Traefik v2.6+ | How to Install and Why You Should (plus Authelia, Traefik Pilot)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

konnichiwa ibrahimi and welcome back to another ibracorp video in today's world we're all using technology to help us get where we need to go quicker and more efficient than ever the line between consumer prosumer and enterprise slowly begins to diminish as more and more people try to self-host things that are above the typical level of experience and skills that's why we need to find modern problems and give them modern solutions and as time goes on we move from using traditional software and resources to looking into more advanced more complicated but overall more efficient forms of getting our information across the internet and to the world thinking of the internet as roads we can imagine that data moving through these pipelines just like cars in traffic need to find their way in the most efficient way possible for example we use tools like google maps to tell us what the quickest way is through a traffic jam to get to where we need to go in some cases we have a traffic cop sitting in the middle of an intersection pointing the traffic to where they need to go and when they can go that's why today we're going to be showing you one of the most hotly requested topics and we're going to show it to you so that everyone can hopefully understand how to use and implement this tool for your own setup either at home or for your business today we're going to be looking at traffic it's a subject that's eluded us for quite some time and it's a very complicated topic when you first encounter the documentation or the application itself i'm sure anyone here who's actually jumped in and used traffic themselves or tried to give it a go at least could have found it pretty intimidating at first trying to understand all of its different terminologies and technology that it uses in order to get a reverse proxy up and running but i'm hoping after today's video you guys will agree that it's actually not that complicated when it's explained correctly on top of that we're going to show you extra tidbits that match in with all of our documentation so far today and for those who have deployed things like orthelia we're going to show you how to apply orthelia over your sub-domains using traffic and you're going to see exactly how easy it is to really secure stuff without having to copy and paste the config file in each single proxy wearing something like ingenex proxy manager or swag comes involved with traffic we have a variety of different versatile tools that we can use simply applying labels to our docker containers will get us where we need to go so if you've had traffic on your wish list for quite some time you wanted to dig in and give it a try but you just haven't had the chance or you felt like you didn't have the time to put into it to try and understand everything then we've got the video for you here today so thanks for coming to checking out the video we hope you enjoy it and without further ado let's just get stuck into it so guys thank you very much for coming in this week it's a pleasure to have you back i know this subject has been requested for quite some time basically since we started the channel and we've covered two other major reverse proxies which are nginx proxy manager and swag now and traffic is another one that we're going to add to our list of reverse proxies that we've covered with some others in future but we think traffic is probably going to be the most requested one in terms of trying to understand its complexity and making it easy to get and i guarantee you guys by the time you get through our guide we're going to really help you figure this out it's going to be smooth as butter now before we start i have to give some credits because this is one of our projects that takes us quite some time to develop in fact it's actually taken a few months to develop this one so just a quick shout out to a couple of people before we get started in the credit section on our documentation we'd like to thank hawkes hawks has basically run this project single-handedly managing all the different resources that we can use and uh he's worked very closely with our community member boston thank you very much for all your input we couldn't have done it without you boson is a expert in traffic and that's what he's brought to the table so often we will work with our community members who are experts in a certain field and if they're willing to they help us and give us a lot of information that they are experts in so then we can work together and make that more user friendly for our community so that we can get more guides out there so thank you very much uh boson we really appreciate it you will find bosan's twitter link in the guide so that you can thank him yourself if you like as well but also we've got hawks here so make sure you check out hawkes on github if you like if you want to help support hawker his work on this one specifically you can otherwise any support you provide to ibracorp will also help as well and also to our beta team we do have a beta team guys which will do an announcement soon for a new recruitment drive but we have a team of beta testers which are basically community members who have put their hands up to say they want to try stuff out and that helps us get our guides written up and ready dispatched and out to everyone in the most efficient way possible and it helps us test things out before we get it out there so we like to cross track our work as much as we can in the time we're given and again we're all volunteers including our beta team so thank you very much beta team for your help on this one we really appreciate it so with that said we can now start looking at traffic so if you don't know what it is what is traffic well according to their own words it's the world's