Notes on Traefik via Docker

It works!

Here are some profound knowledge I’ve gathered so far:

  1. Using Traefik to route its own traffic is absolutely workable, you just need to:
    • make sure Traefik itself is discoverable by Traefik, and
    • setup certificate using tls.certresolver, and
    • setup basic auth if insecure mode is not enabled, it seems to be required.
  2. Understand that a 404 error most likely means the docker-compose file is somehow incorrect, or is missing tags required by Traefik.
  3. Make sure spellings are correct. A misspelled file name or middleware name will not cause docker-compose to die.
  4. Watch for indentation errors in your .yml files. The way docker-compose complain about a malformed .yml file is not very straight-forward. But at least it fails immediately when this does happen.
  5. You must use htpasswd to generate your basic auth passwords. To install it, it is under the apache2-utils package for apt.
  6. You have to either docker-compose up or docker-compose create before some changes to the docker-compose file will take effect.
  7. For each subdomain needing a certificate, you must have a corresponding A record for that subdomain, if you are using --certificatesresolvers.mytlschallenge.acme.tlschallenge=true.
    • there’s gotta be a way to put a wildcard cert in the certificate store and make Traefik use that