shmick/wiki
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
master
wiki/new_subdomain.md

3.1 KiB
Raw Permalink Blame History

title, description, published, date, tags, editor, dateCreated
title description published date tags editor dateCreated
Adding a new Subdomain I always mess something up in the process - so here's a list of a new subdomain procedure true 2022-04-30T20:10:51.032Z config, docker, container, traefik markdown 2022-04-15T08:37:07.403Z

So it's not terribly difficult, but it can get suprisingly convoluted. To add a new subdomain:

Add DNS Record with CloudFlare

  1. Go to the Cloudflare Dashboard (linked from the home page for your convinience)
  2. Select the site
  3. Click 'DNS'
  4. Click 'Add Record'
  5. Input the new subdomain thus:
  • Type: CNAME
  • Name: Subdomain name (blah.pukeko.xyz)
  • Target: pukeko.xyz
  • Use the Cloudflare Proxy if no other ports are needed and site is not performance sensitive (streaming, file transfer, etc). Otherwise, do not use the proxy. This creates an alias - which means I only have to maintain one DNS record (pukeko.xyz).

Configure Certificate with Traefik

Container-side

Adding the certificate is done using the Traefik reverse proxy. This means it is done via the container's docker-compose.yml file - using the labels section. Example.

    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=[container network]"
      - "traefik.http.routers.[router name].entrypoints=websecure"
      - "traefik.http.services.[router name].loadbalancer.server.port=[application port]"
      - "traefik.http.routers.[router name].rule=Host(`[your subdomain]`)"
      - "traefik.http.routers.[router name].tls.certresolver=pukekoresolver"
      - "traefik.http.routers.[router name].middlewares=authelia@docker"

Some pointers:

  1. The [router name] can be absolutely anything so long as it's consistent.
  2. The [container network] must match whatever you defined at the foot of the compose file:
networks:
  network:
    driver: bridge
  internal:
    driver: bridge

If you're running in container folder container, you will end up with network container_network and container_internal. This is confusing - be wary! {.is-info}

  1. [application port] is whatever the application uses internally. It does not matter how you expose it.
  2. [your subdomain] is whatever you registered with CloudFlare at the previous section.
  3. Finally, the entrypoints, certresolver, and middlewares must match whatever is defined in Traefik's docker-compose file.

Traefik-side

Now, Traefik needs to talk to your new service. This means you need to add your external network to Traefik's compose, and tell it to use it. First:

  1. Add network to Traefik container:
    networks:
      - container_network
  1. Define [container network] as external at the foot of the file:
networks:
  ...
  ...
  ...
  container_network:
    external: true

By convention, I use two networks for each multi-container stack - a network and an internal network. Ideally, Traefik will only see the network (which means it only 'sees' the application, and not whatever supports it. This isn't essential, but recommended. {.is-warning}

Finally, rebuild Traefik with docker-compose up -d. Viola!