Traefik v2.6+ | How to Install and Why You Should (plus Authelia, Traefik Pilot)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
konnichiwa ibrahimi and welcome back  to another ibracorp video in today's   world we're all using technology to help us get  where we need to go quicker and more efficient   than ever the line between consumer prosumer  and enterprise slowly begins to diminish as more   and more people try to self-host things that are  above the typical level of experience and skills   that's why we need to find modern problems and  give them modern solutions and as time goes on we   move from using traditional software and resources  to looking into more advanced more complicated   but overall more efficient forms of getting our  information across the internet and to the world   thinking of the internet as roads we can imagine  that data moving through these pipelines just like   cars in traffic need to find their way in the most  efficient way possible for example we use tools   like google maps to tell us what the quickest  way is through a traffic jam to get to where   we need to go in some cases we have a traffic  cop sitting in the middle of an intersection   pointing the traffic to where they need to go  and when they can go that's why today we're   going to be showing you one of the most hotly  requested topics and we're going to show it to   you so that everyone can hopefully understand  how to use and implement this tool for your own   setup either at home or for your business  today we're going to be looking at traffic   it's a subject that's eluded us  for quite some time and it's a very   complicated topic when you first encounter  the documentation or the application itself   i'm sure anyone here who's actually jumped in and  used traffic themselves or tried to give it a go   at least could have found it pretty intimidating  at first trying to understand all of its different   terminologies and technology that it uses in  order to get a reverse proxy up and running   but i'm hoping after today's video you guys will  agree that it's actually not that complicated   when it's explained correctly on top of  that we're going to show you extra tidbits   that match in with all of our documentation  so far today and for those who have deployed   things like orthelia we're going to show you  how to apply orthelia over your sub-domains   using traffic and you're going to see exactly how  easy it is to really secure stuff without having   to copy and paste the config file in each single  proxy wearing something like ingenex proxy manager   or swag comes involved with traffic we have a  variety of different versatile tools that we   can use simply applying labels to our docker  containers will get us where we need to go   so if you've had traffic on your wish list for  quite some time you wanted to dig in and give it   a try but you just haven't had the chance or you  felt like you didn't have the time to put into it   to try and understand everything then we've got  the video for you here today so thanks for coming   to checking out the video we hope you enjoy it and  without further ado let's just get stuck into it so guys thank you very much for coming in  this week it's a pleasure to have you back   i know this subject has been requested for quite  some time basically since we started the channel   and we've covered two other major reverse  proxies which are nginx proxy manager and swag   now and traffic is another one that we're  going to add to our list of reverse proxies   that we've covered with some others in future but  we think traffic is probably going to be the most   requested one in terms of trying to understand  its complexity and making it easy to get and i   guarantee you guys by the time you get through our  guide we're going to really help you figure this   out it's going to be smooth as butter now before  we start i have to give some credits because this   is one of our projects that takes us quite some  time to develop in fact it's actually taken a few   months to develop this one so just a quick shout  out to a couple of people before we get started   in the credit section on our documentation we'd  like to thank hawkes hawks has basically run this   project single-handedly managing all the different  resources that we can use and uh he's worked very   closely with our community member boston thank  you very much for all your input we couldn't   have done it without you boson is a expert in  traffic and that's what he's brought to the table   so often we will work with our community  members who are experts in a certain field   and if they're willing to they help us and give  us a lot of information that they are experts in   so then we can work together and make that more  user friendly for our community so that we can   get more guides out there so thank you very much  uh boson we really appreciate it you will find   bosan's twitter link in the guide so that you can  thank him yourself if you like as well but also   we've got hawks here so make sure you check out  hawkes on github if you like if you want to help   support hawker his work on this one specifically  you can otherwise any support you provide to   ibracorp will also help as well and also to our  beta team we do have a beta team guys which will   do an announcement soon for a new recruitment  drive but we have a team of beta testers which   are basically community members who have put  their hands up to say they want to try stuff out   and that helps us get our guides written up and  ready dispatched and out to everyone in the most   efficient way possible and it helps us test things  out before we get it out there so we like to cross   track our work as much as we can in the time we're  given and again we're all volunteers including our   beta team so thank you very much beta team for  your help on this one we really appreciate it so   with that said we can now start looking at traffic  so if you don't know what it is what is traffic   well according to their own words it's the world's  most