most popular cloud native application proxy it's a mouthful already that helps developers and ops teams build deploy and run modern micro services applications quickly and easily long story short guys it does act as a reverse proxy now traffic as a whole has different branches and different things that it actually does especially when it comes to an enterprise environment today we are only going to be looking at traffic proxy i will also add towards the end something about traffic pilot so you guys can have a quick understanding of that as well so what are our assumptions now in case you don't know this doc will be live when the video goes live so be sure to read through the documentation very thoroughly we do everything we can but sometimes we miss stuff so if we do we'll have a link in the sidebar here that will allow you to submit an edit and we will merge it if we think it's appropriate for the assumptions we are looking for people who have the community apps installed which have hyperlinked our video for that you're using cloudflare as your dns also our video is hyperlinked there and optionally if you have orthelia we will show you how to use authelia with traffic so that it's all ready to go now i assure you that using this method with traffic authority will work really really easily and we always highly recommend it it really helps protect your infrastructure it will be a massive time saver for you if you get it set up now looking in the documentation we have a very detailed description of how what traffic is and how it works now there's a whole bunch of stuff here it's an open source edge router and it makes publishing services fun and an easy experience it receives requests on behalf of your system and finds out which components are responsible for handling them what sets traffic apart besides its many features is that it automatically discovers the right config for your services that happens by traffic basically inspecting our infrastructure finds the relevant info and discovers which service serves which request so in our case we're going to be showing you docker and how to proxy a vm as well and uh basically with the docker side of things we apply a label to a docky container and traffic will already know what to do with it because of how we've configured it in the config file so a little bit more details there but i'm going to keep going because it is a very big subject so we have some good images there to help you understand what's going on i will also note that we are going to show you two different installation methods in today's video i will mostly show you the unraid installation method however box has worked very very hard to make sure we've got a docker compost version as well so for those who are running docker compos you can still watch our video and see how we're doing things but for your specific config files and instructions we have a completely different section here just for that so i highly recommend you check out both options if you're using unraid just stick to one but docker compost guys you've got that as well and just to let you know in 2022 we are going to be moving towards more of this docker compost stuff so we hope you guys really enjoy that because it's going to be really exciting to look into more docker compost stuff for you guys now in here if you look at boson's uh username you can see his twitter's been linked so be sure to check that out if you like and we've got all of our usual links so what i'm going to do guys is i'm going to follow the documentation off screen and you guys can follow along and basically we'll be able to run it through together so starting here on unraid let's get going let's see how we go beautiful so we're in our unraid server now our beautiful look and unraid server osiris and we've seen him many times he comes in in every video pretty much lately and we've got a couple of things that we want to start off with so the first thing is i'll just let you know how we've got this set up okay so then you can compare it to your own setup so right now i'm using nginx proxy manager and i've got the cloudflare tunnel running as well it talks to npm and npm is what's reverse proxying our stuff well what we want to do is set up traffic now to do that we can do it with and without the tunnel if you guys are following our video on the tunnel and you have your tunnel established you can still use traffic so that we don't have to open ports 80 and 443 on our router or firewall if you don't want to use the tunnel or you're not using the tunnel then you can also use our guide to just basically open the ports and do it that way if you haven't seen our cloudflare tunnel video be sure to check that out so let's start with the app store head over to the app store and on the app store at the moment you're going to see our container template right at the top but if you don't just search for traffic and uh obviously it's t-r-a-e-f-i-k and you'll see our image there so let's click on that it's got a bit of a description on what's going on we've got our link to our documentation page and we've also got our discord so be sure to jump in our discord and have a chat with us if you need some help we'll do our best to help you guys out first things first let's click on install install will bring us to our template page and on here we need to make a few changes so first thing looking at our network type at the moment it's on bridge what we want to do is put that in our custom docker network if you don't know how to do that we have a video on doing that then we'll start running through the different parameters and variables that we've got configured so the config folder by default it's app data slash trap traffic so we'll leave that as is we've got our docker socket we don't need to change that we can leave it as is as well the https port so 443 what do you want that map to we've put