Post

Put Wildcard Certificates and SSL on EVERYTHING

Posted Updated
Preview Image
By Techno Tim 1 min read

Today, we’re going to use SSL for everything.No more self-sign certs.No more http.No more hosting things on odd ports.We’re going all in with SSL for our internal services and our external services too.We going to set up a reverse proxy using Traefik, Portainer, and use that to get wildcard certificates from Let’s Encrypt. Join me and let’s secure all the things.

📺 Watch Video

Looking to do this same thing in Kubernetes? Check out traefik + cert-manager on Kubernetes

Docker Setup

See this post on how to install docker and docker-compose

Traefik

1
2
3
4
5
6
7

mkdir traefik
cd traefik
mkdir data
cd data
touch acme.json
chmod 600 acme.json
touch traefik.yml

traefik.yml can be found here

create docker network

1

docker network create proxy

1

touch docker-compose.yml

docker-compose.yml can be found here

1
2

cd data
touch config.yml

1

docker-compose up -d

Portainer

1
2
3
4

mkdir portainer
cd portainer
touch docker-compose.yml
mkdir data

docker-compose.yml can be found here

Generate Basic Auth Password

1
2

sudo apt update
sudo apt install apache2-utils

1

echo $(htpasswd -nb "<USER>" "<PASSWORD>") | sed -e s/\\$/\\$\\$/g

NOTE: Replace <USER> with your username and <PASSWORD> with your password to be hashed.

If you’re having an issue with your password, it might not be escaped properly and you can use the following command to prompt for your password

1

echo $(htpasswd -nB USER) | sed -e s/\\$/\\$\\$/g

Paste the output in your docker-compose.yml in line (traefik.http.middlewares.traefik-auth.basicauth.users=<USER>:<HASHED-PASSWORD>)

Spin up the container

1

docker-compose up -d

Traefik Routes Config

1
2

cd traefik/data
nano config.yml

config.yml here

1

docker-compose up -d --force-recreate

Your folder structure should look like the below, if you are following along with the example.But feel free to make it however you wish just keep in mind you’ll need to change the location in the corresponding files.

1
2
3
4
5
6

./traefik
├── data
│   ├── acme.json
│   ├── config.yml
│   └── traefik.yml
└── docker-compose.yml

⚙️ See all the hardware I recommend at https://l.technotim.live/gear

🚀 Don’t forget to check out the 🚀Launchpad repo with all of the quick start source files

traefik
homelab pi-hole dns traefik portainer ssl self-hosted docker
This post is licensed under CC BY 4.0 by the author.