/ server

Serve Traefik's internal dashboard behind Traefik itself

I have recently switched from jwilder/nginx-proxy + JrCs/docker-letsencrypt-nginx-proxy-companion to a more powerful reverse proxy called Traefik. Traefik has built-in ACME support, can be used as a load-balancer and (most importantly) has official Docker support!

When I was configuring Traefik's internal dashboard (the good-looking web UI), I was thinking of serving it behind the proxy itself. But the documantation didn't say how to do it. It only mentioned to serve the dashboard on a port other than 80 or 443, so you can only access with, for example, 111.222.333.444:7777. I wanted to use something like traefik.birkhoff.me.

Well, it needs a tricky hack.

You simply define a new entrypoint, I call it "traefik" here. Set the port number to anything you like. Finally give the Traefik container some traefik labels as you would to normal web containers.

Traefik.toml:

[entryPoints]
  [entryPoints.http]
    address = ":80"

    [entryPoints.http.redirect]
      entryPoint = "https"
      permanent = true

  [entryPoints.https]
    address = ":443"
    compress = true
    [entryPoints.https.tls]

  [entryPoints.traefik]
    address = ":9987"
    compress = true

    [entryPoints.traefik.auth.basic]
      users = ["123:456"]

[api]
  entryPoint = "traefik"
  dashboard = true

docker-compose.yml:

version: '3'

services:
  traefik:
    ......
    expose:
      - 9987
    labels:
      - "traefik.docker.network=traefik"
      - "traefik.enable=true"
      - "traefik.basic.frontend.rule=Host:traefik.birkhoff.me"
      - "traefik.basic.port=9987"
      - "traefik.basic.protocol=http"
    ......

It's somehow stupid tho.

Birkhoff Lee

Birkhoff Lee

I'm Birkhoff Lee, a developer since the age of 7. I'm still learning cyber security and site reliability engineering. Recently having Harvard CS50.

Read More