shmick/wiki
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
c83b847568fa85427c84bd9b7fac20ce55fa8e84
wiki/new_subdomain.md

75 lines
3.1 KiB
Markdown
Raw Blame History

---
title: Adding a new Subdomain
description: I always mess something up in the process - so here's a list of a new subdomain procedure
published: true
date: 2022-04-30T20:10:51.032Z
tags: config, docker, container, traefik
editor: markdown
dateCreated: 2022-04-15T08:37:07.403Z
---
So it's not terribly difficult, but it can get suprisingly convoluted. To add a new subdomain:
# Add DNS Record with CloudFlare
1. Go to the [Cloudflare Dashboard](https://dash.cloudflare.com/) (linked from the [home page](pukeko.xyz) for your convinience)
2. Select the site
3. Click 'DNS'
4. Click 'Add Record'
5. Input the new subdomain thus:
- Type: CNAME
- Name: Subdomain name (`blah`.pukeko.xyz)
- Target: pukeko.xyz
- Use the Cloudflare Proxy if no other ports are needed and site is not performance sensitive (streaming, file transfer, etc). Otherwise, do not use the proxy.
This creates an alias - which means I only have to maintain one DNS record (`pukeko.xyz`).
# Configure Certificate with Traefik
## Container-side
Adding the certificate is done using the Traefik reverse proxy. This means it is done via the container's `docker-compose.yml` file - using the `labels` section.
Example.
```yml
labels:
- "traefik.enable=true"
- "traefik.docker.network=[container network]"
- "traefik.http.routers.[router name].entrypoints=websecure"
- "traefik.http.services.[router name].loadbalancer.server.port=[application port]"
- "traefik.http.routers.[router name].rule=Host(`[your subdomain]`)"
- "traefik.http.routers.[router name].tls.certresolver=pukekoresolver"
- "traefik.http.routers.[router name].middlewares=authelia@docker"
```
Some pointers:
1. The `[router name]` can be absolutely anything so long as it's consistent.
2. The `[container network]` must match whatever you defined at the foot of the compose file:
```yml
networks:
network:
driver: bridge
internal:
driver: bridge
```
> If you're running in container folder `container`, you will end up with network `container_network` and `container_internal`. *This is confusing - be wary!*
{.is-info}
3. `[application port]` is whatever the application uses *internally*. It does not matter how you expose it.
4. `[your subdomain]` is whatever you registered with CloudFlare at the previous section.
5. Finally, the `entrypoints`, `certresolver`, and `middlewares` must match whatever is defined in Traefik's `docker-compose` file.
## Traefik-side
Now, Traefik needs to talk to your new service. This means you need to add your external network to Traefik's compose, and tell it to use it. First:
1. Add network to Traefik container:
```yml
networks:
- container_network
```
2. Define `[container network]` as external at the foot of the file:
```yml
networks:
...
...
...
container_network:
external: true
```
> By convention, I use two networks for each multi-container stack - a `network` and an `internal` network. Ideally, Traefik will only see the `network` (which means it only 'sees' the application, and not whatever supports it. This isn't essential, but recommended.
{.is-warning}
Finally, rebuild Traefik with `docker-compose up -d`. Viola!
Reference in New Issue View Git Blame Copy Permalink