popular cloud native application proxy it's   a mouthful already that helps developers and ops  teams build deploy and run modern micro services   applications quickly and easily long story short  guys it does act as a reverse proxy now traffic   as a whole has different branches and different  things that it actually does especially when it   comes to an enterprise environment today we are  only going to be looking at traffic proxy i will   also add towards the end something about traffic  pilot so you guys can have a quick understanding   of that as well so what are our assumptions now in  case you don't know this doc will be live when the   video goes live so be sure to read through the  documentation very thoroughly we do everything   we can but sometimes we miss stuff so if we do  we'll have a link in the sidebar here that will   allow you to submit an edit and we will merge it  if we think it's appropriate for the assumptions   we are looking for people who have the community  apps installed which have hyperlinked our video   for that you're using cloudflare as your dns also  our video is hyperlinked there and optionally if   you have orthelia we will show you how to use  authelia with traffic so that it's all ready to   go now i assure you that using this method with  traffic authority will work really really easily   and we always highly recommend it it really helps  protect your infrastructure it will be a massive   time saver for you if you get it set up now  looking in the documentation we have a very   detailed description of how what traffic is and  how it works now there's a whole bunch of stuff   here it's an open source edge router and it makes  publishing services fun and an easy experience   it receives requests on behalf of your system and  finds out which components are responsible for   handling them what sets traffic apart besides its  many features is that it automatically discovers   the right config for your services that happens  by traffic basically inspecting our infrastructure   finds the relevant info and discovers which  service serves which request so in our case   we're going to be showing you docker and how  to proxy a vm as well and uh basically with the   docker side of things we apply a label to a docky  container and traffic will already know what to   do with it because of how we've configured it in  the config file so a little bit more details there   but i'm going to keep going because it is a very  big subject so we have some good images there to   help you understand what's going on i will also  note that we are going to show you two different   installation methods in today's video i will  mostly show you the unraid installation method   however box has worked very very hard to make sure  we've got a docker compost version as well so for   those who are running docker compos you can still  watch our video and see how we're doing things but   for your specific config files and instructions  we have a completely different section here   just for that so i highly recommend you check out  both options if you're using unraid just stick to   one but docker compost guys you've got that as  well and just to let you know in 2022 we are   going to be moving towards more of this docker  compost stuff so we hope you guys really enjoy   that because it's going to be really exciting to  look into more docker compost stuff for you guys   now in here if you look at boson's uh username you  can see his twitter's been linked so be sure to   check that out if you like and we've got all of  our usual links so what i'm going to do guys is   i'm going to follow the documentation off screen  and you guys can follow along and basically we'll   be able to run it through together so starting  here on unraid let's get going let's see how we go   beautiful so we're in our unraid server now  our beautiful look and unraid server osiris   and we've seen him many times he comes  in in every video pretty much lately   and we've got a couple of things that we want to  start off with so the first thing is i'll just let   you know how we've got this set up okay so then  you can compare it to your own setup so right now   i'm using nginx proxy manager and i've got the  cloudflare tunnel running as well it talks to npm   and npm is what's reverse proxying our stuff well  what we want to do is set up traffic now to do   that we can do it with and without the tunnel if  you guys are following our video on the tunnel and   you have your tunnel established you can still use  traffic so that we don't have to open ports 80 and   443 on our router or firewall if you don't want  to use the tunnel or you're not using the tunnel   then you can also use our guide to just  basically open the ports and do it that way   if you haven't seen our cloudflare tunnel video  be sure to check that out so let's start with   the app store head over to the app store  and on the app store at the moment you're   going to see our container template right  at the top but if you don't just search for   traffic and uh obviously it's t-r-a-e-f-i-k and  you'll see our image there so let's click on that   it's got a bit of a description on what's going  on we've got our link to our documentation page   and we've also got our discord so be sure to  jump in our discord and have a chat with us if   you need some help we'll do our best to help  you guys out first things first let's click   on install install will bring us to our template  page and on here we need to make a few changes so   first thing looking at our network type at the  moment it's on bridge what we want to do is put   that in our custom docker network if you don't  know how to do that we have a video on doing that   then we'll start running through the different  parameters and variables that we've got configured   so the config folder by default it's app data  slash trap traffic so we'll leave that as is   we've got our docker socket we don't need  to change that we can leave it as is as well   the https port so 443 what do you want that  map to we've put in by