I found somewhere in a blog-post that Traefik used to be available as an app.
Are there any plans to bring it back? Is anyone working on it?
Or is there a good alternative for me to explore?
Ideally what I’m looking for is a setup where I can add an new app and becomes available “automagically” at new-app.mynas.local
It was available when truenas still used kubernetes and allowed 3rd party app catalogues. Traefik was never an official app available from iX directly. It was truecharts that provided it and the simple ingress one click deployment for their apps.
You can deploy traefik as a custom app, but new apps won’t magically appear with a domain. In the world of docker you have to add the proper labeles to the container or create the routers directly in the dynamic yaml of traefik.
Edit:
Here are examples of labeles of my homepage docker is deployed with traefik labels
#version: "3.3"
services:
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
ports:
- 3001:3000
volumes:
- /mnt/data/homepage:/app/config # Make sure your local config directory exists
- /var/run/docker.sock:/var/run/docker.sock # (optional) For docker integrationsrestart: unless-stopped
restart: unless-stopped
environment:
HOMEPAGE_ALLOWED_HOSTS: home.my-domain.com
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.port=443"
- "traefik.http.routers.homepage.rule=Host(`home.my-domain.com`)"
- "traefik.http.routers.homepage.entrypoints=https"
- "traefik.http.routers.homepage.tls=true"
- "traefik.http.services.homepge.loadbalancer.server.port=3000"
- "traefik.http.routers.homepage.tls.certresolver=cloudflare"
- "traefik.http.routers.homepage.middlewares=authentik@file"
networks:
- proxy
- default
networks:
proxy:
external: true
and my omada controller via traefik dynamic config file
http:
middlewares:
authentik:
forwardAuth:
address: "http://191.1.1.9:9000/outpost.goauthentik.io/auth/traefik"
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
routers:
default-router:
rule: "Host(`auth.my-domain.com`)"
middlewares:
- authentik
priority: 10
service: app
default-router-auth:
rule: "Host(`auth.my-domain.com`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
truenas:
rule: "Host(`truenas.my-domain.com`)"
middlewares:
- authentik
entryPoints:
- https
service: truenas
tls:
certResolver: cloudflare
opnsense:
rule: "Host(`opnsense.my-domain.com`)"
middlewares:
- authentik
entryPoints:
- https
service: opnsense
tls:
certResolver: cloudflare
omada:
rule: "Host(`omada.my-domain.com`)"
middlewares:
- authentik
entryPoints:
- https
service: omada
tls:
certResolver: cloudflare
services:
app:
loadBalancer:
servers:
- url: http://ipp.internal
authentik:
loadBalancer:
servers:
- url: http://191.1.1.9:9000/outpost.goauthentik.io
omada:
loadBalancer:
servers:
- url: https://191.1.1.9:8043
opnsense:
loadBalancer:
servers:
- url: https://191.1.1.1:443
Such a thing isn’t possible currently through the TrueNAS apps system. I doubt it ever will be, but of course that’s only a guess (though I like to think an informed one). For something like this, you need to be using custom apps with your own Compose files. I discuss a few options for doing this here:
My preference to manage them is Dockge, which I describe here:
(and note the video linked there, if you prefer video to text).
For a proxy, I prefer Caddy to Traefik, as described here:
I knew about the labels I would need to add if i go the Traefik custom app way. Thanks for the examples, very insightful.
I was considering to go the Traefik/Portainer way and no specific ix ‘apps’, so it would be easier to make them interact. Enter the second reply by @dan 
I had problems with traefik and portainer because i could not get portainer to recognize the .env file. Traefik is one of the only apps i use with plain docker compose up -d
I’ll be reading up on Caddy/Dockge as an alternative to Traefik/Portainer. I have some earlier experience with the latter, but haven’t really looked into the former.
Stuff to learn & consider… thanks!
Caddy’s configuration is much simpler than Traefik’s. Win in my book.
Compare this:
with this:
labels:
- caddy=jelly.lan.example.com
- caddy.reverse_proxy="{{upstreams 8096}}"
I’ll admit I haven’t researched how to put Authentik in front of services this way, though.
FWIW, you could just set variables in portainer’s GUI. Or mb use stack.env (can’t remember whether I’ve ever used it).
yes indeed… that is way easier (and less error-prone)!
