traefik
traefik.toml
# Global configuration
defaultEntryPoints = ["http", "https"]
# Entrypoints configuration
[entryPoints]
[entryPoints.traefik]
address = ":8082"
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/etc/traefik/traefik.crt"
KeyFile = "/etc/traefik/traefik.key"
[entryPoints.https.auth]
[entryPoints.https.auth.basic]
users = ["user:$apr1$BlOj2/pZ$X/4raprapqbscHC.R.7bgN/"]
[entryPoints.http.forwardedHeaders]
trustedIPs = ["127.0.0.1/32", "10.10.10.0/24"]
# Static configuration
[file]
[backends]
[backends.traefik]
[backends.traefik.servers.server0]
url = "http://127.0.0.1:8082"
[backends.web]
[backends.web.servers.server0]
url = "http://127.0.0.1:8082"
[backends.blog]
[backends.blog.servers.server0]
url = "http://10.100.100.9:80"
[frontends]
[frontends.traefik]
backend = "traefik"
passHostHeader = true
[frontends.traefik.routes.route0]
rule = "Host:traefik.yuri.local"
[frontends.web]
backend = "web"
passHostHeader = true
[frontends.web.routes.route0]
rule = "Host:web.yuri.local"
[frontends.blog]
backend = "blog"
passHostHeader = true
basicAuth = [
"user:$apr1$BlOj2/pZ$X/4rapqbs1IcHC.R.7bgN/",
"user2:$apr1$u687/2pI$qp0bs7IcKN4gv4yXI3Yuy/",
]
[frontends.blog.routes.route0]
rule = "Host:blog.server.yuri.local"
# API and dashboard configuration
[api]
Users and passwords with htpasswd -nb <user> <pass>.
Self-signed certificates
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/traefik/traefik_cert.key -out /etc/traefik/traefik_cert.crt
Add a trusted certificate
sudo trust anchor /etc/traefik/traefik_cert.crt
trust list
Yours is the one with the label called your.server.local.
Delete a trusted certificate
trust anchor --remove /path/to/certificate.crt
trust anchor --remove "pkcs11:id=%AA%BB%CC%DD%EE;type=cert"