robertcsakany
commented
3 years ago +1 From next week I will have time. I've already planned several weeks ago to add traefik support to be able to proxy ports other than HTTP.
Open greggameplayer opened 3 years ago
robertcsakany
commented
3 years ago +1 From next week I will have time. I've already planned several weeks ago to add traefik support to be able to proxy ports other than HTTP.
robertcsakany
commented
3 years ago I have some working prototype in a docker compose file which can do the following things:
Please guys check it. Have to discuss how can be integrated to current templates - @Slyke ?
version: '3.3'
networks:
inbound:
driver: bridge
internal:
driver: bridge
services:
# #############################################################################
# #############################################################################
portainer:
container_name: portainer
image: portainer/portainer
restart: unless-stopped
ports:
- target: 9000
published: 9000
mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./volumes/portainer/data:/data
networks:
- inbound
labels:
- "traefik.enable=true"
- "traefik.docker.network=inbound"
- "traefik.http.routers.portainer.entrypoints=http"
- "traefik.http.routers.portainer.rule=Host(`portainer.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.portainer.middlewares=secured"
- "traefik.http.routers.portainer-secure.entrypoints=https"
- "traefik.http.routers.portainer-secure.rule=Host(`portainer.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.portainer-secure.tls.certresolver=tls"
- "traefik.http.routers.portainer-secure.middlewares=secured"
- "traefik.http.routers.portainer-secure.service=portainer-secure"
- "traefik.http.services.portainer-secure.loadbalancer.server.port=9000"
# #############################################################################
# #############################################################################
nodered:
container_name: nodered
build: ./services/nodered/.
restart: unless-stopped
user: "0"
privileged: true
env_file: ./services/nodered/nodered.env
ports:
- target: 1880
published: 1880
mode: host
volumes:
- ./volumes/nodered/data:/data
depends_on:
- mosquitto
networks:
- internal
- inbound
labels:
- "traefik.enable=true"
- "traefik.docker.network=inbound"
- "traefik.http.routers.nodered.entrypoints=http"
- "traefik.http.routers.nodered.rule=Host(`nodered.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.nodered.middlewares=secured"
- "traefik.http.routers.nodered-secure.entrypoints=https"
- "traefik.http.routers.nodered-secure.rule=Host(`nodered.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.nodered-secure.tls.certresolver=tls"
- "traefik.http.routers.nodered-secure.middlewares=secured"
- "traefik.http.routers.nodered-secure.service=nodered-secure"
- "traefik.http.services.nodered-secure.loadbalancer.server.port=1880"
# #############################################################################
# #############################################################################
influxdb:
container_name: influxdb
image: "influxdb:latest"
restart: unless-stopped
ports:
- target: 8086
published: 8086
mode: host
- target: 8083
published: 8083
mode: host
- target: 2003
published: 2003
mode: host
env_file:
- ./services/influxdb/influxdb.env
volumes:
- ./volumes/influxdb/data:/var/lib/influxdb
- ./backups/influxdb/db:/var/lib/influxdb/backup
networks:
- internal
# #############################################################################
# #############################################################################
grafana:
container_name: grafana
image: grafana/grafana:6.3.6
restart: unless-stopped
user: "0"
ports:
- target: 3000
published: 3000
mode: host
env_file:
- ./services/grafana/grafana.env
volumes:
- ./volumes/grafana/data:/var/lib/grafana
- ./volumes/grafana/log:/var/log/grafana
networks:
- internal
- inbound
labels:
- "traefik.enable=true"
- "traefik.docker.network=inbound"
- "traefik.http.routers.grafana.entrypoints=http"
