Skip to content

Instantly share code, notes, and snippets.

Last active July 26, 2024 17:00
Show Gist options
  • Save joseluisq/307682c96749e86ca1127c43c5b1fd69 to your computer and use it in GitHub Desktop.
Save joseluisq/307682c96749e86ca1127c43c5b1fd69 to your computer and use it in GitHub Desktop.
Install and configure Traefik as Reserver Proxy in a non-docker environment.

Traefik as Reserver Proxy in RHE/CentOS 7

Install and configure Traefik as Reserver Proxy in a non-docker environment.

Donwload and install Traefik

curl -L -o /usr/local/bin/traefik
chmod +x /usr/local/bin/traefik
ln -s /usr/local/bin/traefik /usr/bin/traefik

Configure it as Systemd deamon

cp traefik.service /etc/systemd/system/
systemctl daemon-reload
systemctl start traefik.service
systemctl status traefik.service
systemctl enable traefik.service

Finally, just navigate to Enjoy!

# Run traefik as its own user (create new user with: useradd -r -s /bin/false -U -M traefik)
# configure service behavior
#ExecStart=/usr/bin/traefik --configFile=/etc/traefik/traefik.toml
ExecStart=/usr/bin/traefik --configFile=/root/monitor/traefik/traefik.toml
# lock down system access
# prohibit any operating system and configuration modification
# create separate, new (and empty) /tmp and /var/tmp filesystems
# make /home directories inaccessible
# turns off access to physical devices (/dev/...)
# make kernel settings (procfs and sysfs) read-only
# make cgroups /sys/fs/cgroup read-only
# allow writing of acme.json
# depending on log and entrypoint configuration, you may need to allow writing to other paths, too
# limit number of processes in this unit
logLevel = "INFO"
# Default entry points
address = ":80"
entryPoint = "https"
permanent = true
address = ":443"
regex = "^https://www.(.*)"
replacement = "https://$1"
permanent = true
compress = true
minVersion = "VersionTLS12"
cipherSuites = [
## Add basic authentication
usersFile = "/some/path/traefik/.htpasswd"
# Enable ACME (Let's Encrypt): automatic SSL.
email = ""
storage = "acme.json"
entryPoint = "https"
main = ""
# File configuration (frontends and backends)
watch = true
## Note: Here my backend is called "graph"
url = "http://localhost:8081"
entryPoints = ["https"]
backend = "graph"
passHostHeader = true
rule = ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment