on other machines? (and that are obviously not on the same network). Or how do you route to non-Docker applications? I hope you can explain this in the comments or in a new video. Thanks for everything you post.
Protecting the UI is a topic for another video. :) Regarding the other questions, I deploy Traefik on each server and I don't route any external services, yet.
This is fantastic! I finally understood Traefik 😅. I do have a question, though: In the video, you showed how to configure the Nginx server which is using port 80 for its web interface. How would we set it up for applications that use other ports for their web interface? Thank you for your hard work!
Very nice! You have a video some months ago showing how to use selfhosted netbird with quick start guide but it would be very interesting putting it behind Traefik and use Authentik instead of Zitadel. Maybe a video on that?
as of ~2 months ago mine was able to renew them automatically without any extra config. i think letsencrypt also sent an email warning me that they were near expiry so i could keep an eye on it.
One thing that's probably worth at least considering is that if you use CLI arguments for the static config in the Docker Compose, this lets you pull from environment variables (or a .env file), Docker secrets, etc., and I am not sure using the traefik.yml can do this. But I am not that far yet, I am in the planning phase. Hell, you might say I'm in the pre-planning phase, as I've had Proxmox installed on a MS-01 for 5-6 months and still haven't decided what distribution I want to use for my Docker host :D
Yet another fantastic video that turns something complicated into something easy to understand. Just one question that you didn't cover and that is how do you add a docker host on another machine? I have the docker host that I have installed Traefik on and another that I have docker-proxy on. How would I add that to providers as everything I try prevents Traefik from starting.
Just as an update. I have been unable to find a way directly in traefik but used a docker container called traefik-kop, which solved the issue, and I now have two docker machines using one traefik instance
I'm actually just starting out and was stuck one part, i run the lxc proxmox container and the .env file that doesn't seem to work does it for just yml configuration? So how do you feed the token properly?
Do you know if there is any way to use wireguard as a VPN tunnel for something like home-assistant with wireguard running in proxmox, and home-assistant on its own PC/RPI Where only approved devices can access the HA-server from outside the network trough wireguard.
Why do we need a backend in your boilerplate setup if the frontend already handles the requests directly? And why do you include a backend in the setup without explaining its purpose?
Hi! this work wonderfully but i want to use traefik (on my OMV VM) on another docker container on my proxmox server, what would be the best way to achieve that? a docker swarm?
There are multiple ways to do this, you could deploy multiple instances of traefik, use external host configs in traefik, or docker swarm would also be a good idea. It depends a bit on your setup and what you want to achieve, why not join our community on discord and raise it as a question.
Do you have time to update your DNS Bind9 video? Its a bit old. When it runs there are tons of errors around rndc and keys and config to manage the platform as well as maybe include some zone transfer and other basic settings that would be required to make sure DNS is available? Thank you for the great content.
hello is there any way to expose my home server to the world. assuming that my Internet provider blocks changing ports in the router, the IP address is not public and dynamic and I cannot connect an external router. and buying a domain costs a bit
I'm planning on deploying Traefik on Proxmox, how would you handle traefik labels for between LXC containers, since people say LXC can separate services and also some services like Jellyfin requires a LXC for iGPU
I'm not using LXC, so unfortunately I can't be sure, but I don't think LXC has labels. It's really just for Docker (which is the reason why I don't use LXC)
@@christianlempa oh thank you helping. I guess only way to take advantage of traefik label make it more convenient is using a single VM for Docker related services and put Traefik there.
Thank you soo much for this video, it really helped. Query, do you play that white piano on the back ground. If yes we need to see a video of you doing so please. Putting in a special request
Thank you so much! :D Maybe I'm gonna record something in the coming weeks and put it on social media or maybe a second private channel... but I can't promise, long time I didn't play
Great video @Christian Lempa! Thanks for the refreshed content! This was helpful! I've been banging my head against the keyboard for the last week or so getting Wazuh to be accessible to my domain behind Traefik. Does anyone have any insight? Thanks!