- "traefik.http.routers.grafana.rule=Host(`grafana.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.grafana.middlewares=secured"
- "traefik.http.routers.grafana-secure.entrypoints=https"
- "traefik.http.routers.grafana-secure.rule=Host(`grafana.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.grafana-secure.tls.certresolver=tls"
- "traefik.http.routers.grafana-secure.middlewares=secured"
- "traefik.http.routers.grafana-secure.service=grafana-secure"
- "traefik.http.services.grafana-secure.loadbalancer.server.port=3000"
# #############################################################################
# #############################################################################
mosquitto:
container_name: mosquitto
image: eclipse-mosquitto
restart: unless-stopped
user: "1883"
ports:
- target: 1883
published: 1883
mode: host
- target: 9001
published: 9001
mode: host
volumes:
- ./volumes/mosquitto/data:/mosquitto/data
- ./volumes/mosquitto/log:/mosquitto/log
- ./services/mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf
networks:
- internal
# #############################################################################
# #############################################################################
telegraf:
container_name: telegraf
image: telegraf
restart: unless-stopped
volumes:
- ./services/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro
depends_on:
- influxdb
- mosquitto
networks:
- internal
# #############################################################################
# #############################################################################
# openhab:
# image: "openhab/openhab:2.5.3"
# container_name: openhab
# restart: unless-stopped
# volumes:
# - "/etc/localtime:/etc/localtime:ro"
# - "/etc/timezone:/etc/timezone:ro"
# - "./volumes/openhab/addons:/openhab/addons"
# - "./volumes/openhab/conf:/openhab/conf"
# - "./volumes/openhab/userdata:/openhab/userdata"
# environment:
# OPENHAB_HTTP_PORT: "8080"
# OPENHAB_HTTPS_PORT: "8443"
# EXTRA_JAVA_OPTS: "-Duser.timezone=Europe/Berlin"
# depends_on:
# - mosquitto
# ports:
# - target: 5007
# published: 5007
# mode: host
# - target: 8080
# published: 8881
# mode: host
# networks:
# - internal
# - inbound
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.openhab.rule=Host(`openhab.<!!! YOURDOMAIN !!!>`)"
# - "traefik.http.routers.openhab.service=openhab"
# - "traefik.http.services.openhab.loadbalancer.server.port=8080"
# - "traefik.http.routers.openhab.tls.certresolver=tls"
# - "traefik.http.routers.openhab.entrypoints=https"
# - "traefik.docker.network=inbound"
#
## # The command node is very important. It overrides
## # the "gosu openhab tini -s ./start.sh" command from Dockerfile and runs as root!
## command: "tini -s ./start.sh server"
# #############################################################################
# #############################################################################
zigbee2mqtt:
container_name: zigbee2mqtt
image: koenkk/zigbee2mqtt
volumes:
- ./volumes/zigbee2mqtt/data:/app/data
devices:
#- /dev/ttyAMA0:/dev/ttyACM0
#- /dev/ttyACM0:/dev/ttyACM0
#- /dev/ttyUSB0:/dev/ttyACM0
# - /dev/serial/by-id/usb-Silicon_Labs_slae.sh_cc2652rb_stick_-_slaesh_s_iot_stuff_00_12_4B_00_21_CC_09_E3-if00-port0:/dev/ttyACM0
- /dev/serial/by-id/usb-Silicon_Labs_slae.sh_cc2652rb_stick_-_slaesh_s_iot_stuff_00_12_4B_00_21_CB_FD_A8-if00-port0:/dev/ttyACM0
restart: unless-stopped
# network_mode: host
ports:
- target: 8080
published: 8882
mode: host
depends_on:
- mosquitto
networks:
- internal
- inbound
labels:
- "traefik.enable=true"
- "traefik.docker.network=inbound"
- "traefik.http.routers.zigbee2mqtt.entrypoints=http"
- "traefik.http.routers.zigbee2mqtt.rule=Host(`zigbee2mqtt.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.zigbee2mqtt.middlewares=secured"
- "traefik.http.routers.zigbee2mqtt-secure.entrypoints=https"
- "traefik.http.routers.zigbee2mqtt-secure.rule=Host(`zigbee2mqtt.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.zigbee2mqtt-secure.tls.certresolver=tls"
