e4d91aadf9
- Full Obsidian vault content - Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte) - Media stack documentation - Traefik HA setup - Automation scripts - Bachelor party planning
2.8 KiB
2.8 KiB
title, created, updated, type, tags, confidence
| title | created | updated | type | tags | confidence | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Docker Traefik Stack | 2026-04-28 | 2026-04-28 | concept |
|
high |
Docker Traefik Stack
Container orchestration and ingress configuration across the homelab. Two Traefik instances provide high-availability routing.
Traefik Instances
| Instance | Host | Role | Version |
|---|---|---|---|
| ubuntu Traefik | 192.168.50.61 | Primary router | v3.6.7 |
| grizzley Traefik | 192.168.50.84 | Edge ACME + ingress | v3.6.7 |
See traefik-ha for the full HA strategy.
Dynamic Config Files (ubuntu)
Located in homelab/ubuntu/traefik/config/dynamic/:
| File | Services Routed |
|---|---|
canonical-hosts.yml |
Grizzley ingress proxy, PVE OpenCode |
gitea.yml |
gitea.tophermayor.com |
homeassistant.yml |
ha.tophermayor.com |
immich.yml |
immich.tophermayor.com |
jellyfin.yml |
jellyfin.tophermayor.com |
jellyseerr.yml |
jellyseerr.tophermayor.com |
media-stack.yml |
Sonarr, Radarr, SABnzbd, Prowlarr, qBittorrent, Lidarr, Readarr (via gluetun) |
middlewares.yml |
30+ middleware definitions |
opencode.yml |
opencode.tophermayor.com |
proxmox.yml |
proxmox.local.tophermayor.com |
stremio.yml |
stremio.local.tophermayor.com |
traefik-dashboard.yml |
traefik.local.tophermayor.com |
truenas.yml |
truenas.local.tophermayor.com |
vaultwarden.yml |
vaultwarden.tophermayor.com |
wildcard-certs.yml |
TLS certificate file references |
Common Middlewares
| Middleware | Purpose |
|---|---|
local-only@file |
Restrict to local network IPs |
authentik-auth@file |
SSO authentication |
security-headers@file |
Add security headers |
crowdsec-bouncer@file |
Rate limiting and threat protection |
Docker Networks
| Network | Scope | Purpose |
|---|---|---|
proxy-net |
External | Traefik-routed services |
app-net |
External | Internal backend communication |
authentik-internal |
Bridge | SSO isolation |
monitoring-internal |
Bridge | Metrics/logs isolation |
immich-internal |
Bridge | Immich DB/Redis/ML |
traefik-proxy |
Bridge (grizzley) | Grizzley edge Traefik |
media-net |
External | Media stack isolation |
Container Labels
Standard Traefik labels:
labels:
- "traefik.enable=true"
- "traefik.http.services.<service>.loadbalancer.server.port=8096"
- "traefik.http.routers.<router>.rule=Host(`service.tophermayor.com`)"
- "traefik.http.routers.<router>.tls.certresolver=cloudflare"
Related
- traefik-ha — Traefik HA strategy across ubuntu + grizzley
- sso-authentik — Authentik SSO middleware
- media-stack — Media automation routing
- hermes-opencode-cluster — OpenCode routing via Traefik