SSL Everything - Incomplete

[john-clark]

How this is working? I was able to follow your instructions and everything works but why it is not clear what is going on to me.

This seems to be only for local webservers inside the firewall. You say that things come in through the reverse proxy, but only set up a docker network called proxy that is accessible by the local lan. How does letsencrypt connect to verify an internal webserver without a connection to the internet? Is the local lan dns available publicly? Does the service.local.domain.com resolving publicly as a private ip? When I look it up I see a uuid.cfargotunnel.com with a ipv6 address, although I can not reach the service (maybe ufw). Is traefik creating a cloudflared tunnel somehow? Doesn't acme need to verify the website is publicly available? This is what is confusing to me.

When you say "how do we rout an external service" can you clarify external to docker, but it is still internal to lan as external is typically referred to as public internet. The reason for this ticket is that you did not show how this works with external public dns/ip that is internet available website, so I feel like this video is incomplete. The proxy docker external network appears it would mean that it can reach local lan but can it reach ouside? Is there additional steps needed such as setting up cloudflared or punching holes through a firewall to traefik for external connections to finish this project?

I can't find many good articles on Traefik config and their documentation is not great. Traefik doesn't seem to have any GUI settings and is only a dashboard for what is set in the docker compose files, so it's usefulness seems to me to be very limited. Maybe there is a more useful product that doesn't need so many docker configurations. Maybe Caddy, HAProxy, or Nginx Proxy Manager could be explored in a future video.

I also suggest creating variables in your docker files as that would make things much simpler and less confusing. I appreciate your video as it approaches a very complicated topic succinctly. REF: https://www.youtube.com/watch?v=liV3c9m_OX8

[timothystewart6]

Hey, thanks! The docs for this might help. See https://technotim.live/posts/traefik-portainer-ssl/

[john-clark]

I am not sure I follow. Those are the instructions I said I followed and have working, but do not address the points above.

[contactnat]

I got mine working by punching holes, took a bit of trial and error for a noob like me. Also had a conflict on port 443 with another service.

[dualizeo]

yeah I agreed the tutorial is incomplete but still good! I also struggled to figure out domain aspect of things, so I had to look at other youtubers like DB Tech. source https://youtu.be/b83S_N1kkJM

What I believe is missing is the aspect of setting up CloudFlare DNS configuration, what I did was setup a "A Record" in CloudFlare pointing to my home IP and a "CNAME Record" pointing to my subdomain for labeling traefik, and I use used PiHole on my ubuntu setup to manage local DNS.

I managed to get it working since I'm new to Linux & self hosting it just took me a couple of days. ( I also checked my firewall and there's no port forwarding ) In addition you can look up videos on self hosted Zero Trust Tunnels from CloudFlare

[foxtrot989]

The tutorial is great and managed to get everything setup and working using letsencrypt. I however also don't understand how Tim managed to get to services outside of the docker network "proxy". I have been at it for a couple days now and just can't manage to get traefik to create the routes to services (docker containers using exposed ports) on different hosts. I have even used network_type: host for the other services but no luck.

The only option I can think of that might work is setting traefik container to use host type network instead of the internal docker network "proxy".