in by default 44301 just see if that's free on your system same goes for 8001 which is for port 80. so if you're using port 443 01 change it to something else same goes for this one okay but just remember what it is because we'll need to put that either in our tunnel config or we'll need to put it in our port forwarding if you're using that method then we have our web ui port so where do we want the web ui to come up the web ui is completely optional i will also note that the web ui for traffic is simply a read-only interface made to be just a dashboard that you can check in on stuff with but it won't allow you to do any of sort of the config or anything that's all done in the config files and with labels but if you're interested in that go for it now the cloudflare api token so we need an api token that's the first thing that we're going to have to get started with so let's head over to cloudflare while we've got this up open a new tab and head to cloudflare so sign into cloudflare go to your domain you'll be confronted with this page here now if we scroll down you'll see your zone id and account id i've blanked those out on my screen but you'll see yours there all you need to do is click on get your api token so click on that on the api token page you'll see a whole bunch of different options here what we are not using is the global api so don't use that one that's less secure what we want to do is set up a specific token for this purpose so what we'll do is click on create a token so once you click create we now need to create the token now it's got a couple of templates there we're not going to worry about the templates just click on create custom token in the name we'll give it a name we'll just call that traffic under the permissions we'll apply the following so in here we'll go to zone zone settings and read we'll add zone zone itself read one more zone dns edit and then under zone resources we'll leave that as include all zones leave everything else the same and then go to continue to summary it'll give us a summary and then it will ask us to create the token so go ahead and create the token and here's our token i will note to you guys that this token is super secret so make sure you do not reveal this token obviously in my case i will be changing it after the video is finished so we'll click copy come back to your unread template or your docker compost file and paste that in here so what is the token why do we need it so the reason why we need it is so that traffic can use our cloudflare account to verify the domain is ours this allows us to validate and create our let certificates and verifies our authenticity for the domain so it's just a lot easier than trying http validation or anything like that a lot of people get tripped up with that so we just do this method and it makes it a lot easier the next field we've got is the traffic dashboard subdomain by default we've just put in traffic.domain.com so we obviously want to change that and in my case i'm going to call this ibrachor.io and before i do that we need to make sure this dns exists so back in our cloudflare account you'll see here i have a quite a complicated setup for our dns entries but you can ignore all this basically we've got our traffic cname set up and it's pointing to our sub domain now in this scenario it's pointing to a specific setup i've made so that we can do the video today but in your case it's point to wherever your tunnel is so if you're using the tunnel uh this is where my tunnel lives so i you usually would point it to here so you can either point that to your a record whatever that might be or if you're using the tunnel whichever cname you have for your tunnel address point it to there so that we've got that ready to go we then have the traffic entry point which is https and just to explain what that's doing if we click on edit here we can see what label or what key is being used so what this label is doing if you want to think of entry points as literally an entry point or a gate into your infrastructure it's basically taking the http entry points anything coming in on that 80 and we want it to be https so then it's saying i want you to make it https before it will be accepted we then have the traffic api you don't need to change that routing traffic to its api dashboard or thelia protection now if you guys are not using orthelia you can remove this line if you are using orthelia leave that in here you don't need to change it then whether you want to enable or disable the dashboard so like i said the dashboard is read only if you don't think you're going to use it then just set it to false and you should be right now that's pretty much it for our initial template it's ready to go once we're done go ahead and click apply so now back in our docker tab we can see traffic is running it started but i guarantee you not much is going on in there and as you can see in the logs it's completely blank so what we're going to do is just stop the container for now we don't need it running and then we'll carry on with the guide the next thing we need to do now is create a file called a acme.json and this stores the ssl cert information so that it can be secure it also needs specific permissions so that that file cannot be modified or read by any unauthorized parties so what we can do is open the terminal here and we've got the commands in the written guide for you so you can just copy and paste it but what we're going to do is paste it here we've got the make directory for app data traffic that's done now let's create a blank file and change the permissions so it will also got that command in our documentation we'll paste that we're going to create the file then we're going to change the permissions to 600 on that file done so with that done we can go look in the directory that we've created those in now guys if you haven't seen our last