default 44301 just see   if that's free on your system same goes for 8001  which is for port 80. so if you're using port 443   01 change it to something else same goes for this  one okay but just remember what it is because   we'll need to put that either in our tunnel config  or we'll need to put it in our port forwarding if   you're using that method then we have our web ui  port so where do we want the web ui to come up   the web ui is completely optional i will also note  that the web ui for traffic is simply a read-only   interface made to be just a dashboard  that you can check in on stuff with   but it won't allow you to do any of sort of the  config or anything that's all done in the config   files and with labels but if you're interested  in that go for it now the cloudflare api token so   we need an api token that's the first thing that  we're going to have to get started with so let's   head over to cloudflare while we've got this up  open a new tab and head to cloudflare so sign into   cloudflare go to your domain you'll be confronted  with this page here now if we scroll down   you'll see your zone id and account id i've  blanked those out on my screen but you'll see   yours there all you need to do is click on get  your api token so click on that on the api token   page you'll see a whole bunch of different options  here what we are not using is the global api so   don't use that one that's less secure what we want  to do is set up a specific token for this purpose   so what we'll do is click on create a token so  once you click create we now need to create the   token now it's got a couple of templates there  we're not going to worry about the templates just   click on create custom token in the name we'll  give it a name we'll just call that traffic under   the permissions we'll apply the following  so in here we'll go to zone zone settings   and read we'll add zone zone itself read one more  zone dns edit and then under zone resources we'll   leave that as include all zones leave everything  else the same and then go to continue to summary   it'll give us a summary and then it will ask us to  create the token so go ahead and create the token   and here's our token i will note to you guys that  this token is super secret so make sure you do not   reveal this token obviously in my case i will be  changing it after the video is finished so we'll   click copy come back to your unread template or  your docker compost file and paste that in here   so what is the token why do we need it so the  reason why we need it is so that traffic can use   our cloudflare account to verify the domain is  ours this allows us to validate and create our let   certificates and verifies our authenticity for the  domain so it's just a lot easier than trying http   validation or anything like that a lot of people  get tripped up with that so we just do this method   and it makes it a lot easier the next field we've  got is the traffic dashboard subdomain by default   we've just put in traffic.domain.com so we  obviously want to change that and in my case   i'm going to call this ibrachor.io and before  i do that we need to make sure this dns exists   so back in our cloudflare account you'll  see here i have a quite a complicated setup   for our dns entries but you can ignore all this  basically we've got our traffic cname set up   and it's pointing to our sub domain now in this  scenario it's pointing to a specific setup i've   made so that we can do the video today but in your  case it's point to wherever your tunnel is so if   you're using the tunnel uh this is where my tunnel  lives so i you usually would point it to here   so you can either point that to your a record  whatever that might be or if you're using the   tunnel whichever cname you have for your tunnel  address point it to there so that we've got that   ready to go we then have the traffic entry point  which is https and just to explain what that's   doing if we click on edit here we can see what  label or what key is being used so what this label   is doing if you want to think of entry points  as literally an entry point or a gate into your   infrastructure it's basically taking the http  entry points anything coming in on that 80 and   we want it to be https so then it's saying i want  you to make it https before it will be accepted   we then have the traffic api you don't need to  change that routing traffic to its api dashboard   or thelia protection now if you guys are  not using orthelia you can remove this line   if you are using orthelia leave that in here you  don't need to change it then whether you want to   enable or disable the dashboard so like i said the  dashboard is read only if you don't think you're   going to use it then just set it to false and you  should be right now that's pretty much it for our   initial template it's ready to go once we're done  go ahead and click apply so now back in our docker   tab we can see traffic is running it started but i  guarantee you not much is going on in there and as   you can see in the logs it's completely blank so  what we're going to do is just stop the container   for now we don't need it running and then we'll  carry on with the guide the next thing we need   to do now is create a file called a acme.json and  this stores the ssl cert information so that it   can be secure it also needs specific permissions  so that that file cannot be modified or read   by any unauthorized parties so what we can do is  open the terminal here and we've got the commands   in the written guide for you so you can just copy  and paste it but what we're going to do is paste   it here we've got the make directory for app data  traffic that's done now let's create a blank file   and change the permissions so it will also got  that command in our documentation we'll paste that   we're going to create the file then we're  going to change the permissions to 600   on that file done so with that done we can go  look in the directory that we've created those in   now guys if you haven't seen our last video that  