So, at the moment I’m using Nginx Proxy Manager, but lately I started seeing it moving slower and slower and even though I tried traefik some time ago, I didn’t manage to make it work.

Anyway, I want to start using traefik again, but I want to use it like this:

  • I want to access all my services/containers in my LAN through http (port 80) on something like sub.mylan.home
  • I want to access some of my services over the internet through https (port 443) on sub.mydomain.com

I know this is possible, but I don’t get the hang of the configuration. Somone care to share some tips?

  • vzq@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    6
    ·
    10 months ago

    Yes you can. Just set your routers accordingly.

    Also: it’s probably not what you want. Trivial misconfigs would have disastrous effects.

      • cron@feddit.de
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        10 months ago

        Not OP, but generally, you want to separate internal and external services as much as possible. Some even suggest running external services on a cloud server and internal servers on your LAN.

        If you run internal and external services on the same host, you need to be careful to not make any configuration mistakes. Take extra time to also test what should NOT be possible.

      • BennyInc@feddit.de
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 months ago

        It can happen that your internal services are still reachable from externally, by calling the external IP and setting the Host header manually to sub.mylan.home, even if that were pointing to an internal address. Traefik would only compare the Host header. To secure this you might also add an IP filter for the internal host, but I‘m not sure whether that’d be secure enough.

      • vzq@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        You’ll be putting yourself in a situation where a typo, or a wrong docker compose copy/paste, or a default config you forgot to override, will expose stuff to the Internet.