- "traefik.http.routers.zigbee2mqtt-secure.middlewares=secured"
- "traefik.http.routers.zigbee2mqtt-secure.service=zigbee2mqtt-secure"
- "traefik.http.services.zigbee2mqtt-secure.loadbalancer.server.port=8080"
# #############################################################################
# #############################################################################
dozzle:
container_name: dozzle
image: amir20/dozzle:latest
restart: unless-stopped
ports:
- target: 8080
published: 8888
mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- internal
- inbound
labels:
- "traefik.enable=true"
- "traefik.docker.network=inbound"
- "traefik.http.routers.dozzle.entrypoints=http"
- "traefik.http.routers.dozzle.rule=Host(`logs.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.dozzle.middlewares=secured"
- "traefik.http.routers.dozzle-secure.entrypoints=https"
- "traefik.http.routers.dozzle-secure.rule=Host(`logs.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.dozzle-secure.tls.certresolver=tls"
- "traefik.http.routers.dozzle-secure.middlewares=secured"
- "traefik.http.routers.dozzle-secure.service=dozzle-secure"
- "traefik.http.services.dozzle-secure.loadbalancer.server.port=8080"
# #############################################################################
# #############################################################################
aliyun-dyndns:
container_name: aliyun-dyndns
restart: unless-stopped
image: sanjusss/aliyun-ddns:0.2.7-linux-arm32v7
networks:
- internal
environment:
- "TZ=Europe/Budapest"
- "AKID=<!!! ALIDNS KEY !!!>"
- "AKSCT=<!!! ALIDNS SECRET !!!>"
- "DOMAIN=traefik.<!!! YOURDOMAIN !!!>,auth.<!!! YOURDOMAIN !!!>,logs.<!!! YOURDOMAIN !!!>,grafana.<!!! YOURDOMAIN !!!>,traefik.<!!! YOURDOMAIN !!!>,nodered.<!!! YOURDOMAIN !!!>,openhab.<!!! YOURDOMAIN !!!>,portainer.<!!! YOURDOMAIN !!!>,zigbee2mqtt.<!!! YOURDOMAIN !!!>"
- "REDO=30"
- "TTL:30"
# #############################################################################
# #############################################################################
traefik:
restart: unless-stopped
network_mode: host
depends_on:
- aliyun-dyndns
image: "traefik:v2.3"
container_name: "traefik"
command:
- "--log.level=INFO"
- "--api=true"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.http.address=:80"
- "--entrypoints.https.address=:443"
- "--certificatesresolvers.tls.acme.tlschallenge=true"
- "--certificatesresolvers.tls.acme.email=<!!! YOUR EMAIL !!!>"
- "--certificatesresolvers.tls.acme.storage=/letsencrypt/tls-acme.json"
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8080
published: 8080
protocol: tcp
mode: host
environment:
- "TZ=Europe/Budapest"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./volumes/traefik/letsencrypt:/letsencrypt"
- "./volumes/traefik/etc:/etc/traefik"
labels:
- "traefik.enable=true"
- "traefik.docker.network=inbound"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.traefik.middlewares=secured"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.traefik-secure.tls.certresolver=tls"
- "traefik.http.routers.traefik-secure.middlewares=secured"
- "traefik.http.middlewares.secured.chain.middlewares=https-only@docker,test-auth@docker"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.test-auth.forwardauth.Address=http://traefik-forward-auth:4181"
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User"
- "traefik.http.routers.traefik-secure.service=traefik-secure"
- "traefik.http.services.traefik-secure.loadbalancer.server.port=8080"
# #############################################################################
# #############################################################################
traefik-forward-auth:
image: thomseddon/traefik-forward-auth:2-arm
container_name: traefik-forward-auth
restart: unless-stopped
ports:
- target: 4181
published: 4181
protocol: tcp
mode: host
networks:
- internal
- inbound
environment:
