02 - Routing and SSL certificates - Traefik and Portainer
Introduction
When deploying services in our homelab, they’re usually accessed through the insecure HTTP protocol, and this is particularly dangerous if we decide to expose them to the Internet.
We’ve already talked about Cloudflare and how it provides a secure point-to-point SSL tunnel to our internal network. Now we’re going to use Traefik to do two things: automatically assign an SSL certificate to any deployed Docker service (thus also having encription within your internal network) and providing a secure endpoint to each of them.
Also, we’re going to install Portainer to manage all of our Docker workloads.
Getting started
Watch this video and follow the transcribe instructions to get an idea of what we’re going to do:
I advise to watch the full video, but here are some key moments:
Transcribed instructions: Link
Instructions
Prepare an entry-point VM
We’ll need an entry-point server that acts as both HTTP requests router and SSL provider (Traefik).
Make sure yo have a Domain name
This will ease the process and secure connections even more
Install Traefik
I don’t know if it’s because I’m using a Cloudflare Zero-Trust tunnel instead of assigning DNS records pointing towards my public IP, but either Traefik keeps responding with a 404 Page not found error or it fails due to too many redirections.
I’ll try it again following the official documentation.
There’s another guide here that could be useful.
Install Portainer
Portainer is a tool that eases the management and deployment of Docker containers in your infrastructure. Its installation is also pretty straightforward:
- For management purposes, we are going to create a
dockerfolder in ourhomedirectory. This is where we’ll store all of our Docker services configurations:
Pending to install Portainer and control all Docker hosts