docs: add all untracked content
This commit is contained in:
75
new_subdomain.md
Normal file
75
new_subdomain.md
Normal file
@@ -0,0 +1,75 @@
|
||||
---
|
||||
title: Adding a new Subdomain
|
||||
description: I always mess something up in the process - so here's a list of a new subdomain procedure
|
||||
published: true
|
||||
date: 2022-04-30T20:10:51.032Z
|
||||
tags: config, docker, container, traefik
|
||||
editor: markdown
|
||||
dateCreated: 2022-04-15T08:37:07.403Z
|
||||
---
|
||||
|
||||
So it's not terribly difficult, but it can get suprisingly convoluted. To add a new subdomain:
|
||||
|
||||
# Add DNS Record with CloudFlare
|
||||
1. Go to the [Cloudflare Dashboard](https://dash.cloudflare.com/) (linked from the [home page](pukeko.xyz) for your convinience)
|
||||
2. Select the site
|
||||
3. Click 'DNS'
|
||||
4. Click 'Add Record'
|
||||
5. Input the new subdomain thus:
|
||||
- Type: CNAME
|
||||
- Name: Subdomain name (`blah`.pukeko.xyz)
|
||||
- Target: pukeko.xyz
|
||||
- Use the Cloudflare Proxy if no other ports are needed and site is not performance sensitive (streaming, file transfer, etc). Otherwise, do not use the proxy.
|
||||
This creates an alias - which means I only have to maintain one DNS record (`pukeko.xyz`).
|
||||
|
||||
# Configure Certificate with Traefik
|
||||
## Container-side
|
||||
Adding the certificate is done using the Traefik reverse proxy. This means it is done via the container's `docker-compose.yml` file - using the `labels` section.
|
||||
Example.
|
||||
```yml
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=[container network]"
|
||||
- "traefik.http.routers.[router name].entrypoints=websecure"
|
||||
- "traefik.http.services.[router name].loadbalancer.server.port=[application port]"
|
||||
- "traefik.http.routers.[router name].rule=Host(`[your subdomain]`)"
|
||||
- "traefik.http.routers.[router name].tls.certresolver=pukekoresolver"
|
||||
- "traefik.http.routers.[router name].middlewares=authelia@docker"
|
||||
```
|
||||
Some pointers:
|
||||
1. The `[router name]` can be absolutely anything so long as it's consistent.
|
||||
2. The `[container network]` must match whatever you defined at the foot of the compose file:
|
||||
```yml
|
||||
networks:
|
||||
network:
|
||||
driver: bridge
|
||||
internal:
|
||||
driver: bridge
|
||||
```
|
||||
> If you're running in container folder `container`, you will end up with network `container_network` and `container_internal`. *This is confusing - be wary!*
|
||||
{.is-info}
|
||||
3. `[application port]` is whatever the application uses *internally*. It does not matter how you expose it.
|
||||
4. `[your subdomain]` is whatever you registered with CloudFlare at the previous section.
|
||||
5. Finally, the `entrypoints`, `certresolver`, and `middlewares` must match whatever is defined in Traefik's `docker-compose` file.
|
||||
|
||||
## Traefik-side
|
||||
Now, Traefik needs to talk to your new service. This means you need to add your external network to Traefik's compose, and tell it to use it. First:
|
||||
1. Add network to Traefik container:
|
||||
```yml
|
||||
networks:
|
||||
- container_network
|
||||
```
|
||||
|
||||
2. Define `[container network]` as external at the foot of the file:
|
||||
```yml
|
||||
networks:
|
||||
...
|
||||
...
|
||||
...
|
||||
container_network:
|
||||
external: true
|
||||
```
|
||||
> By convention, I use two networks for each multi-container stack - a `network` and an `internal` network. Ideally, Traefik will only see the `network` (which means it only 'sees' the application, and not whatever supports it. This isn't essential, but recommended.
|
||||
{.is-warning}
|
||||
|
||||
Finally, rebuild Traefik with `docker-compose up -d`. Viola!
|
||||
Reference in New Issue
Block a user