Birkhoff's Blog

Thoughts and technonogies.

Serve Traefik's internal dashboard behind Traefik itself

Birkhoff Lee's Avatar July 23rd 2018

I have recently switched from jwilder/nginx-proxy + JrCs/docker-letsencrypt-nginx-proxy-companion to a more powerful reverse proxy called Traefik. Traefik has built-in ACME support, can be used as a load-balancer and (most importantly) has official Docker support!

When I was configuring Traefik’s internal dashboard (the good-looking web UI), I was thinking of serving it behind the proxy itself. But the documantation didn’t say how to do it. It only mentioned to serve the dashboard on a port other than 80 or 443, so you can only access with, for example, 111.222.333.444:7777. I wanted to use something like traefik.birkhoff.me.

Well, it needs a tricky hack.

You simply define a new entrypoint, I call it “traefik” here. Set the port number to anything you like. Finally give the Traefik container some traefik labels as you would to normal web containers.

Traefik.toml:

[entryPoints]
[entryPoints.http]
address = ":80"

[entryPoints.http.redirect]
entryPoint = "https"
permanent = true

[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]

[entryPoints.traefik]
address = ":9987"
compress = true

[entryPoints.traefik.auth.basic]
users = ["123:456"]

[api]
entryPoint = "traefik"
dashboard = true

docker-compose.yml:

version: '3'

services:
traefik:
......
expose:
- 9987
labels:
- "traefik.docker.network=traefik"
- "traefik.enable=true"
- "traefik.basic.frontend.rule=Host:traefik.birkhoff.me"
- "traefik.basic.port=9987"
- "traefik.basic.protocol=http"
......

It’s somehow stupid tho.