If all you want is uptime monitoring, Uptime Kuma.

CheckMK is too complicated for my monkey brain. After a few days of going through docs, I can’t even get a log file monitoring going.

Alright, wasn’t aware it needed to be both sides

But wouldn’t that be the certificate of the other instance, not your local one?

I personally don’t. It is just messier. I only group things that belong together, like a webserver+database, torrentclient+vpn and so on.

I mean nothing prevents you from using a self signed certificate

Jellyfin and that is about it.

Until they remove our account for no reason

Modern Web trash

Well, TrueCharts (with TrueNAS Scale). The problem with TrueCharts (and IX-system’s implementation of Kubernetes) is that it likes to break itself often, for no reason and with very little you can do to fix it. I’m actively moving away from TrueCharts.

Glad to be here. I have been using Traefik for well over a year, but through TrueCharts, glad to have done this on my own

That seems to have done it!

http:
  routers:
    jellyfin-rtr:
      rule: "Host(`[redacted].com`)"
      entryPoints:
        - websecure
      service: jellyfin-svc
      tls:
        certResolver: letsencrypt
  services:
    jellyfin-svc:
      loadBalancer:
        servers:
          - url: "http://[]redacted]:8096" 

That is the easy part. What I haven’t been able to get working is services outside of docker, ie on other servers

Yes the NPM (Node.js vs NGINX Proxy Manager) is unfortunate, but why would I be comparing package manager to a reverse proxy ey?

I’m aware, but I’m saying in a pinch it will work and when you pass your HBA fully you won’t need to reconfigure anything, at least I didn’t

I guess once I get Traefik to work it might just click (and I can move my configs into the future). I just wish Traefik had at least a config generator UI similar to NPM. I just want "this IP on this port with this certificate = https://url.tld, if you get what I mean

I did try having jellyfin.toml and librespeed.toml but thought that isn’t possible. If it is I would def prefer to go that way.

The syntax errors are weird/concerning

I often save when editing files, that’s why it’s popping up there

Enabled log.level debug but still nothing

The only thing Portainer gives me is weirdly

time=“2023-07-05T20:42:26Z” level=info msg=“Configuration loaded from file: /etc/traefik/traefik.toml”

And syntax errors in my dynamic.toml file, but nothing about routers, services or certificates

I can see those services and routers in the traefik dashboard though

I am using a dynamic file, traefik_dynamic.toml

And it seems like I’m not getting certificates, acme.json doesn’t have those two services in my dynamic config, ie jellyfin and librespeed

Well, it works just fine for Docker containers, but trying to point it at other services is what is making my head hurt. With NPM it is literally “this IP at this port with this certificate = https://service.domain.tld”

version: "3.3"

services:
  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    networks:
      - npm_bridge
    command:
      #- "--log.level=DEBUG"
      - "--providers.docker.exposedbydefault=false"
    ports:
      - "443:443"
      - "80:80"
      - "8180:8080"
    volumes:
      - "/docker/containers/traefik/letsencrypt:/letsencrypt"
      - "/docker/containers/traefik/:/etc/traefik"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
  npm_bridge:
    external: true


traefik.toml

[entryPoints]
  [entryPoints.web]
    address = ":80"
    #[entryPoints.web.http.redirections.entryPoint]
      #to = "websecure"
      #scheme = "https"

  [entryPoints.websecure]
    address = ":443"

[api]
  dashboard = true
  insecure = true

[certificatesResolvers.letsencrypt.acme]
  email = "[redacted]"
  storage = "/letsencrypt/acme.json"
  #caserver = "https://acme-staging-v02.api.letsencrypt.org/directory"
  caserver = "https://acme-v02.api.letsencrypt.org/directory"
  [certificatesResolvers.letsencrypt.acme.tlsChallenge]

[providers]
  [providers.docker]
    watch = true
    network = "npm_bridge"
  [providers.file]
    directory = "/etc/traefik/dynamic"
    watch = true

traefik_dynamic.toml

[tls.options]
  [tls.options.default]
    sniStrict = true
    minVersion = "VersionTLS12"
    curvePreferences = [
      "secp521r1",
      "secp384r1"
    ]
    cipherSuites = [
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
    ]
    [tls.options.mintls13]
      minVersion = "VersionTLS13"

[http]
  [http.routers]
    [http.routers.jellyfin]
      rule = "Host(`jellyfin.[redacted].com`) && PathPrefix(`/`)"
      service = "jellyfin"
      entrypoints = "websecure"
        [http.routers.librespeed]
      rule = "Host(`librespeed.[redacted].com`) && PathPrefix(`/`)"
      service = "librespeed"
      entrypoints = "websecure"

  [http.services]
    [http.services.jellyfin.loadBalancer]
      [[http.services.jellyfin.loadBalancer.servers]]
        url = "http://10.0.1.201:8096"
    [http.services.librespeed.loadBalancer]
      [[http.services.librespeed.loadBalancer.servers]]
        url = "http://10.0.1.201:10016"

This setup sadly ends up with ERR_SSL_UNRECOGNIZED_NAME_ALERT for both services. These URLs are NOT proxied through Cloudflare. I’m trying to move from Truecharts + Traefik into manual docker + traefik