- "PROVIDERS_GOOGLE_CLIENT_ID=<!!! GOOLE OAUTH API CLIENT ID !!!>"
- "PROVIDERS_GOOGLE_CLIENT_SECRET=<!!! GOOLE OAUTH API CLIENT SECRET !!!>"
- "SECRET=<!!! SOME GENERATED SECET !!!>"
- "COOKIE_DOMAIN=<!!! YOURDOMAIN !!!>"
- "INSECURE_COOKIE=false"
- "AUTH_HOST=auth.<!!! YOURDOMAIN !!!>"
- "URL_PATH=/_oauth"
- "WHITELIST=<!!! YOUR ACCEPTED EMAIL 1 !!!>,<!!! YOUR ACCEPTED EMAIL 2 !!!>,<!!! YOUR ACCEPTED EMAIL 3 !!!>"
- "TZ=Europe/Budapest"
- "LOG_LEVEL=debug"
- "LOG_FORMAT=text"
- "LIFETIME=2592000"
labels:
- "traefik.enable=true"
- "traefik.docker.network=inbound"
- "traefik.http.routers.traefik-forward-auth.entrypoints=http"
- "traefik.http.routers.traefik-forward-auth.rule=Host(`auth.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.traefik-forward-auth-secure.entrypoints=https"
- "traefik.http.routers.traefik-forward-auth-secure.rule=Host(`auth.<!!! YOURDOMAIN !!!>`)"
- "traefik.http.routers.traefik-forward-auth-secure.tls.certresolver=tls"
- "traefik.http.routers.traefik-forward-auth-secure.middlewares=secured"
- "traefik.http.middlewares.secured.chain.middlewares=https-only@docker,test-auth@docker"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.test-auth.forwardauth.Address=http://traefik-forward-auth:4181"
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User"
- "traefik.http.routers.traefik-forward-auth-secure.service=traefik-forward-auth-secure"
- "traefik.http.services.traefik-forward-auth-secure.loadbalancer.server.port=4181"
# #############################################################################
# #############################################################################
samba:
image: dperson/samba:latest
container_name: samba
restart: unless-stopped
environment:
- TZ=Europe/Budapest
networks:
- internal
ports:
- target: 137
published: 137
mode: host
protocol: udp
- target: 138
published: 138
mode: host
protocol: udp
- target: 139
published: 139
mode: host
protocol: tcp
- target: 445
published: 445
mode: host
protocol: tcp
read_only: true
tmpfs:
- /tmp
stdin_open: true
tty: true
volumes:
- ./:/mnt:z
command: '-s "IOT Stack;/mnt;yes;no;no;iot" -u "iot;iot" -p'
Paraphraser
commented
3 years ago I had no idea what Traefik was until I Googled it and landed on this docs page. I worked in data-comms at one point in my career so I think I have a reasonable handle on the problem Traefik is solving. My initial reaction was "wow" and "cool", along with amazement at the time and effort you must have put in to getting it to work.
I have no wish to detract from your achievement or to come across as the resident "Mr Negative" but, on reflection, I'm can't say that I'm convinced that the problem being solved is one that the average IOTstack user is likely to have.
My between-the-lines reading of the Discord discussions and GitHub issues is that the average IOTstack user has a small home network to which they are steadily adding IoT devices and for which a single RPi serves as their data concentrator. To the extent that the average IOTstack user looks outwards beyond their home network, it seems to be for services like Cayenne or LoRaWAN. To the extent that the average IOTstack user looks inwards from beyond their home network, it seems to be for remote access solutions like WireGuard.
BUT, I accept that I may be:
On number 3 in that list, if you thought that the compelling IOTstack use case would be immediately apparent upon seeing your docker-compose.yml, I'm really sorry but that didn't happen for me. No sudden flash of insight. No star on the horizon. I really need help to understand the use case(s) you see for the average IOTstack user.
When I look at your exemplar docker-compose.yml the overall impression I get is that the file looks like it drove over some kind of electronic IED.
If you'll permit a small amount of editorialising, the Traefik doco claims their main goal is, "make it simple to use". If the
docker-compose.ymlchanges are "simple" then I'd really hate to see their definition of "complicated".