we put out last week on code server i highly   recommend it and here's going to be the perfect  reason why we can basically start editing in our   browser without having to mess around with file  shares so here we are in the updater location i   might just click refresh make sure we've got the  latest stuff then we've got traffic right there   now under traffic we need to create  two files so let's create a new file   and we'll call that first one traffic.yml hit  enter and then we're going to create another   file in the same folder and we're going to  call that file and then capital c for config   dot yml and hit enter again so we've got two  files that we've just created and we've got our   json file there as well now in our guide we have  explained very thoroughly hawkes has done a great   job explaining the files and what they're doing  so they break them down into different sections   the two files are very unique in the sense that  traffic is the traffic.yml is a static file so   that file will not change if you change it on  the fly you'll need to restart traffic for it to   apply those changes however all the stuff that's  dynamic in this dynamic file that we've created   will actually load as you change stuff so as it's  you know if you add a new middleware or anything   like that it will update it live straight  away you don't have to restart the container   you can imagine in a business sense is really  important because you want minimal downtime it   doesn't really make sense to be sitting there  restarting containers that are hosting all of   your web services first things first let's head  into the traffic yml and start configuring that   the first part is the global parameters so we'll  copy this from our guide this is all in there for   you guys we've made it as easy as possible so that  you can just click it and paste it in but we've   gone to the effort of explaining each part so that  you understand exactly what it's doing so here's   our first part a global check new version we've  got the global parameter we want to check for new   versions do we want to send anonymous usage we've  marked it as false change it to whatever you like   the next setting is to allow insecure back-end  connections so let's paste that in here we've got   service transport insecure skip verify is true  usually these connections are done either via   the internal docker network or over a secure lan  this setting allows traffic to connect to that   and use https by default but maybe do not have a  valid certificate so allowing for this insecure   back end will allow traffic to connect to the  app and give it a secure front-end connection   the next part we're going to configure is  the entry points so let's come down a line   and we'll put in the entry points here so i'll  copy this from our guide and we'll start working   through that together entry points are the network  entry points into traffic so like i said earlier   they are the gates to your infrastructure via  traffic they define the port which will receive   the packets and whether to listen for tcp or udp  as well this configuration is basically telling   traffic where and how to accept the incoming  connections or the http requests we want traffic   to accept them on the port 80 but we also want  it to redirect them to https so if you look at   the rule here we've got http port 80. what are  we doing with http i want you to redirect it   where do we want to redirect it to to this entry  point what's the entry point called http all right   excellent where's this https configured right  here so the https entry point then says we're in   443 take http we're going to apply let's encrypt  certificate it's going to be for these domains   and we're also going to apply this security header  on top now we can set any middlewares we want to   use by default in our example we're just setting  one which is for headers and it's explained later   if you want any other middlewares to be loaded  for all requests this is where you will add them   so the perfect example of this is if you wanted  orthelia applied on everything straight off the   bat everything coming through traffic has to  go to orthelia so that you don't have to add   a specific label to every single container you can  just add it in here as a middleware so we can just   go middleware space we just go off at file so then  i don't have to go into each container and add the   orthelia label i can pretty much everything  will just go through there no matter what   for today's example i'm going to leave that out  that's something that you can do if you like   obviously we need to change our domain so make  sure we change our dynam domain to match your   domain having a read through that that looks  correct so we're pretty happy with that now the   next part is providers now providers discover the  service that live on our infrastructure and the   idea is that traffic queries those provider  apis in order to find relevant info about   routing and when it detects a change it  dynamically updates the routes so that's   what makes it a little bit more intelligent than  other reverse proxies the file provider lets you   define the dynamic config which we've created  here under file config.yaml now we could add   them all into this traffic yml but to separate  them is actually better so that we can have a   specific area for that dynamic config stuff but  nevertheless we'll copy that configuration here   we'll back it up and we'll drop it down and then  now we've got our providers section now the next   setting is one of the clever features of traffic  and allows us to dynamically and automatically   add new apps by only adding a few labels to the  app the docker settings we're showing here will   tell traffic to watch the docker network for new  apps and once it detects a new app it will look   for certain labels and we're configuring those  labels later on so let's have a read through that   briefly here you can see the file name so that's  the file that we created earlier and this is the   docker