video that we put out last week on code server i highly recommend it and here's going to be the perfect reason why we can basically start editing in our browser without having to mess around with file shares so here we are in the updater location i might just click refresh make sure we've got the latest stuff then we've got traffic right there now under traffic we need to create two files so let's create a new file and we'll call that first one traffic.yml hit enter and then we're going to create another file in the same folder and we're going to call that file and then capital c for config dot yml and hit enter again so we've got two files that we've just created and we've got our json file there as well now in our guide we have explained very thoroughly hawkes has done a great job explaining the files and what they're doing so they break them down into different sections the two files are very unique in the sense that traffic is the traffic.yml is a static file so that file will not change if you change it on the fly you'll need to restart traffic for it to apply those changes however all the stuff that's dynamic in this dynamic file that we've created will actually load as you change stuff so as it's you know if you add a new middleware or anything like that it will update it live straight away you don't have to restart the container you can imagine in a business sense is really important because you want minimal downtime it doesn't really make sense to be sitting there restarting containers that are hosting all of your web services first things first let's head into the traffic yml and start configuring that the first part is the global parameters so we'll copy this from our guide this is all in there for you guys we've made it as easy as possible so that you can just click it and paste it in but we've gone to the effort of explaining each part so that you understand exactly what it's doing so here's our first part a global check new version we've got the global parameter we want to check for new versions do we want to send anonymous usage we've marked it as false change it to whatever you like the next setting is to allow insecure back-end connections so let's paste that in here we've got service transport insecure skip verify is true usually these connections are done either via the internal docker network or over a secure lan this setting allows traffic to connect to that and use https by default but maybe do not have a valid certificate so allowing for this insecure back end will allow traffic to connect to the app and give it a secure front-end connection the next part we're going to configure is the entry points so let's come down a line and we'll put in the entry points here so i'll copy this from our guide and we'll start working through that together entry points are the network entry points into traffic so like i said earlier they are the gates to your infrastructure via traffic they define the port which will receive the packets and whether to listen for tcp or udp as well this configuration is basically telling traffic where and how to accept the incoming connections or the http requests we want traffic to accept them on the port 80 but we also want it to redirect them to https so if you look at the rule here we've got http port 80. what are we doing with http i want you to redirect it where do we want to redirect it to to this entry point what's the entry point called http all right excellent where's this https configured right here so the https entry point then says we're in 443 take http we're going to apply let's encrypt certificate it's going to be for these domains and we're also going to apply this security header on top now we can set any middlewares we want to use by default in our example we're just setting one which is for headers and it's explained later if you want any other middlewares to be loaded for all requests this is where you will add them so the perfect example of this is if you wanted orthelia applied on everything straight off the bat everything coming through traffic has to go to orthelia so that you don't have to add a specific label to every single container you can just add it in here as a middleware so we can just go middleware space we just go off at file so then i don't have to go into each container and add the orthelia label i can pretty much everything will just go through there no matter what for today's example i'm going to leave that out that's something that you can do if you like obviously we need to change our domain so make sure we change our dynam domain to match your domain having a read through that that looks correct so we're pretty happy with that now the next part is providers now providers discover the service that live on our infrastructure and the idea is that traffic queries those provider apis in order to find relevant info about routing and when it detects a change it dynamically updates the routes so that's what makes it a little bit more intelligent than other reverse proxies the file provider lets you define the dynamic config which we've created here under file config.yaml now we could add them all into this traffic yml but to separate them is actually better so that we can have a specific area for that dynamic config stuff but nevertheless we'll copy that configuration here we'll back it up and we'll drop it down and then now we've got our providers section now the next setting is one of the clever features of traffic and allows us to dynamically and automatically add new apps by only adding a few labels to the app the docker settings we're showing here will tell traffic to watch the docker network for new apps and once it detects a new app it will look for certain labels and we're configuring those labels later on so let's have a read through that briefly here you can see the file name so that's the file that we created earlier and this is the