|
1 | | -## Traefik Configuration |
2 | | -(Thanks @DennisGaida) |
| 1 | +# Traefik Configuration |
| 2 | + |
| 3 | +(Thanks [DennisGaida](https://github.com/DennisGaida) and [Niek](https://github.com/Niek)) |
| 4 | + |
| 5 | +Below is a complete docker-compose example for bringing up Traefik + headscale + headscale-ui. Run with: `docker-compose up -d` and headscale-ui will be accessible at <http://localhost/web>. |
| 6 | + |
3 | 7 | ```yaml |
| 8 | +version: '3.9' |
| 9 | + |
| 10 | +services: |
4 | 11 | headscale: |
5 | 12 | image: headscale/headscale:latest |
| 13 | + pull_policy: always |
6 | 14 | container_name: headscale |
7 | 15 | restart: unless-stopped |
8 | | - networks: |
9 | | - - traefik_proxy |
10 | 16 | command: headscale serve |
11 | 17 | volumes: |
12 | | - - $DOCKERDIR/headscale/config:/etc/headscale |
| 18 | + - ./headscale/config:/etc/headscale |
| 19 | + - ./headscale/data:/var/lib/headscale |
13 | 20 | labels: |
14 | | - - "traefik.enable=true" |
15 | | - ## HTTP Routers |
16 | | - - "traefik.http.routers.headscale-rtr.entrypoints=https" |
17 | | - - "traefik.http.routers.headscale-rtr.rule=Host(`hs.${DOMAIN_PUBLIC}`)" |
18 | | - ## Middlewares |
19 | | - - "traefik.http.routers.headscale-rtr.middlewares=chain-no-auth@file" |
20 | | - ## HTTP Services |
21 | | - - "traefik.http.routers.headscale-rtr.service=headscale-svc" |
22 | | - - "traefik.http.services.headscale-svc.loadbalancer.server.port=8080" |
| 21 | + - traefik.enable=true |
| 22 | + - traefik.http.routers.headscale-rtr.rule=PathPrefix(`/`) # you might want to add: && Host(`your.domain.name`)" |
| 23 | + - traefik.http.services.headscale-svc.loadbalancer.server.port=8080 |
23 | 24 |
|
24 | 25 | headscale-ui: |
25 | 26 | image: ghcr.io/gurucomputing/headscale-ui:latest |
| 27 | + pull_policy: always |
26 | 28 | container_name: headscale-ui |
27 | 29 | restart: unless-stopped |
28 | | - networks: |
29 | | - - traefik_proxy |
30 | 30 | labels: |
31 | | - - "traefik.enable=true" |
32 | | - ## HTTP Routers |
33 | | - - "traefik.http.routers.headscale_ui-rtr.entrypoints=https" |
34 | | - - "traefik.http.routers.headscale_ui-rtr.rule=Host(`hs.${DOMAIN_PUBLIC}`) && PathPrefix(`/web`)" |
35 | | - ## Middlewares |
36 | | - - "traefik.http.routers.headscale_ui-rtr.middlewares=chain-no-auth@file" |
37 | | - ## HTTP Services |
38 | | - - "traefik.http.routers.headscale_ui-rtr.service=headscale_ui-svc" |
39 | | - - "traefik.http.services.headscale_ui-svc.loadbalancer.server.port=443" |
40 | | - - "traefik.http.services.headscale_ui-svc.loadbalancer.server.scheme=https" |
41 | | - - "traefik.http.services.headscale_ui-svc.loadbalancer.serversTransport=disableSSLCheck@file" |
42 | | -``` |
| 31 | + - traefik.enable=true |
| 32 | + - traefik.http.routers.headscale-ui-rtr.rule=PathPrefix(`/web`) # you might want to add: && Host(`your.domain.name`)" |
| 33 | + - traefik.http.services.headscale-ui-svc.loadbalancer.server.port=80 |
43 | 34 |
|
44 | | -and `traefik.yaml` |
45 | | -```yaml |
46 | | -http: |
47 | | - serversTransports: |
48 | | - disableSSLCheck: |
49 | | - insecureSkipVerify: true |
50 | | -``` |
| 35 | + traefik: |
| 36 | + image: traefik:latest |
| 37 | + pull_policy: always |
| 38 | + restart: unless-stopped |
| 39 | + container_name: traefik |
| 40 | + command: |
| 41 | + - --api.insecure=true # remove in production |
| 42 | + - --providers.docker |
| 43 | + - --entrypoints.web.address=:80 |
| 44 | + - --entrypoints.websecure.address=:443 |
| 45 | + - --global.sendAnonymousUsage=false |
| 46 | + ports: |
| 47 | + - 80:80 |
| 48 | + - 443:443 |
| 49 | + - 8080:8080 # web UI (enabled with api.insecure) |
| 50 | + volumes: |
| 51 | + - /var/run/docker.sock:/var/run/docker.sock:ro |
| 52 | + - ./traefik/certificates:/certificates |
| 53 | +``` |
0 commit comments