I have definitely in the party of not using the version of Traefik automatically installed by K3S but now I am wondering why! Have you explored using installed version. It is installed using a Helm Custom Resource and dropping a file in `/var/lib/rancher/k3s/server/manifests` that contains a couple of HelmChart resources. You should be able to update that file and have it automatically updated with your changes. What is the real benefit of removing all of the resources installed automatically by Helm and then reinstalling a custom version? It has to be more than just changing namespace.
thank you :) I avoid using nginx proxy manager, because I don't believe it's a good project. I've made one video at some point explaining it: th-cam.com/video/uaixCKTaqY0/w-d-xo.htmlsi=KSSPWqEn_WpX3bQw
@christianlempa oh wow I guess I missed this video. I never realized NPM had that many issues and the dev team was so small. I just checked and they currently have 718 open bugs. Thanks again for another insightful video!
Thank you! Currently, I'm using for each server a separate Traefik instance, but maybe I'm going to rethink that setup next year with using Docker Swarm... we'll see ;)
Thanks for video Christian !! Please can you make a video to handle /static/, /media/ files for custom website (like a website on django) with nginx proxy manager, thanks !!
So If I am running game servers that use UDP and or TCP ports. I should use routes for traefik to prevent breaking connectivity once traefik is online ?
Haven't seen it yet, but i always have some issues with traefik 😂. There for i even started to use/learn iptable rules, virtual network interfaces, certbot and ufw. At the end its the same as Treafik
Well, that's not true. What you use is a firewall solution working on the TCP/IP layer, but Traefik is a reverse proxy, meaning it hooks into the HTTP requests, can do some modifications to the requests and forward it.
Hi! I haven't watched the video, yet, but skipped over the timeline/chapters. Are you talking about redirecting requests from one traefik to another to a service, too, or would you like to make a tutorial for that? For example, I, currently, am running a immich in my homelab. However, I'd like to expose /share/* to the outside. Since you usually do not have a stable IP address, I thought of going through a VPS of mine which. So, any request to /share/* coming from the outside will be directed at my VPS and from there, traefik should route it via my VPN connection to my local traefik which will forward it to immich itself. I have never really gotten it to work with traefik. Can you do a tutorial like that? Do you have any other ideas (except for Cloudflare tunnels) regarding that? Any clues on what might have gone wrong? :D
@christianlempa that'd be so cool! It might be a 'niche' case, but I think a lot of people could benefit from something like this as it secures services and your home network down, and you can use static IPs (if you don't have one)!
I really need to manage TLS for local webapp, I can´t understand why the majority of reverse proxy doesn't support that. I just found Caddy useful for that kind of scenario, but I prefer something with a nice UI. :(
@newaira333 i know it but he doesn't handle local TLS. I don't expose service on internet so I don't want to have a internet domain just for having cert from let's encrypt. Caddy handle this very well but I don't like the way to use it.
@@mattiavadala7870 You can self-host your certificate authority / manager with "Smallstep". And for the domain name, self-host your DNS. If this information can help you
Wow wollte dir gerade schreiben Christian weil du mal ein Video über Kubernetes gemachthattest für TrueNas Scale. Da diese nun bei Docker sind kann ich das Video als passende Anleitung nehmen oder fehlt etwasspezifisches?
Kein edit unter iOS hm. Mir gings dabei nebst reverse proxy auch etwas um den Vergleich mit dem cloudflare DNS Tunnel Proxy Teil. Wollte nur Nextcloud Publisher und überlege nun ob Proxy oder einfach den Tunnel zu nehmen. Oder macht eine Kombination Sinn?
Damit dürfte es nun soweit klar sein =). Muss nur schauen ob ich ein docker Manager nehme oder truenas intern irgendwas gebastelt hat. Acme läuft ja schon in truenas aber ja so würde es mir schon besser gefallen mit configs.