docker settings that we're going to use so we're saying i want you to watch docker and i want you to look for this network now very important if you haven't created your custom docker network or if you've got a different name for your custom docker network you need to make sure you update that part so in my case it's actually called ibraproxy all right so i'm going to change that to ibra proxy make sure you change it to whatever your custom docker network is now we have our rule what's our default rule so you can set the rule on each individual app if you like and say okay unmanic i want you to be forced to come through at unmanic.ibracorp.io or perhaps i want it to be unmanic2.ibracorp however we can set a default rule so that we don't have to set it on every single app and it will follow this rule so trim prefix is going by our container name followed by the domain name in which case make sure that your container name matches what subdomain you're using now the swarm mode refresh seconds is 15 so every 15 seconds it will scan the docker socket and give us fresh information on what it's picking up and where it needs to send it to so you can always rely on it to be constantly checking and making sure services are up and where it needs to direct the traffic the next section we're going to add is for the traffic dashboard so if i go back we paste that here we've got enable traffic ui api is set to true and insecure is set to true if you do not want to use the dashboard set them to false and you don't have to worry about it the next section we're going to add so as you guys can see we're building this up to be how we want it to be used just keep in mind this is our guide we're showing you how to get going with it what to do to you know get your head around it and explain how it all works but this is totally up to you you know you can change this around you can look through the official documentation which we highly suggest because there's a lot more that you can put in here if you like and more versatility but i think if we went through every single thing it would be over complicated and there's plenty of those guides out there already so we're trying to do something different by making this as easy as possible so anyway we've got the log here and we've got three levels you can choose you can choose info debug or error debug will give you very detailed logs so if you're having trouble getting it working i highly suggest you change this to debug here and then restart traffic and you'll get a lot more details but we'll leave it on info for now the next section we're going to add below that is our let's encrypt ssl certificates now in order for us to do that we need to define the resolver so we've done that here by saying let's encrypt is our resolver and it's responsible for retrieving the certificates from the acme server traffic will automatically track the expiry date of our certificates it generates and if there's less than 30 days remaining before it expires traffic will attempt to renew it automatically which is great and again by having our cloudflare provider setup for the dns challenge we're going to avoid a lot of the issues in terms of trying to renew it because it will always be able to verify us through the api so we're telling traffic that we want to use cloudflare to make the dns challenge request and also to use cloudflare as the dns resolver now in here change this to whatever you want now in my case i want it to be admin for example admin at hebrewcall for io storage we can leave the same clarify we don't have to change and then the resolvers we don't have to change at all so that's the traffic yml complete we can pretty much leave that now for using code server it's thankfully been saving for us as we go so again big props to the code server it's a cool as hell application so now we're going to configure the file config.yml now this is a like i said dynamic file meaning that if we make any changes to it traffic will pick them up and load them automatically we don't need to restart traffic for that to work we'll also use this file to manage all the middlewares and also add any external services like vms because the label part of things we're going to be using for docker you might have some vms that you want to reverse proxy as well so we're going to show you how to do that here the first thing we're going to add is routers and services i'll just quickly explain how that works for you and using the official documentation images it just helps explain stuff a little bit better so the router here the router is in charge of connecting incoming requests to the services that can handle them so we've got our entry point then we've got our routers and then the service and then the server itself okay because you could have multiple and set them up as load balancing so that if one goes down the other one's already the services are responsible for configuring how to reach the actual services that will eventually handle the incoming requests so to add an external vm we need to give traffic a router right here which tells traffic how to route the requests and which middleware to use along the way now for me personally the way i like to understand this to get my head around it was think of router is literally the route okay we're trying to tell it how to route this traffic and to where and middleware is as it says in the middle between the two giving a certain rule or some sort of validation that we want to apply over the top for example orthelia and then where to point it afterwards as well so in any case let's paste this from our guide and we've got http going to home assistant that's our example that we've put in there for you it doesn't have to be home assistant you might have something else in my case i actually have ad guard for example running so what we can do is say ad guard routing what do we want to call