diff --git a/docs/docs/admin/environments/traefik.mdx b/docs/docs/admin/environments/traefik.mdx index 98acc31..36a1bea 100644 --- a/docs/docs/admin/environments/traefik.mdx +++ b/docs/docs/admin/environments/traefik.mdx @@ -3,31 +3,35 @@ id: traefik title: Integrate Anubis with Traefik in a Docker Compose Environment --- -> [!NOTE] -> This only talks about integration through compose, -> but all this is also applies to docker cli options -Currently Anubis doesn't have a Traefik Middleware, -thus it needs you to manually route it between Traefik and your target to protect. -this routing is done per labels in Traefik. +:::note -In this Example we will use 4 Containers: + This only talks about integration through Compose, + but it also applies to docker cli options. + +::: + +Currently, Anubis doesn't have any Traefik middleware, +so you need to manually route it between Traefik and your target service. +This routing is done per labels in Traefik. + +In this example, we will use 4 Containers: - `traefik` - the Traefik instance - `anubis` - the Anubis instance -- `target` - Our Service to protect (`traefik/whoami` in this case) -- `target2` - A Second Service that isnt supposed to be protected (`traefik/whoami` in this case) +- `target` - our service to protect (`traefik/whoami` in this case) +- `target2` - a second service that isn't supposed to be protected (`traefik/whoami` in this case) There are 3 steps we need to follow: -1. Crate a new exclusive Traefik Endpoint for Anubis +1. Create a new exclusive Traefik endpoint for Anubis 2. Pass all unspecified requests to Anubis -3. Let Anubis pass all Verified Requests back to Traefik on its exclusive Endpoint +3. Let Anubis pass all verified requests back to Traefik on its exclusive endpoint ## Diagram of Flow -This is a small Diagram depicting the Flow. -Keep in Mind that `8080` or `80` can be anything depending on your containers +This is a small diagram depicting the flow. +Keep in mind that `8080` or `80` can be anything depending on your containers. ```mermaid flowchart LR @@ -44,7 +48,7 @@ traefik-->|:80 - Passing to the target|target ## Create an Exclusive Anubis Endpoint in Traefik -There are 2 ways of registering a new Endpoint in Traefik. +There are 2 ways of registering a new endpoint in Traefik. Which one to use depends on how you configured your Traefik so far. **CLI Options:** @@ -62,21 +66,21 @@ entryPoints: ``` It is important that the specified port isn't actually reachable from the outside, -but only exposed in the docker network. -Exposing the Anubis Port on Traefik directly will allow direct unprotected access to all Containers behind it. +but only exposed in the Docker network. +Exposing the Anubis port on Traefik directly will allow direct unprotected access to all containers behind it. ## Passing all unspecified Web Requests to Anubis There are cases where you want Traefik to still route some requests without protection, just like before. -To achieve this we want to register Anubis to take all the "slag" +To achieve this, we can register Anubis as the default handler for non-protected requests. We also don't want users to get SSL Errors during the checking phase, -thus we also need to let Traefik provide SSL Certs for our Endpoint. -This Example expects an TLS Certresolver called `le`. +thus we also need to let Traefik provide SSL Certs for our endpoint. +This example expects an TLS cert resolver called `le`. -We also expect there to be an endpoint called `websecure` for HTTPS in this Example. +We also expect there to be an endpoint called `websecure` for HTTPS in this example. -This is an example of the needed labels to configure Traefik on the Anubis Container: +This is an example of the required labels to configure Traefik on the Anubis container: ```yml labels: @@ -92,8 +96,8 @@ labels: ## Passing all Verified Requests Back Correctly to Traefik -For passing verified request back to Traefik, -we only need to configure anubis per its environment: +To pass verified requests back to Traefik, +we only need to configure Anubis using its environment variables: ```yml environment: @@ -103,8 +107,8 @@ environment: ## Full Example Config -Now that we know how to pass all requests back and forth theres the Example. -This Example contains 2 Services, one protected and the other one isn't. +Now that we know how to pass all requests back and forth, here is the example. +This example contains 2 services: one that is protected and the other one that is not. **compose.yml** @@ -142,11 +146,11 @@ services: networks: - traefik labels: - - traefik.enable=true # Enabeling Traefik + - traefik.enable=true # Enabling Traefik - traefik.docker.network=traefik # Telling Traefik which network to use - traefik.http.routers.anubis.priority=1 # Setting Anubis to the lowest priority, so it only takes the slack - traefik.http.routers.anubis.rule=PathRegexp(`.*`) # wildcard match anything - - traefik.http.routers.anubis.entrypoints=websecure # Liste on HTTPS + - traefik.http.routers.anubis.entrypoints=websecure # Listen on HTTPS - traefik.http.services.anubis.loadbalancer.server.port=8080 # Telling Traefik to which port it should route requests - traefik.http.routers.anubis.service=anubis # Telling Traefik to use the above specified port - traefik.http.routers.anubis.tls.certresolver=le # Telling Traefik to resolve a Cert for Anubis @@ -157,7 +161,7 @@ services: networks: - traefik labels: - - traefik.enable=true # Eneabling Traefik + - traefik.enable=true # Enabling Traefik - traefik.docker.network=traefik # Telling Traefik which network to use - traefik.http.routers.target.rule=Host(`example.com`) # Only Matching Requests for example.com - traefik.http.routers.target.entrypoints=anubis # Listening on the exclusive Anubis Network @@ -187,7 +191,7 @@ networks: ```yml api: - insecure: false # shouldnt be enabled in prod + insecure: false # shouldn't be enabled in prod entryPoints: # Web