Traefik is great when it works but tbh.. i've had to tinker so much to get it to work with my sonarr and radarr containers.. Not to mention i still havent gotten my own react applications to work behind traefik.
Can somebody please explain to me why we need web applications now to do what a few lines of config file of the major webservers have been doing for decades? What timeline is this? This is just more stuff to maintain on top of all the stuff thats going on...WHY? Just expose a port, point reverse proxy to port, be done. Load balancing is also not a new concept. Am I getting old here? Am I being naive? Honestly idk why we need all of this... Is this simply a new webserver/balancer/proxy contender with a GUI and tons of buzz words?
Most webservers won't have the smarts to go out and get the SSL certificate using DNS challenge, nor intelligently parse the backend docker or kubernetes. This is a smart layer 7 protocol router/reverse proxy that is separate from whatever web server or application you want to use. You could use this to frontend the web gui of IoT applications where you may not have control of the web server. Nginx web proxy can do similar, or Caddy, or HAProxy. Think of this as a single proxy for a farm of servers or applications. Doing it in webserver typically does it for that single server and you would have to configure it for every server you had in play. This can be in front of apache and nginx at the same time if both happen to be in separate containers or separate servers/nodes.
I can't say anything about getting old 😆, but just a few ideas why this is useful. Imagine you don't have to worry about managing config lines on your web server / proxy, or use additional services to manage TLS certificates. You can all do it with just 4 lines in your docker-compose files, which you use for application deployment. Also, when it comes to Kubernetes, it has so many advantages.
@@christianlempa Thanks! I love how you just manage the containers using compose, command line and VS Code connected through SSH. Do you still use Portainer or something like that?
Hi, would you teach me privately? Will pay per hour. Deutscher Azubi, Mir wurde ein Server anvertraut und ich muss Traefik, Authelia und Docker vernetzen. Suche dringend einen Tutor und das wäre das Geld wert.
Hallo, erst mal schön, dass du die Ausbildung machst, klingt nach einem super interessanten Projekt! :) Allerdings habe ich leider keine Zeit für individuelles Coaching, etc. Ich würde dir aber gerne unsere Discord Community empfehlen, bin auch selbst oft da in den Channels aktiv. Und meine Videos über diese Themen helfen natürlich auch! LG
I don't know what I'm doing wrong. I keep running into the same problem after I unpack docker compose up. docker compose up Attaching to traefik-demo-1 and then nothing happens. I have taken over the docker-compose.yaml and traefik.yaml 1 to 1 as in the video :(
Probably this is best video on Traefik.
Thank you so much! :)
This was fantastic. I tried to setup traefik a few months ago but didn't ever get it to work. It works now and I switched all my containers to it. Thank you!
Awesome! Glad it helped you :)
this video about trafik is much better than the first one you made
Thank you so much! Appreciate it :)
Love your video, I was having a hard time understanding traefik via their docs, and now everything makes sense thanks to you.
Oh I'm glad you say this! Thank you :)
What a journey, but thanks to your video I was able to configure traefik, portainer and pihole... so far, so good with my new adventure setting up my home lab. Thanks!
Glad it helped! :)
This is the best video on Traefik. I have Traefik running on Tailscale with nextDNS as my DNS. Loving the fact that i can deply Traefik in mins with all my configs.
THank you so much! :)
This solves my problem with reverse proxying to a bunch of services defined in a different docker compose. Thank you so much!
Great to hear!
I was using NPM as my reverse proxy when I started my homelab journey over two years ago. I switched to Traefik because it challenged me to understand how it works. Now I have all my services running on it with Pihole as internal DNS and Cloudflare for external. I appreciate you updating your Traefik tutorial 🤝
Can you explain a little more about PiHole and Cloudflare? Can you give an example of a service and how you define it in each of them? Thanks.
Awesome! Yeah, NPM is honestly not a great project imo, it's a good idea to migrate :)
@@christianlempaWhat makes it a subpar option?
