Traefik App

silverback

Contributor
Joined
Jun 26, 2016
Messages
134
Cheers to the Devs and Ornias I have successfully deployed the Traefik App to point to "mydomain.blah", with Cloudflare TLS.

Can someone point me in the right direction to setting up authentication on the Traefik portal page?

Thanks
 

ornias

Wizard
Joined
Mar 6, 2020
Messages
1,458
@silverback You're lucky i'm such a forum-whore at times, next time try tagging me ;-)

That being said:
currently the only form of authentication we support is "forwardAuth".
The only provider of forwardAuthentication URL's we currently have "in-stock" is "organizr".

See:

It would be automatically setup if you enter the url, which looks like:

You should be able to use both the traefik "real" url, as the internal service-name of the k8s service, but that last option requires more than nominal knowhow of k8s.

One note:
I've not fully tested this feature.
It's a "should work"(tm), if you have any issues please report them on the github, so we can have them fixed asap.
 

warllo

Contributor
Joined
Nov 22, 2012
Messages
117
@silverback I seem to be overlooking something, would you be able to share which port / which URL is used for the traefik dashboard. Typically it's 8080.
 

ornias

Wizard
Joined
Mar 6, 2020
Messages
1,458
@warllo I think you meant to tag me, as I'm the developer for this :P

It depends on your configuration, by default (as a security precaution) the dashboard is not available.
You need to enable ingress for it, which is possible during traefik install/edit.
 

warllo

Contributor
Joined
Nov 22, 2012
Messages
117
@ornias Thanks for the hint. That worked great. I come from a docker / traefik / network admin background and I'm finding Kubernets to have a steep learning curve. I'm trying to learn it though as I would like to be able to contribute a few apps to truecharts but we'll see.
 

ornias

Wizard
Joined
Mar 6, 2020
Messages
1,458
@ornias Thanks for the hint. That worked great. I come from a docker / traefik / network admin background and I'm finding Kubernets to have a steep learning curve. I'm trying to learn it though as I would like to be able to contribute a few apps to truecharts but we'll see.
Understandable...
In this case it's more my personal design choices what I would and wouldn't expose in the installation UI... the Helm chart technically does allow what you wanted, but it would end up increasing the amount of install options which might scare people off. Considering many people already seem to find traefik deployment scarry... :s
 

shadofall

Contributor
Joined
Jun 2, 2020
Messages
100
Considering many people already seem to find traefik deployment scarry... :s

Well when you look at configuring traefik, putting your charts aside, as well as k8s for a moment since most config instructions people will find is geared to docker.

Its quiet a bit of extra information and configs to setup. and it can look a little daunting at first. :P

another issue. and this is just my opinion. a lot of guides/sites it seems to me don't mention or just gloss over why you should use traefik, the benefits of it, and go in to you need this this and this and then do this. of course it could just be bad luck on search results on my behalf :P

i've actually decided to do a setup, eventually. got 2 last things I'm researching.
 

ornias

Wizard
Joined
Mar 6, 2020
Messages
1,458
@shadofall Actually, I think there is not even one additional question in the whole traefik setup, thats different than the default setup for every other TrueCharts App.

The config thats slightly harder is the Cert-Manager config, but thats definately not traefik ;-)

Yeah the documentation is a real pain and totally 100% not gear towards our TrueNAS SCALE app.
Working on the new wiki as we speak, reworked the CI to support the new wiki structure today... some guides should be on before the end of the month:
 

shadofall

Contributor
Joined
Jun 2, 2020
Messages
100
@shadofall Actually, I think there is not even one additional question in the whole traefik setup, thats different than the default setup for every other TrueCharts App.

The config thats slightly harder is the Cert-Manager config, but thats definately not traefik ;-)

Yeah the documentation is a real pain and totally 100% not gear towards our TrueNAS SCALE app.
Working on the new wiki as we speak, reworked the CI to support the new wiki structure today... some guides should be on before the end of the month:

that's why I said your charts aside :) and spoke on general internet guides :P you've made it look easy LOL but i know there's a lot under the hood to accomplish that
 

ornias

Wizard
Joined
Mar 6, 2020
Messages
1,458
that's why I said your charts aside :) and spoke on general internet guides :P you've made it look easy LOL but i know there's a lot under the hood to accomplish that
Ahh, yeah I get you now :)

Actually the part of traefik was rather easy to connect with the UI.
Mostly it was deciding which settings people can not change, rather than decided which they can :P

Cert-Manager was the real pain, required a lot of stitching and had a very nasty bug if I tried to install the Certificate Issuer too soon after installing Cert-Manager...

That being said, hope the UI works for you :)
If you have any bugs please report them, I'm certain there are more that are not yet reported. Because I've not been able to test all CertManager configuration parameters yet ;-)
 

shadofall

Contributor
Joined
Jun 2, 2020
Messages
100
Ahh, yeah I get you now :)

Actually the part of traefik was rather easy to connect with the UI.
Mostly it was deciding which settings people can not change, rather than decided which they can :P

Cert-Manager was the real pain, required a lot of stitching and had a very nasty bug if I tried to install the Certificate Issuer too soon after installing Cert-Manager...

