Disabling traefik

[citizenjc]

Hey, quick question, I'm assuming this isn't really prepared if I want to switch off traefik and use cloudflare tunnels exclusively to expose services outside of my network, correct? (explanation, I only want to expose two services, overseer and plex, so traefik is overkill). I tried to turn plex to "no" in vars/custom/container_map.yaml but nothing seemed to change.

Thanks in advance.

[citizenjc]

Ok, so disabling traefik in every container seems to work. A network called traefik_network still exists though, but I can live with that I guess. Maybe a suggestion for a change: Disabling "traefik" on container_map should override traefik setting in all containers

[ahembree]

I'm assuming this isn't really prepared if I want to switch off traefik and use cloudflare tunnels exclusively to expose services outside of my network, correct?

It is prepared for that, and actually any requests that flow through the Cloudflare Tunnel do not route through Traefik, so they can be used at the same time with Traefik being an internal reverse-proxy and Tunnel being a public.

I tried to turn plex to "no" in vars/custom/container_map.yaml but nothing seemed to change.

If you re-run a sudo make check, you should see that the Plex container would be removed from the compose file (you'll have to scroll up a bit in the output to see the line removals)

If you happened to mean the traefik container in the container map, then disabling Traefik would remove the Traefik container and also expose all of the containers ports on the host.

I just verified both of these removals behave correctly.

I recommend using Traefik as an internal reverse-proxy with an SSL/TLS certificate so that services have their traffic encrypted to/from the host, otherwise just accessing the service by internal IP/hostname and port may mean they're being accessed over HTTP, which is not secure. This does not require exposing/port-forwarding ports 80/443 on your router since it would only be accessed internally.

Disabling "traefik" on container_map should override traefik setting in all containers

This is the current behavior, though I just realized it does not remove the Traefik labels from the containers (which don't do anything if Traefik is not running).

[citizenjc]

Oh, thanks for such a fast response! I assumed it wasn't doing anything because of the labels x)

Ok, so if I enable the tunnels, traefik will only work internally, got it.

Meanwhile, I'm having the following error in transmission:

Options error: You must define TUN/TAP device (--dev)

I've used your repo before and I remember something similar to this before but not sure what the issues was!? I'm using surfshark

Thanks!

[ahembree]

Thanks for the continued usage!

Ok, so if I enable the tunnels, traefik will only work internally, got it.

Yup, just don't port-forward ports 80/443 to the host from your router 😉

Also I have a fix for the Traefik labels (and probably network) not being removed incoming, turns out I had missed a pretty simple logic check 🤦

For the VPN issue, it seems similar to https://github.com/haugene/docker-transmission-openvpn/discussions/2674.

Try following the directions here: https://github.com/ahembree/ansible-hms-docker/blob/master/docs/Transmission.md

You may just need to set transmission_ovpn_config_file (in vars/custom/transmission.yml) to a specific server listed here: https://github.com/haugene/vpn-configs-contrib/tree/main/openvpn/surfshark

[ahembree]

I have a fix for the Traefik labels not being removed incoming

This should be resolved in: https://github.com/ahembree/ansible-hms-docker/pull/78