Fantastic video, Christian. Something I've discovered over time is that I can reduce the verbosity of my config by providing some sane defaults in my provider config to do things like specifying the docker network to use, as well as the ability to use custom rules when all of my services are deployed to a domain with a wildcard record like you outlined. I took the opportunity to write these up on my blog, and if it's okay, I can share it in the comments here for you and others to take advantage of.
I would be interested in this write up
@@joshs2022 Me too ;-)
Thanks for the kind words, feel free to share it ;)
I'd be interested as well
Thank you Christian, very helpful as always!
Thank you :)
Perfect timing. Thank you.
You're welcome!
Fantastic work! Your "old" Traefik video got me up and running with Traefik in Docker, and I love it! Can't wait for your video on Traefik in k8s, since I'm transitioning to k8s in my homelab these days.
Awesome! :D
Thanks for a great video. I have been using Traefik 2.9 untill now, and have for some time now, wanted to move to latest version. I haven't had the time to look into it. This video, made me switch from 2.9 to 3.1 in about on hour. Thanks again.
Awesome! Glad it was helpful :)
Best Traefik Video ever
Thank you so much :)
Great video! Lempa to Implementation (Lempamentation) is what I always say. No need to set the speed of the video to 1.5... CL changed his configuration to speak in 1.5 speed :)
Haha thank you so much! Appreciate it :D
Great video and it was a pleasure to see updated traefik tutotial. Hope to see more advance tutorial about middlewares etc 😊
Great suggestions! I'll include a basic tutorial about middlewares in my video about authentik + traefik
Holy smokes! It works! Thank you so much for this great tutorial.
Thank you! :)
I'm for that SWAG life. It's so simple and comes integrated with Crowdsec and Fail2Ban
I always enjoy watching your amazing tutorials. Thanks for sharing.
You are so welcome!
probably the most chaotic video on traefik.
thank you i love the way you explain everything in details
Thank you so much!
Great video! Would love a follow-up that goes through more advanced configuration (such as using Cloudflare origin certs) and label usage.
Thank you! I'm planning to add these config steps into other videos where it's needed. For example, if we discuss authentik using middlewares and outposts, stay tuned for this topic coming out next year :)
@ awesome, keep up the great work!!
Amazing tutorial, easy to follow. Thank you for sharing.
Thank you for this awesome and easy tutorial. I have just learned from this video after searching more on youtube and google. I am able to setup multiple domain in the same vps using docker. It would be better if you make a load balancer video with docker and traefik
Glad it was helpful! What would you like to see in a future video?
@christianlempa thank you for the reply. I would love to learn about setting up the load balancer for multiple vps using traefik and docker.
Thanks Christian!
Thank you! :)
I’ve been using nginx proxy manager for years, but Traefik is very tempting. I just wish it had a nice GUI to make changes instead of editing a bunch of config files.
You just have to get used to the config labels, but if you got your templates I think it's even much faster and easier to configure than in a UI.
Caddy looks very promising as compared to Traefik.
Traefik and Caddy are both excellent and have pros and cons for different situations. Check out Zaroxy as well which is a new kid on the block that I think will be a good option for a lot of home-labbers
Only annoying thing is that they don't have a k8s gateway api provider unlike traefik. There is something on github but its probably some beta
Out of curiosity, why is it promising compared to traefik? (Asking for a friend which is trying to implement traefik in every single stack 😅)
I do like Zoraxy! :D
Currently, for someone like me the best option.
Maybe I'll give Traefik another try after this video.
Caddy is too slow.
Great and clear video on traefik !! Thnx
Glad it was helpful!
excellent as always Christian. Question: What if I have multiple servers running docker containers? Do I run a traefik server per server or do I have one and the containers are managed across the network from a single server?
Thanks
Thank you so much! :) I run traefik on each server, since I don't have a better way to transfer the requests from one server to another. Maybe a Docker Swarm setup would be better in this scenario, but that's a topic I might have to look into at some point.
just awesome tutorial
Thank you! Cheers!