settings that we're going to use so we're  saying i want you to watch docker and i want you   to look for this network now very important if you  haven't created your custom docker network or if   you've got a different name for your custom docker  network you need to make sure you update that part   so in my case it's actually called ibraproxy  all right so i'm going to change that to ibra   proxy make sure you change it to whatever your  custom docker network is now we have our rule   what's our default rule so you can set the rule  on each individual app if you like and say okay   unmanic i want you to be forced to come through  at unmanic.ibracorp.io or perhaps i want it to be   unmanic2.ibracorp however we can set a default  rule so that we don't have to set it on every   single app and it will follow this rule so trim  prefix is going by our container name followed by   the domain name in which case make sure that your  container name matches what subdomain you're using   now the swarm mode refresh seconds is 15 so every  15 seconds it will scan the docker socket and   give us fresh information on what it's picking  up and where it needs to send it to so you can   always rely on it to be constantly checking and  making sure services are up and where it needs to   direct the traffic the next section we're going to  add is for the traffic dashboard so if i go back   we paste that here we've got enable traffic ui  api is set to true and insecure is set to true   if you do not want to use the dashboard set them  to false and you don't have to worry about it the   next section we're going to add so as you guys can  see we're building this up to be how we want it to   be used just keep in mind this is our guide we're  showing you how to get going with it what to do   to you know get your head around it and explain  how it all works but this is totally up to you   you know you can change this around you can look  through the official documentation which we highly   suggest because there's a lot more that you can  put in here if you like and more versatility   but i think if we went through every single thing  it would be over complicated and there's plenty of   those guides out there already so we're trying to  do something different by making this as easy as   possible so anyway we've got the log here and  we've got three levels you can choose you can   choose info debug or error debug will give you  very detailed logs so if you're having trouble   getting it working i highly suggest you change  this to debug here and then restart traffic and   you'll get a lot more details but we'll leave  it on info for now the next section we're going   to add below that is our let's encrypt ssl  certificates now in order for us to do that we   need to define the resolver so we've done that  here by saying let's encrypt is our resolver   and it's responsible for retrieving the  certificates from the acme server traffic   will automatically track the expiry date of  our certificates it generates and if there's   less than 30 days remaining before it expires  traffic will attempt to renew it automatically   which is great and again by having our  cloudflare provider setup for the dns challenge   we're going to avoid a lot of the issues in terms  of trying to renew it because it will always be   able to verify us through the api so we're telling  traffic that we want to use cloudflare to make the   dns challenge request and also to use cloudflare  as the dns resolver now in here change this to   whatever you want now in my case i want it to  be admin for example admin at hebrewcall for io   storage we can leave the same clarify we don't  have to change and then the resolvers we don't   have to change at all so that's the traffic yml  complete we can pretty much leave that now for   using code server it's thankfully been saving for  us as we go so again big props to the code server   it's a cool as hell application so now we're going  to configure the file config.yml now this is a   like i said dynamic file meaning that if we make  any changes to it traffic will pick them up and   load them automatically we don't need to restart  traffic for that to work we'll also use this file   to manage all the middlewares and also add any  external services like vms because the label   part of things we're going to be using for docker  you might have some vms that you want to reverse   proxy as well so we're going to show you how to  do that here the first thing we're going to add   is routers and services i'll just quickly explain  how that works for you and using the official   documentation images it just helps explain stuff  a little bit better so the router here the router   is in charge of connecting incoming requests  to the services that can handle them so we've   got our entry point then we've got our routers  and then the service and then the server itself   okay because you could have multiple and set them  up as load balancing so that if one goes down the   other one's already the services are responsible  for configuring how to reach the actual services   that will eventually handle the incoming requests  so to add an external vm we need to give traffic   a router right here which tells traffic how to  route the requests and which middleware to use   along the way now for me personally the way i like  to understand this to get my head around it was   think of router is literally the route okay  we're trying to tell it how to route this traffic   and to where and middleware is as it says in the  middle between the two giving a certain rule or   some sort of validation that we want to apply over  the top for example orthelia and then where to   point it afterwards as well so in any case let's  paste this from our guide and we've got http going   to home assistant that's our example that we've  put in there for you it doesn't have to be home   assistant you might have something else in my case  i actually have ad guard for example running so   what we can do is say ad guard routing what do we  want to call this router