--- title: Adding a new Subdomain description: I always mess something up in the process - so here's a list of a new subdomain procedure published: true date: 2022-04-30T20:10:51.032Z tags: config, docker, container, traefik editor: markdown dateCreated: 2022-04-15T08:37:07.403Z --- So it's not terribly difficult, but it can get suprisingly convoluted. To add a new subdomain: # Add DNS Record with CloudFlare 1. Go to the [Cloudflare Dashboard](https://dash.cloudflare.com/) (linked from the [home page](pukeko.xyz) for your convinience) 2. Select the site 3. Click 'DNS' 4. Click 'Add Record' 5. Input the new subdomain thus: - Type: CNAME - Name: Subdomain name (`blah`.pukeko.xyz) - Target: pukeko.xyz - Use the Cloudflare Proxy if no other ports are needed and site is not performance sensitive (streaming, file transfer, etc). Otherwise, do not use the proxy. This creates an alias - which means I only have to maintain one DNS record (`pukeko.xyz`). # Configure Certificate with Traefik ## Container-side Adding the certificate is done using the Traefik reverse proxy. This means it is done via the container's `docker-compose.yml` file - using the `labels` section. Example. ```yml labels: - "traefik.enable=true" - "traefik.docker.network=[container network]" - "traefik.http.routers.[router name].entrypoints=websecure" - "traefik.http.services.[router name].loadbalancer.server.port=[application port]" - "traefik.http.routers.[router name].rule=Host(`[your subdomain]`)" - "traefik.http.routers.[router name].tls.certresolver=pukekoresolver" - "traefik.http.routers.[router name].middlewares=authelia@docker" ``` Some pointers: 1. The `[router name]` can be absolutely anything so long as it's consistent. 2. The `[container network]` must match whatever you defined at the foot of the compose file: ```yml networks: network: driver: bridge internal: driver: bridge ``` > If you're running in container folder `container`, you will end up with network `container_network` and `container_internal`. *This is confusing - be wary!* {.is-info} 3. `[application port]` is whatever the application uses *internally*. It does not matter how you expose it. 4. `[your subdomain]` is whatever you registered with CloudFlare at the previous section. 5. Finally, the `entrypoints`, `certresolver`, and `middlewares` must match whatever is defined in Traefik's `docker-compose` file. ## Traefik-side Now, Traefik needs to talk to your new service. This means you need to add your external network to Traefik's compose, and tell it to use it. First: 1. Add network to Traefik container: ```yml networks: - container_network ``` 2. Define `[container network]` as external at the foot of the file: ```yml networks: ... ... ... container_network: external: true ``` > By convention, I use two networks for each multi-container stack - a `network` and an `internal` network. Ideally, Traefik will only see the `network` (which means it only 'sees' the application, and not whatever supports it. This isn't essential, but recommended. {.is-warning} Finally, rebuild Traefik with `docker-compose up -d`. Viola!