You sir are a legend! Thank you for this brilliant tutorial. I finally learnt what Traefik is and most importantly, got it up and running.. do you have a video on how to setup Authelia with Traefik? that's next for me :)
Thank you so much!! :) No, there's no Authelia video planned, but I've done a video about authentik, in future videos, I will expand the Traefik + Authentik setup.
@christianlempa that would be wonderful... Thanks for your reply, and will wait for the video
Danke für das Video. Habe es nun verstanden denk ich.
Das freut mich! 😊👏
Useful, concise. Especially with the boilerplates. Would it be possible you do a video about wildcard certs in traefik with cloudflare?
You already saved me so much research time with this, and I am really grateful!
As always, a very interesting video.
Now, I would like you to use configurations that are valid in production even if it is for a HomeLab. For example, the UI exposure of port 8080 should be protected. How would this be done?
Another question you have not addressed is the number of Traefik you have. Do you install one on each server? If so, how do you route to the Dockers that are on other machines? (and that are obviously not on the same network).
Or how do you route to non-Docker applications?
I hope you can explain this in the comments or in a new video.
Thanks for everything you post.
Protecting the UI is a topic for another video. :) Regarding the other questions, I deploy Traefik on each server and I don't route any external services, yet.
Would really love to see the video on deploying and configuring Traefik with TLS certs on Kubernetes.
That's coming soon ;)
@christianlempa Will you be using an Ingress or IngressRoute? I prefer IngressRoute as it's easier to configure.
This is fantastic! I finally understood Traefik 😅.
I do have a question, though: In the video, you showed how to configure the Nginx server which is using port 80 for its web interface. How would we set it up for applications that use other ports for their web interface?
Thank you for your hard work!
Awesome! You have to modify the labels for the service objects, e.g. traefik.http.services.service.loadbalancer.server.port=3000
great tutorial.
Glad you liked it!
A link to your mentioned boilerplate repository in the description would be nice
It's in my docs link
This is incredible
Thx ;)
love your videos, thanks very helpfull!
Glad you like them!
Very nice! You have a video some months ago showing how to use selfhosted netbird with quick start guide but it would be very interesting putting it behind Traefik and use Authentik instead of Zitadel. Maybe a video on that?
Thank you, great suggestions, but currently I don't have time for it, maybe I need to follow-up on it next year
@@christianlempa That would be nice!
The Lets Encrypt certificates are usually valid for 90 days. Does Traefik automatically renew the expired certificates that it has created as needed?
as of ~2 months ago mine was able to renew them automatically without any extra config. i think letsencrypt also sent an email warning me that they were near expiry so i could keep an eye on it.
yep indeed! it does it automatic
Id love to see a guide on setting up a separate mac address and local ip for every container
There's a video: th-cam.com/video/5grbXvV_DSk/w-d-xo.html
@@christianlempa Thank you very much, just hope its not outdated at this point, but definitely gonna watch it.
One thing that's probably worth at least considering is that if you use CLI arguments for the static config in the Docker Compose, this lets you pull from environment variables (or a .env file), Docker secrets, etc., and I am not sure using the traefik.yml can do this. But I am not that far yet, I am in the planning phase. Hell, you might say I'm in the pre-planning phase, as I've had Proxmox installed on a MS-01 for 5-6 months and still haven't decided what distribution I want to use for my Docker host :D
Hm, you're right, that's an advantage! Just the formatting and size of the CLI arguments are a bit annoying, so I still prefer the config file.
Please give us the link of the source code, your description link is not working.
github.com/christianlempa/boilerplates
Yet another fantastic video that turns something complicated into something easy to understand.
Just one question that you didn't cover and that is how do you add a docker host on another machine?
I have the docker host that I have installed Traefik on and another that I have docker-proxy on. How would I add that to providers as everything I try prevents Traefik from starting.