i will call it ad guard   the entry points the rule the home home assistant  make sure our sub domain matches so in fact that's   not correct so then i'll change it to match what  i need it to and we're also giving it the name of   the service now i haven't configured the service  yet it's down here so what we need to do is also   update our service so i think something i'll  quickly touch on while we were doing testing   with the beta team um until we we did fix it in  the end but there was an issue where we couldn't   get to the traffic ui with the default entries  so in a scenario where you want to reverse proxy   something for some reason it's not working  with docker labels whatever the case might be   you can pretty much come in here create a router  and a service exactly like this and just point   it to where you need to go and it will do the  same thing obviously that's a little bit more   intensive than just adding a docker label but  it does the same thing and it's dynamic like   i said so this file as soon as you do it this  file will be accepted by traffic and generated   so let's change this as well i will change  this to ad guard service that we can route that   we come down a little further it's going to ask  for our ip address what's our ip address for   for ad guard it's actually 125 and then 80.  so that's what our ad guide looks like so i've   just configured ad guard as a vm and i want to  reverse proxy that for you now the next thing is   our middleware so like i said middleware something  that we can manually add to each service attached   to the routers pieces of middleware are a means of  tweaking the requests before they're sent to your   service or before the answer from the services  are sent back to the clients that works both ways   and there's several available middleware in  traffic some can modify the request the headers   some are in charge of redirections authentication  etc now middlewares that use the same protocol can   be combined into chains to fit every scenario  so we're going to use these to do many things   including adjusting headers to secure the  app or even forward the request to ophelia   so what i'm going to do is copy the next part  of the config file and we'll drop that in here as you can see we've then broken down to  middlewares which is below this followed by   our orthelia configuration we've got auth the  forward auth and where we want to send it to   now there's a few things that we need to pay  attention to here this part here is the name of   our orthelia container so if your other container  is named auth then you can leave that in my case   it's got the full name so orthelia then comes your  domain is this the domain that you usually use for   orthelia and is that what you've configured if you  followed our thelia guide mind you we were one of   the first to actually create a guide for orthelia  so we have the most detail on it be sure to follow   that through and give it the right name now in my  case i actually called this identity.hebrewcorp.io so you just want to make sure that that's correct  the next part is also for the auth basic we   want to make sure that's correct as well so the  container name is orthelia not auth if you are not   using a custom docker network you're going to have  some trouble because this is not going to work   okay you'll end up needing the ip address instead  of the container name but we highly recommend you   guys use a custom docker network again we did a  video on it so be sure to check it out it's like   one minute long now the next part we're going to  add to this file is the headers so if we go back   and we add this part in we can see we've got  security headers here and that's part of the   middlewares as well now the headers middleware  manages the headers of requests and responses   now with this configuration that we've given you  we'll be using it to add a secure header to all   requests using the below we're able to take our  ssl score up to an a-plus without compromising the   functionality of our apps this will help towards  keeping your apps secure so as explained in our   entry point section traffic yml we added this  middleware to be used by default for all requests   that are passing through traffic so it's another  thing that will be the default rule that you don't   have to think about that is protecting everything  that you add to traffic later now you shouldn't   need to change anything in this header section  that should be perfectly fine as it is now guess   what guys you've just configured traffic this is  pretty much traffic configured when you really   stop and think about it we've got the traffic  wiremail done and we have our file config.yml   done as well so the next step or the next question  you might have is how do we proxy our first   app i'm glad you asked so now that we're done with  the config file let's head back to unraid and what   i'm going to do is actually just start up traffic  here so with the container started let's try and   find a container that we want to reverse proxy  so let's start with unmanic for example so we're   in the container settings for unmanic if we come  down and we get to the bottom what we want to do   is add a couple of labels so click on add another  path port variable label we'll click on label   in the name we'll call that enable traffic  we'll give it the key of traffic.enable   and then we'll give it a value of true and true  click add now we need to add another label and   this is to ensure that traffic only allows the  app to be proxied over https okay we don't want   it going out there over port 80. but the key is  here which is in our written guide as well then   we've got the value of https and then we click on  add now this is more secure because if something   happens and https breaks for whatever reason  uh the redirection doesn't work then it will   not allow to get out on port 80. it just stops  those people that are preying on that scenario   now at this point you can add as many labels as  you like any of them that you're