Here are some profound knowledge I’ve gathered so far:
- Using Traefik to route its own traffic is absolutely workable, you just need to:
- make sure Traefik itself is discoverable by Traefik, and
- setup certificate using
tls.certresolver, and - setup basic auth if insecure mode is not enabled, it seems to be required.
- Understand that a 404 error most likely means the docker-compose file is somehow incorrect, or is missing tags required by Traefik.
- Make sure spellings are correct. A misspelled file name or middleware name will not cause docker-compose to die.
- Watch for indentation errors in your .yml files. The way docker-compose complain about a malformed .yml file is not very straight-forward. But at least it fails immediately when this does happen.
- You must use
htpasswdto generate your basic auth passwords. To install it, it is under theapache2-utilspackage for apt. - You have to either
docker-compose upordocker-compose createbefore some changes to the docker-compose file will take effect. - For each subdomain needing a certificate, you must have a corresponding A record for that subdomain, if you are using
--certificatesresolvers.mytlschallenge.acme.tlschallenge=true.- there’s gotta be a way to put a wildcard cert in the certificate store and make Traefik use that