Traefik cloud proxy

redairforce · 27 August 2019 15:58

I primarily use linuxserver containers for, well, the ease and simplicity. I am trying to switch over to Traefik so as to reduce difficulties with the letsencrypt image. The letsencrypt image poses difficulties in
1: Having to write new proxy-cons to get it to work.
2: If you have misconfigured something or changed the container name, the failing dns result will crash your entire ngninx.

Traefik appears to solve this issue. It does, however, present new difficulties in the level of customization required. I haven’t gotten it working properly myself. I assume this is because the default setup many use is subdomains rather than subfolders (subfolders is, to some degree, considered safer and simpler as it doesn’t reveal services in a domain lookup and doesn’t require Cnames.)

If one of the geniuses at Linuxserver would take some time to put together the ultimate Traefik container with easy customization, I believe the whole world would be better served by this next generation cloud proxy.

aptalca · 27 August 2019 16:11

No plans for a traefik container. There is already an official version.

Not trying to convince you that one’s better than the other, but I’ll address the issues you were having since it may help others as well.

1: We do provide many preset proxy confs that mostly work out of the box. If you need to write a new one, for subdomains, in most cases you can just copy an existing one and change the server name and the container name and it should work. We also provide examples for basic setup in the default site config that you can enable, edit and replicate: https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/default#L43-L106

2: Our preset proxy confs make sure that if the container is not reachable, nginx still comes up. It is done through setting a variable, rather than using the dns hostname (container name) in the proxy_pass directive: https://github.com/linuxserver/reverse-proxy-confs/blob/master/bazarr.subdomain.conf.sample#L26-L28

Subdomain proxy is miles easier than subfolder to get working especially if the upstream app doesn’t support a base url. I’m not sure if traefik even supports subfolder proxy (I don’t use it).

I myself prefer an nginx based setup as I also host websites and our letsencrypt image is a full fledged webserver. I also highly enjoy fail2ban protection that works out of the box for http auth in reverse proxies.