aware of and   have configured otherwise if you're happy with it  let's just click apply now with that done let's go   into our services here in the traffic web ui so  you can see we've gone into the web ui click on   services you'll see straight away the unmanic  has actually popped up now this wasn't here   before it's just straight away come up traffic has  scanned the docker socket and noticed that this   has this label has been applied so that should  now be accessible for us so let's try it   now it wouldn't be a proper tech guide if we  didn't show you the mistakes that we make as well   so under the docker section here in the traffic  yml i forgot to update a particular field so   that wasn't actually working so if we go back  here and we change that to the correct field   that it's supposed to be they may and then  we try again keeping in mind that we just   made a change to the static file so this one  requires us to restart traffic we'll restart it   and then we should be able to access  that sub domain now so let's try that beautiful i've refreshed it and there  it is so now it's being reverse proxied   i'll just show you the tab as you can see  we're going to unmanage the ibracopter io   now what if your application has multiple ports  so by default traffic picks up an exposed port   for every app using the default docker file if for  some reason the developer did not add this port   to the dockerfile or multiple ports are exposed we  may have to tell traffic which port to use for the   web ui so for unraid find the app that you want to  reverse proxy once you're in the template scroll   to the bottom and then you can add the label that  we've got in our written guide now probably the   next one that's going to hold some of you guys up  is if you have an application that runs in https   by default now you know from our nginx proxy  manager videos in those scenarios you would   change the scheme to https so that it could link  the two up with traffic all we need to do is add   again another label and it will allow us to access  it fine so if you have an application that uses   https to get access even locally then you'll need  to add this label so i don't really have anything   in here that does but if i go into just any  container we'll go to unmanic again for example   click on add a label and this is what the label  is so we're saying the traffic http load balancer   server scheme value is of https add that and  then that will give us our https link as well   then it will know that i need to forward it onto a  https endpoint rather than port 80 or http and now   for the finale you've all been waiting for we have  a container it's running it's reverse proxied it's   working fine now we want to add orthelia so in our  guide we've got the label that we want to add but   while we're here we'll go to add another label you  can just call it auth under the key drop that in   and then we've got auth file in as the value so  once you've done that click on add and apply it   now i went into incognito tab i've typed in  unmanic.ibracorp.io and sure enough it's forwarded   us on to orthelia and we now know that orthelia  is protecting that endpoint how easy was that so   basically any other container that you want to do  that to you just go ahead and add the label to it   and other will automatically be applied we don't  need to copy and paste a large string of text   or a large config file or anything like that we  just simply apply that one label and ophthalia   is over the top of it and like we said earlier  back in our traffic yml file if we wanted to   you could add orthelia here and then automatically  everything would have to go through orthelia first   so if you wanted to that is also your option now  if you're like me and you can't seem to get to   the traffic web ui dashboard remotely from your  subdomain address here's what i did to get it   working now we will work on the template i believe  there's something in the template we can fix   but as i was explaining earlier anything that  doesn't work that way we can get around it by   adding it as a router and a service so  coming back to our file config yaml file   this is our dynamic file you can see we've got ad  guard there what i've done is add traffic as well   given at this entry point we've called it this  rule so i said it's accessible at this location   uh that's the service we want apply auth and then  the same for the service down here and where it's   located so i've given it the container name which  is traffic and the port which is 8080. so now with   that done we can actually reach the traffic web  ui and we can access it remotely and it works fine   for those wondering with the vm as well this  is the vm so it is working via our sub domain 2   so that works we've tested that works  all of our reverse proxy settings so far   are working fine all of our reverse proxy's done  keep in mind guys all this time that i've been   showing you this stuff we only really have to  do it once once you've set it up once you set   it up the way you like you can come in later and  add stuff and add middlewares and whatever else   you like as you please but that's pretty much it  on a basic level once you've got this done if we   just add more containers we just add the labels  if we like or if we want to hard code certain   things we can do that i'm going to show you one  extra bonus thing on top of the authelia stuff   just real quick for you so if you're going to  the ui for traffic we'll have a brief look at   what's going on so in here it'll show us our  routers our services and our middlewares we've   also got our tcp and udp so theoretically we  can have game servers going through this as well   which we might look at at the future video it's  also looking at our two different providers   we've got docker and we've got file options  there too then we can actually connect it with   a relatively new feature for traffic which is  traffic pilot if we click on this here it'll ask   you to sign up or sign in now if you don't have  an account