What worries me about increasing the complexity of docker-compose.yml is the likely impact it will have on comprehension for the average IOTstack user. There are plenty of users who readily acknowledge Portainer as their first instinct, who report discomfort during their occasional visits to the command line, and who will never admit to more than a minimal understanding of the current level of compose file nitty gritty. Imagine such a person's likely reaction to all the Traefik scaffolding suddenly appearing the next time they run the menu.
There's also the question of the ability of most IOTstackers to test changes they want to propose in PRs for compatibility with Traefik. I look at all that extra detail and, honestly, it gives me the heebies. How should the average IOTstacker approach the problem of developing a new container or making a substantial change to an existing container?
Absent a compelling use case and/or evidence of widespread demand, my two cents is that I think Traefik support is a probably a niche requirement rather than mainstream. Instead of trying to bolt it into SensorsIot/IOTstack, it might be more appropriate to fork a separate repo for those who want Traefik support. A separate community of interest would have the capability and motivation to test changes made to the upstream SensorsIot/IOTstack, augment those changes where necessary to make them "Traefik compatible", and decide when to put changes into production.
However, nobody put me in charge of anything so this is all just one person's opinion. I'll be very interested to see how other people react, and whether they have any ideas on how to manage the increased complexity if Traefik support comes into the current repo.
robertcsakany
commented
3 years ago I tend to always generilaze problems, and use to be not care how long the generated codes are. The reason in my work I'm using meta models and transformations, so for me programming is a tool to create and convert models. Thats the reason I like this project - easy to manage abstract logics - and if you see there are repeating patterns what have to be set in traefik. Maybe it can be generalized more, but I spent 2-3 hours to achive that state, I have no reason to make more abstract, because for me enouh to make templates.
As a matter of fact not a big deal if this compexity is not suitable for this project, I'm managing my own version, my goal is a tool which helps me, and its a big plus if anyone can learn or get some inspirations from my solutions. My IOTStack is a sandbox where I can test things without big consequences. For me more important how easy to access services than the length or complexity of configuration. As I see most of the user don't care about details, only wanna use services which required for their projects. With a good generator they haven't understand the underlying logic. With some good wizard some variations can be configured automatically. Is there DYNS? Allow access from remote - As I see there is PiHole which I think more complex and can cause more damage for local-net (multiple DHCP / routing problem for example) I think this solution seems complex but the result is very simple. I think most of the users does not have clue how the generator / menu itself works, so the complxity there I think does not matter - maybe I'm wrong.
Maybe the problem itself does not exists for most of the users, but there was a topic inside of my PR (this solution is more general and has more feature - https://github.com/SensorsIot/IOTstack/pull/21 . Maybe most of the users does not know the fact that features can be done this easly. I think very little effort to extend the existed merger to add another layers of attributes - its very same as override. I think the complexity can be hide easly for users who doesn't wanna care routing. I think the flexibility can be increased without big increase of complexity.
Originally my intention was not about to solve the external access of my services, but to resolve port hell. I'm unable to. memorize 10 ports for 10 service - and I have more than 100 devices at home, mqtt, bluetooth, zigbee and wifi, so I need that the DNS names of devices and services be easly managed. I need that I have a central unit which have be completely replaced in 5 minutes - so if something goes wrong, with this solution I can move most of services to a cloud provider (except zigbee) - my wife kills if something goes wrong :) SSO was another thing, I don't wanna make user management per service, and I had lot of experience SAML / SSO authentication in recent times.
So if there are some user interesting, I can make the documentation / template / generator mods.
And about the templates. I have an idea, these whole bunch of container management can be done without compose, with a docker image which can have the configurator and can modelling the images as a box and the links between the services as lines over a web frontend - like how portainer manages container (over mounted unix socket) - but it is not a fork, its a new system and its about service orchestration.