this router i will call it ad guard the entry points the rule the home home assistant make sure our sub domain matches so in fact that's not correct so then i'll change it to match what i need it to and we're also giving it the name of the service now i haven't configured the service yet it's down here so what we need to do is also update our service so i think something i'll quickly touch on while we were doing testing with the beta team um until we we did fix it in the end but there was an issue where we couldn't get to the traffic ui with the default entries so in a scenario where you want to reverse proxy something for some reason it's not working with docker labels whatever the case might be you can pretty much come in here create a router and a service exactly like this and just point it to where you need to go and it will do the same thing obviously that's a little bit more intensive than just adding a docker label but it does the same thing and it's dynamic like i said so this file as soon as you do it this file will be accepted by traffic and generated so let's change this as well i will change this to ad guard service that we can route that we come down a little further it's going to ask for our ip address what's our ip address for for ad guard it's actually 125 and then 80. so that's what our ad guide looks like so i've just configured ad guard as a vm and i want to reverse proxy that for you now the next thing is our middleware so like i said middleware something that we can manually add to each service attached to the routers pieces of middleware are a means of tweaking the requests before they're sent to your service or before the answer from the services are sent back to the clients that works both ways and there's several available middleware in traffic some can modify the request the headers some are in charge of redirections authentication etc now middlewares that use the same protocol can be combined into chains to fit every scenario so we're going to use these to do many things including adjusting headers to secure the app or even forward the request to ophelia so what i'm going to do is copy the next part of the config file and we'll drop that in here as you can see we've then broken down to middlewares which is below this followed by our orthelia configuration we've got auth the forward auth and where we want to send it to now there's a few things that we need to pay attention to here this part here is the name of our orthelia container so if your other container is named auth then you can leave that in my case it's got the full name so orthelia then comes your domain is this the domain that you usually use for orthelia and is that what you've configured if you followed our thelia guide mind you we were one of the first to actually create a guide for orthelia so we have the most detail on it be sure to follow that through and give it the right name now in my case i actually called this identity.hebrewcorp.io so you just want to make sure that that's correct the next part is also for the auth basic we want to make sure that's correct as well so the container name is orthelia not auth if you are not using a custom docker network you're going to have some trouble because this is not going to work okay you'll end up needing the ip address instead of the container name but we highly recommend you guys use a custom docker network again we did a video on it so be sure to check it out it's like one minute long now the next part we're going to add to this file is the headers so if we go back and we add this part in we can see we've got security headers here and that's part of the middlewares as well now the headers middleware manages the headers of requests and responses now with this configuration that we've given you we'll be using it to add a secure header to all requests using the below we're able to take our ssl score up to an a-plus without compromising the functionality of our apps this will help towards keeping your apps secure so as explained in our entry point section traffic yml we added this middleware to be used by default for all requests that are passing through traffic so it's another thing that will be the default rule that you don't have to think about that is protecting everything that you add to traffic later now you shouldn't need to change anything in this header section that should be perfectly fine as it is now guess what guys you've just configured traffic this is pretty much traffic configured when you really stop and think about it we've got the traffic wiremail done and we have our file config.yml done as well so the next step or the next question you might have is how do we proxy our first app i'm glad you asked so now that we're done with the config file let's head back to unraid and what i'm going to do is actually just start up traffic here so with the container started let's try and find a container that we want to reverse proxy so let's start with unmanic for example so we're in the container settings for unmanic if we come down and we get to the bottom what we want to do is add a couple of labels so click on add another path port variable label we'll click on label in the name we'll call that enable traffic we'll give it the key of traffic.enable and then we'll give it a value of true and true click add now we need to add another label and this is to ensure that traffic only allows the app to be proxied over https okay we don't want it going out there over port 80. but the key is here which is in our written guide as well then we've got the value of https and then we click on add now this is more secure because if something happens and https breaks for whatever reason uh the redirection doesn't work then it will not allow to get out on port 80. it just stops those people that are preying on that scenario now at this point you can add as many labels as you like any of