Not sure where you are with your setup right now, but this is a simple but complete and flexible environment for running apps and expose them to the outside world. You'll notice I am telling traefik to use specific hostnames, in theory you can do it with one hostname and multiple paths (one for each app) but it's going to be tricky with some apps, any hardcoded URI will give you a ton of headaches. Much easier with separate hosts. If you only need to expose 1 app then it's simple.
Here's a list of this you need before starting:
- Have a domain - a proper domain works best, they're cheap nowadays, grab one.
- Get your domain under Cloudflare or Route53 so you can easily get TLS certificates
- Configure the domain authenticator in Scale
- Create a CSR for your domain hostname, e.g. cloud.domain.com (I would get one for *.domain.com, easier later)
- Request a certificate based off of the CSR above - I think there a bug in the UI where you will not see the certificate details, just check under /etc/certificates and you should have everything there
- Get Traefik running, you'll use it as an ingress (a reverse proxy if you wish)
You will need a script to update your hostname (I can show you one for CloudFlare or DigitalOcean) to match whatever your ISP is allocating as an IP to you if you don't have a static IP from your ISP. Most ISP will not allocate static IPS.
You should check if you are behind CGNAT (e.g. your WAN IP is a non routable one) and probably stop as this setup will not work.
View attachment 52605
Now, having all the above setup, it's time to deploy your first app. Start with a simple one, one port only, HTTP.
Start the installation process and, at Networking and Services, choose
ClusterIP for your service. Since we're using Traefik, no need to create an LoadBalancer or a NodePort (Simple is a type of LoadBalancer).
View attachment 52602
Next, at the Ingress section, configure it like this while replacing the hostname with yours:
View attachment 52603
In the TLS section, again, configure it like below while:
- replacing the hostname with yours
- selecting the proper certificate chain from the dropdown
View attachment 52604
Now, finish with the rest of the steps, wait until the app has launched and open the Traefik web portal and look for the router configure for your hostname, should be green. If you've done everything correctly and the DNS points to your IP address, visiting your domain on HTTPS should work.
You can extend this to many apps, even apps you only want available on the inside of your network, just get a private.domain.com zone, a TLS keypair and create your apps as app1.private.domain.com. You'll have to run your own DNS on the inside but even something like a Pi-Hole will work.
Let me know if you have questions.