Just as an update. I have been unable to find a way directly in traefik but used a docker container called traefik-kop, which solved the issue, and I now have two docker machines using one traefik instance
Thank you! Glad you could solve the issue :)
I'm actually just starting out and was stuck one part, i run the lxc proxmox container and the .env file that doesn't seem to work does it for just yml configuration? So how do you feed the token properly?
Do you know if there is any way to use wireguard as a VPN tunnel for something like home-assistant
with wireguard running in proxmox, and home-assistant on its own PC/RPI
Where only approved devices can access the HA-server from outside the network trough wireguard.
Why do we need a backend in your boilerplate setup if the frontend already handles the requests directly? And why do you include a backend in the setup without explaining its purpose?
I need to update the template, gonna do it the next days ;)
Great video, thanks. Any reason why you didn't use the HTTP challenge instead? I was thinking that would be simpler?
The HTTP challenge requires an external connection from the letsencrypt server to traefik
No. No cloudflare. The whole world and internet is depending already too much on the centralized cloudflare services. Just no.
Hi! this work wonderfully but i want to use traefik (on my OMV VM) on another docker container on my proxmox server, what would be the best way to achieve that? a docker swarm?
There are multiple ways to do this, you could deploy multiple instances of traefik, use external host configs in traefik, or docker swarm would also be a good idea. It depends a bit on your setup and what you want to achieve, why not join our community on discord and raise it as a question.
@@christianlempa Thanks for the answer, didn't knew you have a discord server, doing a jump there right now!
Do you have time to update your DNS Bind9 video? Its a bit old. When it runs there are tons of errors around rndc and keys and config to manage the platform as well as maybe include some zone transfer and other basic settings that would be required to make sure DNS is available? Thank you for the great content.
Thank you! I don't think the content is outdated, maybe there's something wrong with your config, perhaps we should follow up on discord
What do you use for slides & presentation ?
I'm using Excalidraw+ which has a presentation mode
@@christianlempa I didn't know ExcaliDraw has a "+" version :D For a long time I was wondering how to use the frames etc :D Thanks
re the ad: the world really needs more scrapers -,-
hello is there any way to expose my home server to the world. assuming that my Internet provider blocks changing ports in the router, the IP address is not public and dynamic and I cannot connect an external router. and buying a domain costs a bit
Check out Cloudflare Tunnels
You do know that you can define and specify the docker network directly into the docker compose file. Right? 😮
So no need to create it manually via cli..
I'm planning on deploying Traefik on Proxmox, how would you handle traefik labels for between LXC containers, since people say LXC can separate services and also some services like Jellyfin requires a LXC for iGPU
I'm not using LXC, so unfortunately I can't be sure, but I don't think LXC has labels. It's really just for Docker (which is the reason why I don't use LXC)
@@christianlempa oh thank you helping. I guess only way to take advantage of traefik label make it more convenient is using a single VM for Docker related services and put Traefik there.
Thank you soo much for this video, it really helped. Query, do you play that white piano on the back ground. If yes we need to see a video of you doing so please. Putting in a special request
Thank you so much! :D Maybe I'm gonna record something in the coming weeks and put it on social media or maybe a second private channel... but I can't promise, long time I didn't play
Great video @Christian Lempa! Thanks for the refreshed content! This was helpful!
I've been banging my head against the keyboard for the last week or so getting Wazuh to be accessible to my domain behind Traefik. Does anyone have any insight? Thanks!
Thank you so much :)
Any reason for Traefik if you’re already having NGINX??
Nginx is just an example, this could be any other application, also non HTTP and TCP/UDP
What about using it across machines, did you ever find a way besides traefik kop?
I have definitely in the party of not using the version of Traefik automatically installed by K3S but now I am wondering why!
Have you explored using installed version. It is installed using a Helm Custom Resource and dropping a file in `/var/lib/rancher/k3s/server/manifests` that contains a couple of HelmChart resources. You should be able to update that file and have it automatically updated with your changes.
