• 0 Posts
  • 24 Comments
Joined 1 year ago
cake
Cake day: June 15th, 2023

help-circle







  • No worries for the question. It’s not terribly intuitive.

    The configs live on the Traefik server. In my static traefik.yml config I have the following providers section, which adds the file provider in addition to the docker provider which you likely already have:

    providers:
      docker:
        endpoint: "unix:///var/run/docker.sock"
        exposedByDefault: false
      file:
        directory: /config
        watch: true
    

    And in the /config folder mapped into the Traefik container I have several files for services external to docker. You can combine them or keep them separate since the watch: true setting tells it to read in all files (and it’s near instant when you create them, no need to restart Traefik).

    Here is my homeassistant.yml in that folder (I have a separate VM running HASS outside of Docker/Traefik):

    http:
      routers:
        homeassistant-rtr:
          entryPoints:
          - https
          service: homeassistant-svc
          rule: "Host(`home.example.com`)"
          tls:
            certResolver: examplecom-dns
    
      services:
        homeassistant-svc:
          loadBalancer:
            servers:
              - url: "http://hass1.internal.local:8123"
    

    Hope this helps!







  • I would never use their firewalls/gateways, but their switches are pretty good for the price and their APs are decent (although tbh after 3 generations my next AP will likely be an enterprise Aruba).

    That said, I still use Unifi in docker, everything is up to date, and nothing is requiring a sign-in to the cloud. Am I missing something? If it’s just the firewalls, then I’m not surprised since I’ve never been remotely tempted to use them, but it sure isn’t all of their devices.



  • If you, Traefik, and your origin server are on the same network, then it’s going to be one hop regardless of whether you’re hitting the Traefik proxy or the origin server. If Traefik is serving up the origin server’s cert and not the LE cert, then Traefik is misconfigured to pass through instead of proxy, but I’m still not sure that’s the case as it’s almost harder to configure it that way than the correct way as a proxy.

    What IP:port is your origin server listening on, what IP:port is Traefik listening on, and how is Traefik configured to reach the origin server?





  • Third. The first thing I mention when one of my clients asks anything about PCI is to offload as much card processing onto third parties as possible.

    And if you have nothing in place yet, then 100% offloaded should be possible (with the possible exception of secure payment terminals if you need to process physical cards).

    That said, it is still possible to use your own hosted WordPress storefront and offload the payment processing via tokenization or redirection. But a turnkey solution like Shopify might be better if you lack the experience.