Home Put Wildcard Certificates and SSL on EVERYTHING
Post
Cancel

Put Wildcard Certificates and SSL on EVERYTHING

Today, we’re going to use SSL for everything. No more self-sign certs. No more http. No more hosting things on odd ports. We’re going all in with SSL for our internal services and our external services too. We going to set up a reverse proxy using Traefik, Portainer, and use that to get wildcard certificates from Let’s Encrypt. Join me and let’s secure all the things.

📺 Watch Video

Looking to do this same thing in Kubernetes? Check out traefik + cert-manager on Kubernetes

Docker Setup

See this post on how to install docker and docker-compose

Traefik

1
2
3
4
5
6
7
mkdir traefik
cd traefik
mkdir data
cd data
touch acme.json
chmod 600 acme.json
touch traefik.yml

traefik.yml can be found here

create docker network

1
docker network create proxy
1
touch docker-compose.yml

docker-compose.yml can be found here

1
2
cd data
touch config.yml
1
docker-compose up -d

Portainer

1
2
3
4
mkdir portainer
cd portainer
touch docker-compose.yml
mkdir data

docker-compose.yml can be found here

Generate Basic Auth Password

1
2
sudo apt update
sudo apt install apache2-utils
1
echo $(htpasswd -nb "<USER>" "<PASSWORD>") | sed -e s/\\$/\\$\\$/g

NOTE: Replace <USER> with your username and <PASSWORD> with your password to be hashed.

If you’re having an issue with your password, it might not be escaped properly and you can use the following command to prompt for your password

1
echo $(htpasswd -nB USER) | sed -e s/\\$/\\$\\$/g

Paste the output in your docker-compose.yml in line (traefik.http.middlewares.traefik-auth.basicauth.users=<USER>:<HASHED-PASSWORD>)

Spin up the container

1
docker-compose up -d

Traefik Routes Config

1
2
cd traefik/data
nano config.yml

config.yml here

1
docker-compose up -d --force-recreate

Your folder structure should look like the below, if you are following along with the example. But feel free to make it however you wish just keep in mind you’ll need to change the location in the corresponding files.

1
2
3
4
5
6
./traefik
├── data
│   ├── acme.json
│   ├── config.yml
│   └── traefik.yml
└── docker-compose.yml

⚙️ See all the hardware I recommend at https://l.technotim.live/gear

🚀 Don’t forget to check out the 🚀Launchpad repo with all of the quick start source files

This post is licensed under CC BY 4.0 by the author.

Using Pi-Hole for Local DNS - Fast, Simple, and Easy Guide

Is adding 3 MILLION domains to your Pi-Hole Block List a good thing?