them that you're aware of and have configured otherwise if you're happy with it let's just click apply now with that done let's go into our services here in the traffic web ui so you can see we've gone into the web ui click on services you'll see straight away the unmanic has actually popped up now this wasn't here before it's just straight away come up traffic has scanned the docker socket and noticed that this has this label has been applied so that should now be accessible for us so let's try it now it wouldn't be a proper tech guide if we didn't show you the mistakes that we make as well so under the docker section here in the traffic yml i forgot to update a particular field so that wasn't actually working so if we go back here and we change that to the correct field that it's supposed to be they may and then we try again keeping in mind that we just made a change to the static file so this one requires us to restart traffic we'll restart it and then we should be able to access that sub domain now so let's try that beautiful i've refreshed it and there it is so now it's being reverse proxied i'll just show you the tab as you can see we're going to unmanage the ibracopter io now what if your application has multiple ports so by default traffic picks up an exposed port for every app using the default docker file if for some reason the developer did not add this port to the dockerfile or multiple ports are exposed we may have to tell traffic which port to use for the web ui so for unraid find the app that you want to reverse proxy once you're in the template scroll to the bottom and then you can add the label that we've got in our written guide now probably the next one that's going to hold some of you guys up is if you have an application that runs in https by default now you know from our nginx proxy manager videos in those scenarios you would change the scheme to https so that it could link the two up with traffic all we need to do is add again another label and it will allow us to access it fine so if you have an application that uses https to get access even locally then you'll need to add this label so i don't really have anything in here that does but if i go into just any container we'll go to unmanic again for example click on add a label and this is what the label is so we're saying the traffic http load balancer server scheme value is of https add that and then that will give us our https link as well then it will know that i need to forward it onto a https endpoint rather than port 80 or http and now for the finale you've all been waiting for we have a container it's running it's reverse proxied it's working fine now we want to add orthelia so in our guide we've got the label that we want to add but while we're here we'll go to add another label you can just call it auth under the key drop that in and then we've got auth file in as the value so once you've done that click on add and apply it now i went into incognito tab i've typed in unmanic.ibracorp.io and sure enough it's forwarded us on to orthelia and we now know that orthelia is protecting that endpoint how easy was that so basically any other container that you want to do that to you just go ahead and add the label to it and other will automatically be applied we don't need to copy and paste a large string of text or a large config file or anything like that we just simply apply that one label and ophthalia is over the top of it and like we said earlier back in our traffic yml file if we wanted to you could add orthelia here and then automatically everything would have to go through orthelia first so if you wanted to that is also your option now if you're like me and you can't seem to get to the traffic web ui dashboard remotely from your subdomain address here's what i did to get it working now we will work on the template i believe there's something in the template we can fix but as i was explaining earlier anything that doesn't work that way we can get around it by adding it as a router and a service so coming back to our file config yaml file this is our dynamic file you can see we've got ad guard there what i've done is add traffic as well given at this entry point we've called it this rule so i said it's accessible at this location uh that's the service we want apply auth and then the same for the service down here and where it's located so i've given it the container name which is traffic and the port which is 8080. so now with that done we can actually reach the traffic web ui and we can access it remotely and it works fine for those wondering with the vm as well this is the vm so it is working via our sub domain 2 so that works we've tested that works all of our reverse proxy settings so far are working fine all of our reverse proxy's done keep in mind guys all this time that i've been showing you this stuff we only really have to do it once once you've set it up once you set it up the way you like you can come in later and add stuff and add middlewares and whatever else you like as you please but that's pretty much it on a basic level once you've got this done if we just add more containers we just add the labels if we like or if we want to hard code certain things we can do that i'm going to show you one extra bonus thing on top of the authelia stuff just real quick for you so if you're going to the ui for traffic we'll have a brief look at what's going on so in here it'll show us our routers our services and our middlewares we've also got our tcp and udp so theoretically we can have game servers going through this as well which we might look at at the future video it's also looking at our two different providers we've got docker and we've got file options there too then we can actually connect it with a relatively new feature for traffic which is traffic pilot if we click on this here it'll ask you to sign up or sign in now if you don't