Basic Reverse Proxy Setup With Traefik

Make sure you point your domain to your home IP address. If you’re in need of dynamic DNS support, look into cloudflare or duckDNS. You can use something like this to keep it up to date.

My server doesn’t use the default 80/443, so I’ve used the docker ports block to bind to 81/444.

I use an external proxy docker network that containers in other stacks can attach to in order to hook to the reverse proxy.

version: "3"
services:
  traefik:
    container_name: traefik
    command:
      #- "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=proxy"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    environment:
      - log.filepath=/var/log/traefik.log
      - TZ=America/New_York
    image: traefik:v2.9
    labels:
      traefik.enable: true
      traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https
      traefik.http.routers.http-catchall.entrypoints: web
      traefik.http.routers.http-catchall.middlewares: redirect-to-https
      traefik.http.routers.http-catchall.rule: HostRegexp(`{host:.+}`)
    ports:
      - 444:443/tcp
      - 81:80/tcp
      - 8081:8080/tcp
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /mnt/user/appdata/traefik/letsencrypt:/letsencrypt:rw
      - /mnt/user/appdata/traefik/config/traefik.toml:/etc/traefik/traefik.toml:rw
networks:
  proxy:
    external: true