The one part I haven’t understood yet is how to setup ingress. TC had it easy, define the url during install, had everything running through a CF tunnel to Traefik and all worked.
How are ppl replicating that using the new docker?
If you’re still using traefik you have to add Labels the the Compose File of the App you want to expose
I added traefik in portainer and have cloudflared installed.
I don’t believe there is a way for me to define labels for IX apps.
That is one reason why i did not Convert to iX Apps but rather configured my own Compose Files and use them in portainer
It migrated automatically but I guess I will have to move everything over to portainer.
Question is am I losing anything or hurting performance by doing that?
Can’t tell you, my apps run in a jail, i don’t have a spare box to test the beta. And as long as the jails are supported i may never migrate my stack from the jail to the native solution.
1 Like
Portainer, Dockge and the like are only management interfaces, it’s the same docker and compose running down under, so no performance loss.
1 Like
I’ll move everything over to Portainer and figure out how to do labels.
What about VM’s how do I route them through Traefik?
Labels are inserted to the compose File, wether you manage that with portainer, dockge or a Text Editor and an ssh Session doesn’t matter
1 Like
here’s an example of how a compose file looks with labels added:
version: '3.5'
services:
handbrake:
image: jlesage/handbrake
runtime: nvidia
ports:
- "5800:5800"
volumes:
- "/mnt/data/handbrake/config:/config:rw"
- "/mnt/handbrake:/storage:ro"
- "/mnt/data/handbrake/watch:/watch:rw"
- "/mnt/data/handbrake/output:/output:rw"
labels:
- "traefik.enable=true"
- "traefik.port=443"
- "traefik.http.routers.handbrake.rule=Host(`handbrake.my-domain.com`)"
- "traefik.http.routers.handbrake.entrypoints=https"
- "traefik.http.routers.handbrake.tls=true"
- "traefik.http.services.handbrake.loadbalancer.server.port=5800" #internal container port
- "traefik.http.routers.handbrake.tls.certresolver=cloudflare"
- "traefik.http.routers.handbrake.middlewares=authentik@file" # optional for 2fa SSO
environment:
- VNC_PASSWORD=superescretpassword
networks:
- proxy #name of the traefik network. container needs to be part of traefik network
networks:
proxy:
external: true
2 Likes
Thanks, very helpful.
How should I point cloudflare tunnel to route through traefik?
Truecharts had this in url: traefik-tcp.ix-traefik.svc.cluster.local:443 which pointed to treafik and then I had blocky for internal dns resolving while getting full remote access via the tunnel.
can’t help you with cloudflare tunnel as i don’t use it, but a quick google search resulted in:
tunnel:
container_name: cloudflared-tunnel
image: cloudflare/cloudflared
restart: unless-stopped
command: tunnel run
environment:
- TUNNEL_TOKEN=mytokengoeshere
So when I did learn docker from Stux video and installed it with jailmaker I also used Nginx NPM … BUT performance over Traefik was not so great…
So I learned Traefik
example compose
networks:
main:
name: main
external: true
services:
traefik:
container_name: traefik
image: traefik:${TRAEFIK_VERSION}
hostname: traefik
user: 0:568
ports:
- 80:80
- 443:443
expose:
- 8080
restart: unless-stopped
environment:
- TZ=${TZ}
- CF_DNS_API_TOKEN=${CFT}
networks:
main:
ipv4_address: 172.24.5.0
labels:
- traefik.enable=true
- traefik.http.routers.traefik.entrypoints=websecure
- traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DN}`)
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=cloudflare
- traefik.http.routers.traefik.tls.domains[0].main=${FQDN}
- traefik.http.routers.traefik.tls.domains[0].sans=${SDN}
- traefik.http.routers.traefik.service=api@internal
- traefik.http.services.traefik.loadbalancer.server.port=8080
volumes:
- /var/run/docker.sock:/run/docker.sock:ro
- ${TRAEFIK_YAML}:/etc/traefik/traefik.yaml:ro
- ${TRAEFIK_CONFIG}:/etc/traefik/config.yaml:ro
- ${TRAEFIK_CERTS}:/etc/traefik/certs/
env file
FQDN=“Fully qualified domain name”
SDN="wild card of fully qualified domain name ‘*.example.com’ "
Traefik config file
global:
checkNewVersion: false
sendAnonymousUsage: false
api:
dashboard: true
disableDashboardAd: true
insecure: true
debug: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
serversTransport:
insecureSkipVerify: true
certificatesResolvers:
cloudflare:
acme:
email: example@example.com
storage: /etc/traefik/certs/acme.json
# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" #staging
caServer: "https://acme-v02.api.letsencrypt.org/directory" #production
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
directory: /etc/traefik
watch: true
An exposed app would need the following in the compose
labels:
- traefik.enable=true
- traefik.http.routers.example.entrypoints=websecure
- traefik.http.routers.example.rule=Host(`${APP_DN}`)
- traefik.http.routers.example.tls=true
- traefik.http.services.example.loadbalancer.server.port=32400
- traefik.http.services.example.loadbalancer.server.scheme=https
2 Likes
This is currently true, but I think it is possible to manually configure routes in a traefik config file, ie you don’t need to use the docker label system to configure routes.
Yes trying to figure that out now. techno tim has a section on it in his traeifik setup video but he has so many things in the config and he doesn’t explain why/what/when.
Thanks to all! I know it’s been awhile but i have successfully moved everything over to jlmkr, npm and dockge.
invidious
dockge
npm
kasm
redlib
cloudflared
libretranslate
jellyfin
plex
gluetun
kimai
lldap
pgadmin
postgresdb
stirling-pdf
syncthing
vaultwarden
I only have issues with authelia, wg-easy and makemkv but will create separate topics for each as I go. Appreciate all of the help and the follow-on discussion!
1 Like
I wrote a tutorial for people in OP’s original situation here:
Gives some pointer in how to back up old data and move to native TrueNAS w/ Docker apps (instead of jailmaker and dockge). It doesn’t touch on Traefik use-case though.
So let me know if I got this right:
If I want to migrate my apps BEFORE the upgrade to EE I need to setup this mambojambo? Because, of course, right now I don’t have the custom apps and docker compose magic that will come from EE…
Or is there another way?
I just have a bunch of TrueCharts apps with Traefik for local network access.
truecharts posted an update here a few hours ago. Their Migration tool clustertool can export the app config as yaml to help with the migration (if i understood it correctly).
Truecharts tool is NOT ready or available right now.
Given the nature of truecharts, I doubt it will be ready by tomorrow (or sometime this week when EE gets released).
I just tried to get their “ClusterTool” from github and got a big 404:
https://github.com/truecharts/clustertool-public/releases
On one of their pages:
"Work In Progress
This program, all its features and its general design, are all a Work-In-Progress. It is not done and not widely available.
All code and docs are considered Pre-Beta drafts."