have an account you can sign up we've already got one so we'll sign in for those that are self-hosting i will note that it does link up to a central place that isn't controlled by you so if you're not into that type of thing then you probably don't want to enable it but for us we think it's quite useful and i'll show you why if i just click on it now our instance is now synchronizing to traffic pilot which is based in the cloud so in here we're actually getting metrics now if we go to alerts we can configure it to alert us when there's health or security issues and how we want it to alert us so we can configure web hooks or an email you can even then go down to the metrics and it will start giving you metrics on what's happening with your network now why would you want to use that well it's basically like a free status check page because now if we let's say we can't get to our reverse proxied address instead we go to pilot.traffic.io we're logged in here we are we can see our server so i've clicked register this instance and it's now it's given us a token so again make sure this token stays private i will change it later we'll click copy and it tells you exactly where it needs to go so it needs to go into our traffic dot yml so down the bottom here just go down to the bottom so copy that as is then head to your traffic yml paste that in the bottom make sure it's saved now again this is in our static file so what we then need to do is restart our container wait for that to restart so reload our ui now that we've restarted the container in the top right corner we'll open it up and we can see that this instance has now been connected to our account so if we click on this we can see this name we can even rename it and say osiris 2 for example this is when we deployed it earlier so you can see it's still got it there but it doesn't pick up that it's registering anymore so under osiris 2 for example we can now see the metric and pick that particular instance as you can imagine it's really useful for multiple services you've got multiple sites that you're running you want to look at it in one place so under pilot.traffic.io now we can access this anywhere even if our network is down and if it is down it'll you know give us an idea on what's happened so we can have a look and say oh you know we got a peak at this time and then it looks like it dropped off at about 12 p.m for example or what's our duration looking like what's the last week in the last month i think it's a nice little tool and something that you could really use but here's the real cherry on top just to finish this video on the highest note possible if you look in the left hand side we have an option called plugins again you can also do this in the actual domain that you've got or local address whatever it is that you're using but if you go to plugins you have a whole list of plugins that you can literally click and install so why bother watching a youtube video on how to fix log for shell you can pretty much just come in here click on details click and paste this stuff that it's telling you to and away you go how easy is that so log4 shell mitigation do you want to avoid it perfect grab this static code here paste it in your static file if it's in your dynamic file paste it there as well here's what they give you done don't have to worry about log4 shell anymore you've also got all these other ones you've got fail to ban built in so those who have complained that nginx proxy manager doesn't really have that i fully agree with you and here's an easy way to do it how easy is that click on details add this to your config file and away you go you've got fail to ban running do you want jwt middleware do you want ldap authentication key cloak middleware the list goes on and on and this gives you everything that you might possibly imagine so guys we've reached the end of the guide i hope you guys really enjoyed it like i said this was one of our super detailed guides that took a lot of time a lot of effort and a lot of commitment from our team and from our community we couldn't have done it without our community members and that includes you guys watching our youtube videos so thank you very much for your support again a big thank you to hawkes and beaucian for their work working on the documentation all these last few months this has been one of the most elusive subjects out there and we now hope that it will help you get started with traffic and help you get your reverse proxy on an enterprise level whether it be at home or at your business if you enjoy what we do please think about supporting us you can see our links down in the description below at the very least please like the video and subscribe it really helps youtube get us out there to others who might enjoy our work as well and like i said for those who like using docker and docker compos instead of unraid we'll have a lot more content for you moving forward as well as we try to do more alongside each other to help all of our different community members benefit from our guides as well if you have any feedback drop it in the comments below or in our discord we'd love to see you there thank you very much and we'll see you in the next hibricorp video you

Info

Channel: IBRACORP

Views: 80,873

Rating: undefined out of 5

Keywords: traefik unraid, ibracorp traefik, Traefik 2.6, traefik v2, traefik authelia, ibracorp, ibra corp, traefik v2 tutorial, traefik 2.5, traefik, traefik 2, authelia, authelia setup, traefik 2 tutorial, traefik basic auth, tutorial traefik, traefik nginx, traefik tutorial, traefik docker, traefik reverse proxy, traefik docker compose, selfhosted, nginx proxy manager, traefik docker compose tutorial, reverse proxy, cloudflare, hussein nasser, traefik dashboard, traefik ssl, Unraid

Id: pU7JvIrthxg

Channel Id: undefined

Length: 43min 31sec (2611 seconds)

Published: Sun Jan 16 2022