you can sign up we've already got one   so we'll sign in for those that are self-hosting i  will note that it does link up to a central place   that isn't controlled by you so if you're not into  that type of thing then you probably don't want to   enable it but for us we think it's quite useful  and i'll show you why if i just click on it now   our instance is now synchronizing to traffic  pilot which is based in the cloud so in here we're   actually getting metrics now if we go to alerts we  can configure it to alert us when there's health   or security issues and how we want it to alert  us so we can configure web hooks or an email   you can even then go down to the metrics and it  will start giving you metrics on what's happening   with your network now why would you want  to use that well it's basically like a   free status check page because now if we let's  say we can't get to our reverse proxied address   instead we go to pilot.traffic.io we're logged in  here we are we can see our server so i've clicked   register this instance and it's now it's given  us a token so again make sure this token stays   private i will change it later we'll click copy  and it tells you exactly where it needs to go   so it needs to go into our traffic dot yml so  down the bottom here just go down to the bottom   so copy that as is then head to your traffic yml  paste that in the bottom make sure it's saved now   again this is in our static file so what  we then need to do is restart our container   wait for that to restart so reload our ui now that  we've restarted the container in the top right   corner we'll open it up and we can see that this  instance has now been connected to our account   so if we click on this we can see this name we can  even rename it and say osiris 2 for example this   is when we deployed it earlier so you can see it's  still got it there but it doesn't pick up that   it's registering anymore so under osiris 2 for  example we can now see the metric and pick that   particular instance as you can imagine it's really  useful for multiple services you've got multiple   sites that you're running you want to look at  it in one place so under pilot.traffic.io now   we can access this anywhere even if our network  is down and if it is down it'll you know give us   an idea on what's happened so we can have a look  and say oh you know we got a peak at this time   and then it looks like it dropped off at about  12 p.m for example or what's our duration looking   like what's the last week in the last month i  think it's a nice little tool and something that   you could really use but here's the real cherry on  top just to finish this video on the highest note   possible if you look in the left hand side we have  an option called plugins again you can also do   this in the actual domain that you've got or local  address whatever it is that you're using but if   you go to plugins you have a whole list of plugins  that you can literally click and install so why   bother watching a youtube video on how to fix log  for shell you can pretty much just come in here   click on details click and paste this stuff that  it's telling you to and away you go how easy is   that so log4 shell mitigation do you want to avoid  it perfect grab this static code here paste it   in your static file if it's in your dynamic file  paste it there as well here's what they give you   done don't have to worry about log4 shell anymore  you've also got all these other ones you've got   fail to ban built in so those who have complained  that nginx proxy manager doesn't really have that   i fully agree with you and here's an easy way to  do it how easy is that click on details add this   to your config file and away you go you've got  fail to ban running do you want jwt middleware   do you want ldap authentication key cloak  middleware the list goes on and on and this gives   you everything that you might possibly imagine so  guys we've reached the end of the guide i hope you   guys really enjoyed it like i said this was one  of our super detailed guides that took a lot of   time a lot of effort and a lot of commitment from  our team and from our community we couldn't have   done it without our community members and that  includes you guys watching our youtube videos so   thank you very much for your support again a big  thank you to hawkes and beaucian for their work   working on the documentation all these last few  months this has been one of the most elusive   subjects out there and we now hope that it will  help you get started with traffic and help you   get your reverse proxy on an enterprise level  whether it be at home or at your business if   you enjoy what we do please think about supporting  us you can see our links down in the description   below at the very least please like the video  and subscribe it really helps youtube get us out   there to others who might enjoy our work as well  and like i said for those who like using docker   and docker compos instead of unraid we'll have a  lot more content for you moving forward as well   as we try to do more alongside each other to help  all of our different community members benefit   from our guides as well if you have any feedback  drop it in the comments below or in our discord   we'd love to see you there thank you very much  and we'll see you in the next hibricorp video you
Info
Channel: IBRACORP
Views: 80,873
Rating: undefined out of 5
Keywords: traefik unraid, ibracorp traefik, Traefik 2.6, traefik v2, traefik authelia, ibracorp, ibra corp, traefik v2 tutorial, traefik 2.5, traefik, traefik 2, authelia, authelia setup, traefik 2 tutorial, traefik basic auth, tutorial traefik, traefik nginx, traefik tutorial, traefik docker, traefik reverse proxy, traefik docker compose, selfhosted, nginx proxy manager, traefik docker compose tutorial, reverse proxy, cloudflare, hussein nasser, traefik dashboard, traefik ssl, Unraid
Id: pU7JvIrthxg
Channel Id: undefined
Length: 43min 31sec (2611 seconds)
Published: Sun Jan 16 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.