Schnuecks
commented
3 years ago Hi, i think this project could benefit from that. I use nginx as reverse proxy to have it all available under my local domain. I think traefik is a great enhancement. The complexity for users is already given with the port hassle, i don't think normal users will take a deeper look at the docker-compose.yml or create a compose-override.yml but if they do they're not normal users and could take responsibility of the yaml files. normal users run menu.sh create the stack and run it and if it works great. jm2c
Kladderadatasch
commented
2 years ago Has there been any progress on that matter ? There's currently a pull request for nginx in the pipeline, but it looks to me like Treafik would be a much better reverse proxy and I would very much enjoy having one in the main project.
marcelstoer
commented
2 years ago I was pointed here from #410. That full monty Traeffik configuration looks nice but is much more (both feature wise and complexity wise) than I for one would need.
ukkopahis
commented
2 years ago I think it's time to support HTTPS with proper certificates. There are multiple issues and Discord mentions about scenarios needing this. Both linuxserver/swag and Treafik are able to provide it.
I would even consider providing it by default instead of something users have to explicitly add?
@robertcsakany
- All web containers proxied over traefik - means subdomans / URL's can be used
- Automatic Let's encrypt management - means the proxy over HTTPS
Traefik adds a bit of docker-compose.yml verbosity by way of the labels, which you may just ignore if not using Traefik.
Your example seems pretty comprehensive, but I'd add the DuckDNS acme provider.
- SSO Single SignOn with Google - means the management pages can be accessed from outside, but protected with login.
I think SSO integrations should be left as a documented user-options or as a completely separate service, not included by default. Keep it as simple as possible. All services should be able to present their own password prompts or the network is secured and no passwords are even wanted. Note: Nextcloud also has web service integration endpoint URLs that must be open and without SSO interference.
Maybe we could add two mutually exclusive Treafik-services; one with SSO and one without it.
I think very little effort [would be needed] to extend the existing merger to add another layers of attributes - its very same as override.
It would be easy, true. Just add support for service specific overrides. e.g. .tempates/traefik/overrides.yml that work like the already supported compose-override.yml.
But is it worth the additional complexity? I would say it isn't. I feel it would be better to add the labels directly to all service.yml files as needed or use a static configuration.
@Paraphraser
What worries me about increasing the complexity of docker-compose.yml is the likely impact it will have on comprehension for the average IOTstack user.
Yup, it's a valid concern. But maybe a not a too large sacrifice for having all relevant configuration for a service in one place? Maybe even a benefit.
There's also the question of the ability of most IOTstackers to test changes they want to propose in PRs for compatibility with Traefik.
The Traefik stuff being there will remind them that it too needs to be tested. I feel this is a benefit.
Instead of labels, Traefik also support file based configurations. This would be a static configuration listing all possible services. For unreachable/uninstalled services Traefik will just reply "Bad gateway".
mattmeye
commented
1 year ago Hi,
tl;dr my proposal for a traefik container
I also missed traefik in this stack. I came from a rasperry pi kubernetes cluster (microk8s) and used traefik a lot and can contribute a little / can create a pull request. For me, the distributed data level (longhorn) was not stable enough and the performance was rather bad, so I'm keeping my hands off Kubernets on RasperryPis for the time being. I spent quite a lot of money on the Raspberry Pis, so I don't want to replace the hardware with ordinary arm/x64 servers at the moment.
In kubernetes the nicest configuration option of traefik is via custom resource definitions - traefik monitors these resources in every (configured) namespaces and automatically restarts - so every seperate project can just create their needs.
But in this project it doesn't work. In my opinion, the best approach is the infrastructure-as-code approach via YAML configuration. It can be easily backed up and restored.
In my case I used Traefik for the following features:
Due to the many configuration options, I would specify as little as necessary and provide Traefik almost naked. (no sso and so on). I prefer to see interesting use cases and examples documented.
However, I am thinking about already providing the following things:
Are you interested in a pull request?
Kind regards, Matthias
It would be good to add the so called Traefik