What is the real benefit of removing all of the resources installed automatically by Helm and then reinstalling a custom version? It has to be more than just changing namespace.
I like to manage the config using the Helm Values instead of modifications I have to put into the configmap
@ You can drop a file with a HelmChartConfig in the same directory and it overrides the values in the HelmChart.
Would you have time to do the same video but for Nginx Proxy Manager? Thanks and you videos are super helpful, very well done, and highly informative!
thank you :) I avoid using nginx proxy manager, because I don't believe it's a good project. I've made one video at some point explaining it: th-cam.com/video/uaixCKTaqY0/w-d-xo.htmlsi=KSSPWqEn_WpX3bQw
@christianlempa oh wow I guess I missed this video. I never realized NPM had that many issues and the dev team was so small. I just checked and they currently have 718 open bugs. Thanks again for another insightful video!
@ no problem, thanks for watching :)
I like your videos very helpful. Maybe you can show traefik with multi-node setup
Thank you! Currently, I'm using for each server a separate Traefik instance, but maybe I'm going to rethink that setup next year with using Docker Swarm... we'll see ;)
Thanks so much.
You're welcome!
Thanks for video Christian !! Please can you make a video to handle /static/, /media/ files for custom website (like a website on django) with nginx proxy manager, thanks !!
You're welcome! :) I'm not using nginx proxy manager anymore, I think you can use traefik for any static website as well.
@@christianlempa Ok thank you
So If I am running game servers that use UDP and or TCP ports. I should use routes for traefik to prevent breaking connectivity once traefik is online ?
You can use UDP or TCP routers too!
would be interesting if this can replace wireguard for this usecase.
Haven't seen it yet, but i always have some issues with traefik 😂. There for i even started to use/learn iptable rules, virtual network interfaces, certbot and ufw. At the end its the same as Treafik
Well, that's not true. What you use is a firewall solution working on the TCP/IP layer, but Traefik is a reverse proxy, meaning it hooks into the HTTP requests, can do some modifications to the requests and forward it.
Hi!
I haven't watched the video, yet, but skipped over the timeline/chapters.
Are you talking about redirecting requests from one traefik to another to a service, too, or would you like to make a tutorial for that?
For example, I, currently, am running a immich in my homelab. However, I'd like to expose /share/* to the outside. Since you usually do not have a stable IP address, I thought of going through a VPS of mine which. So, any request to /share/* coming from the outside will be directed at my VPS and from there, traefik should route it via my VPN connection to my local traefik which will forward it to immich itself.
I have never really gotten it to work with traefik. Can you do a tutorial like that? Do you have any other ideas (except for Cloudflare tunnels) regarding that? Any clues on what might have gone wrong? :D
That's not part of this video, maybe I'll include it in another.
@christianlempa that'd be so cool!
It might be a 'niche' case, but I think a lot of people could benefit from something like this as it secures services and your home network down, and you can use static IPs (if you don't have one)!
I really need to manage TLS for local webapp, I can´t understand why the majority of reverse proxy doesn't support that. I just found Caddy useful for that kind of scenario, but I prefer something with a nice UI. :(
Nginx Proxy Manager is probably as good as it gets if you want to manage the proxy via a decent GUI
@newaira333 i know it but he doesn't handle local TLS. I don't expose service on internet so I don't want to have a internet domain just for having cert from let's encrypt. Caddy handle this very well but I don't like the way to use it.
@@mattiavadala7870 You can self-host your certificate authority / manager with "Smallstep". And for the domain name, self-host your DNS.
If this information can help you
@68misty50 is absolutely right! hopefully I have time next year to finally get smallstep up and running ;)
would love a video on openziti as an alternative to something like twingate.
Maybe at some point, currently I'm happy with Twingate.
Wow wollte dir gerade schreiben Christian weil du mal ein Video über Kubernetes gemachthattest für TrueNas Scale. Da diese nun bei Docker sind kann ich das Video als passende Anleitung nehmen oder fehlt etwasspezifisches?
Kein edit unter iOS hm. Mir gings dabei nebst reverse proxy auch etwas um den Vergleich mit dem cloudflare DNS Tunnel Proxy Teil. Wollte nur Nextcloud Publisher und überlege nun ob Proxy oder einfach den Tunnel zu nehmen. Oder macht eine Kombination Sinn?
Damit dürfte es nun soweit klar sein =). Muss nur schauen ob ich ein docker Manager nehme oder truenas intern irgendwas gebastelt hat. Acme läuft ja schon in truenas aber ja so würde es mir schon besser gefallen mit configs.
Traefik is great when it works but tbh.. i've had to tinker so much to get it to work with my sonarr and radarr containers..
Not to mention i still havent gotten my own react applications to work behind traefik.
Wie heißt die Font/schriftart für deine Visualisierungen Meister? Sieht jedesmal sehr anschaulich aus!
Das ist die Standardschrift von Excalidraw, super tool! :)
@christianlempa alleine das Tool ist ein kurzes Video wert 😅 direkt als Favorit gespeichert 😁
@ Danke! Hatte ich mal überlegt aber ich werde wahrscheinlich mal ein video generell über Tools machen die ich oft verwende
Can somebody please explain to me why we need web applications now to do what a few lines of config file of the major webservers have been doing for decades? What timeline is this? This is just more stuff to maintain on top of all the stuff thats going on...WHY? Just expose a port, point reverse proxy to port, be done. Load balancing is also not a new concept. Am I getting old here? Am I being naive? Honestly idk why we need all of this...
Is this simply a new webserver/balancer/proxy contender with a GUI and tons of buzz words?
Most webservers won't have the smarts to go out and get the SSL certificate using DNS challenge, nor intelligently parse the backend docker or kubernetes. This is a smart layer 7 protocol router/reverse proxy that is separate from whatever web server or application you want to use. You could use this to frontend the web gui of IoT applications where you may not have control of the web server. Nginx web proxy can do similar, or Caddy, or HAProxy. Think of this as a single proxy for a farm of servers or applications. Doing it in webserver typically does it for that single server and you would have to configure it for every server you had in play. This can be in front of apache and nginx at the same time if both happen to be in separate containers or separate servers/nodes.
I can't say anything about getting old 😆, but just a few ideas why this is useful. Imagine you don't have to worry about managing config lines on your web server / proxy, or use additional services to manage TLS certificates. You can all do it with just 4 lines in your docker-compose files, which you use for application deployment. Also, when it comes to Kubernetes, it has so many advantages.
What's the advantage of Traefik over NPM for reverse proxying?
I've made a video on NPM, in my opinion, it's not a reliable project.
@@christianlempa Thanks! I love how you just manage the containers using compose, command line and VS Code connected through SSH. Do you still use Portainer or something like that?
Wouldn't use traefik for high (really) load
easy he says LOL
isn't it? :D
Hi, would you teach me privately? Will pay per hour. Deutscher Azubi, Mir wurde ein Server anvertraut und ich muss Traefik, Authelia und Docker vernetzen. Suche dringend einen Tutor und das wäre das Geld wert.
Hallo, erst mal schön, dass du die Ausbildung machst, klingt nach einem super interessanten Projekt! :) Allerdings habe ich leider keine Zeit für individuelles Coaching, etc. Ich würde dir aber gerne unsere Discord Community empfehlen, bin auch selbst oft da in den Channels aktiv. Und meine Videos über diese Themen helfen natürlich auch! LG
@@christianlempa danke für deine Antwort. Wie erreiche ich deinen Discord?
I don't know what I'm doing wrong. I keep running into the same problem after I unpack docker compose up.
docker compose up
Attaching to traefik-demo-1
and then nothing happens. I have taken over the docker-compose.yaml and traefik.yaml 1 to 1 as in the video :(
Maybe let's follow up on Discord
I have exactly the same