Traefik Docker Backend

Hi all!

I recently spent some time configuring Traefik to work with TrueNAS’s Docker install, and I’m pretty pleased with how it turned out. I use defaultRule and some regex to route every running app that exposes a port by hostname. This means I can just go to jellyfin.nasname or photoprism.nasname and stuff Just Works.

Before I had been manually adding each host name to Nginx Proxy Manager, but this is way more convenient.

Here’s my manifest:

services:
  traefik:
    image: traefik:v3
    environment:
      TRAEFIK_API_INSECURE: 'true'
      TRAEFIK_ENTRYPOINTS_HTTP_ADDRESS: ':80'
      TRAEFIK_ENTRYPOINTS_TRAEFIK_ADDRESS: ':15000'
      TRAEFIK_PROVIDERS_DOCKER: 'true'
      TRAEFIK_PROVIDERS_DOCKER_DEFAULTRULE: >-
        {{ regexReplaceAll "([a-z-]+)-ix.*" .Name
          "Host(`$1.montero.house.local`) || Host(`$1.montero`)"}}
      TRAEFIK_PROVIDERS_FILE_FILENAME: '/tmp/traefik-truenas.yaml'
    volumes:
    - type: bind
      source: '/var/run/docker.sock'
      target: '/var/run/docker.sock'
    configs:
    - source: truenas_config
      target: '/tmp/traefik-truenas.yaml'
    network_mode: 'host'
configs:
  truenas_config:
    content: |
      http:
        services:
          TrueNAS:
            loadbalancer:
              servers:
              - url: http://192.168.6.66:8080
        routers:
          TrueNAS:
            entrypoints:
            - http
            service: TrueNAS
            rule: >-
              Host(`truenas.montero`) ||
              Host(`truenas.montero.house.local`)

Apps like Plex need a little massaging since they expose so many ports, but a single docker label sorts that out:

traefik.http.services.plex.loadbalancer.server.port=32000

1 Like

While it may be convenient, bind mounting the docker socket (/var/run/docker.sock) does give the traefik container root access to the entire host. I do not recommend such a setup for security reasons.