That being said, hope the UI works for you :)
If you have any bugs please report them, I'm certain there are more that are not yet reported. Because I've not been able to test all CertManager configuration parameters yet ;-)

oh you know i'll report bugs lol. but I would still need to setup accounts and domain first anyways so still got a while to go.

but few questions since my research is going no where. my google fu seems off today.

Local Traffic. I presume I would need set a local DNS, Pihole or something, to resolve to the local host IP since otherwise every device would go out to the internet first which seems a little silly. unless I'm missing something. but would that cause any problems that you can think of?

Currently my setup routes all my app internet traffic (actually all internet traffic for the server and most devices in my house) through a VPN, VPN goes down the server don't talk to the internet. not sure how to set that up with traefik, if it would need to be at the individual app level or some other solution
 

ornias

Wizard
Joined
Mar 6, 2020
Messages
1,458
Traefik doesnt care how traffic gets to it, as long as you entered the correct domain name in the adress bar :)
 

ornias

Wizard
Joined
Mar 6, 2020
Messages
1,458
@shadofall I've taken the feedback in account.
From a UI point of view, "Ingress" is going to be renamed "Reverse Proxy", because thats technically what the user is configuring.
I hope this at least "connects" more with the average user comming from docker, like you referenced before :)
 

shadofall

Contributor
Joined
Jun 2, 2020
Messages
100
@ornias Makes Perfect sense to me. Docker is to this type of image, as CrockPot is to slow cookers.
Even at work our OpenStack team uses the term Docker quiet freely.
 

ornias

Wizard
Joined
Mar 6, 2020
Messages
1,458
@ornias Makes Perfect sense to me. Docker is to this type of image, as CrockPot is to slow cookers.
Even at work our OpenStack team uses the term Docker quiet freely.
Yeah, but even more so here: With all the abstraction going on... The user isn't really working with k8s at all... all questions in the UI are custom crafted and carefully (or less carefully) rephrased anyway. So it makes close to zero sense to stick to scarry k8s-wording...
 

ksimm1

Dabbler
Joined
Dec 7, 2020
Messages
42
Hey @ornias I think I'm close to getting this running but a few quick questions
  1. What are the minimally viable config options to set if I just want to ensure the app is installed and the traefik dashboard appears? Presumably I can then edit the config to request real certificates, point to cloudflare etc.
  2. What's the recommended way in SCALE to view the install-time logs when attempting to install a catalog app, specifically TrueCharts/Traefik in this instance (I'm trying to troubleshoot before posting an issue in github repo that could be simple user error. I tried looking for the cli)
  3. Assuming the reverse proxy/web ingress option is set in the app configuration, on what url/port will the traefik dashboard appear by default?
  4. Lastly, since it's early and we know the primary focus isn't yet on docs, can you confirm this certmanager ACME documentation is the right reference for the CertManager Settings section configuration options https://cert-manager.io/docs/configuration/acme/dns01/#supported-dns01-providers. Is there external traefik documentation that matches the reverse proxy section
 

ornias

Wizard
Joined
Mar 6, 2020
Messages
1,458
1.
Minimum viable would be:
- giving it a name
- No certificate provider

Minimum viable with dashboard:
- giving it a name
- No certificate provider
- Enabled "Reverse Proxy" for the dashboard
- Enter the domain you are going to use to reach the Traefik dashboard (must reach the server if entered in your browser, but it is allowed to be local or host file)
- selecting "Existing Certificate" and leave the textbug blank (Self-signed certificate currently has a bug)

2.
Hell. Like really, depends on the issue, sometimes I even had a hard time getting a log out of it (so I'm really not going to walk you through that one :P )
But you can always just create a support ticked in the discussions section on github if you're not sure something is a bug

3.
yeah thats a fair question:
For most apps it lists the entrypoint (port basically) in the UI when enabling reverse proxy. But you're right, it doesn't do so for Traefik, it's on my TO-Do list, sorry.
- It would be on the domain you entered (for example: traefik.yourdomain.org or traefik.yournas.lan) on port 443

4.
Ahh big yeay for you for finding those docs... thats indeed precisely the page you need :)
And yes, it really needs some custom documentation badly... It's the worst app in that regards because it's the most customised one...
 

ksimm1

Dabbler
Joined
Dec 7, 2020
Messages
42
But you can always just create a support ticked in the discussions section on github if you're not sure something is a bug
You might need to enable discussions or update discussion board permissions (that page is missing the green button to create a new discussion like other repos). I created an issue in the meantime.
 

jamlam

Cadet
Joined
Jul 6, 2016
Messages
8
Sorry for the thread hijack but while we're on the subject... Is there any way to get this to proxy to a physical host? I run most stuff in containers but I have a few services running on Rpi's and want to avoid running 2 proxies if I can.
 
Top