joseluisq/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Traefik as Reserver Proxy in RHE/CentOS 7


Install and configure Traefik as Reserver Proxy in a non-docker environment.

Donwload and install Traefik

curl -L https://github.com/containous/traefik/releases/download/v1.7.12/traefik_linux-amd64 -o /usr/local/bin/traefik
chmod +x /usr/local/bin/traefik
ln -s /usr/local/bin/traefik /usr/bin/traefik
Configure it as Systemd deamon

cp traefik.service /etc/systemd/system/
systemctl daemon-reload
systemctl start traefik.service
systemctl status traefik.service
systemctl enable traefik.service
Finally, just navigate to graph.website.com.
Enjoy!

  
## traefik.service
[Unit]
Description=Traefik
Documentation=https://docs.traefik.io
#After=network-online.target
#AssertFileIsExecutable=/usr/bin/traefik
#AssertPathExists=/etc/traefik/traefik.toml

[Service]
# Run traefik as its own user (create new user with: useradd -r -s /bin/false -U -M traefik)
#User=traefik
#AmbientCapabilities=CAP_NET_BIND_SERVICE

# configure service behavior
Type=notify
#ExecStart=/usr/bin/traefik --configFile=/etc/traefik/traefik.toml
ExecStart=/usr/bin/traefik --configFile=/root/monitor/traefik/traefik.toml
Restart=always
WatchdogSec=1s

# lock down system access
# prohibit any operating system and configuration modification
#ProtectSystem=strict
# create separate, new (and empty) /tmp and /var/tmp filesystems
#PrivateTmp=true
# make /home directories inaccessible
#ProtectHome=true
# turns off access to physical devices (/dev/...)
#PrivateDevices=true
# make kernel settings (procfs and sysfs) read-only
#ProtectKernelTunables=true
# make cgroups /sys/fs/cgroup read-only
#ProtectControlGroups=true
# allow writing of acme.json
#ReadWritePaths=/etc/traefik/acme.json
# depending on log and entrypoint configuration, you may need to allow writing to other paths, too

# limit number of processes in this unit
#LimitNPROC=1

[Install]
WantedBy=multi-user.target

## traefik.toml
logLevel = "INFO"

# Default entry points
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
    permanent = true
  [entryPoints.https]
    address = ":443"

      [entryPoints.https.redirect]
      regex = "^https://www.(.*)"
      replacement = "https://$1"
      permanent = true

      [entryPoints.https.tls]
        compress = true
        minVersion = "VersionTLS12"
        cipherSuites = [
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
          "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
        ]

## Add basic authentication
      [entryPoints.https.auth.basic]
        usersFile = "/some/path/traefik/.htpasswd"


# Enable ACME (Let's Encrypt): automatic SSL.
[acme]
email = "username@website.com"
storage = "acme.json"
entryPoint = "https"

[[acme.domains]]
  main = "graph.website.com"

[acme.tlsChallenge]


# File configuration (frontends and backends)
[file]
watch = true

[backends]
## Note: Here my backend is called "graph"
 [backends.graph]

 [backends.graph.servers]
   [backends.graph.servers.server0]
   url = "http://localhost:8081"

[frontends]
  [frontends.graph]
  entryPoints = ["https"]
  backend = "graph"
  passHostHeader = true
  [frontends.graph.routes]
    [frontends.graph.routes.route0]
    rule = "Host:graph.website.com"
	[Unit]
	Description=Traefik
	Documentation=https://docs.traefik.io
	#After=network-online.target
	#AssertFileIsExecutable=/usr/bin/traefik
	#AssertPathExists=/etc/traefik/traefik.toml

	[Service]
	# Run traefik as its own user (create new user with: useradd -r -s /bin/false -U -M traefik)
	#User=traefik
	#AmbientCapabilities=CAP_NET_BIND_SERVICE

	# configure service behavior
	Type=notify
	#ExecStart=/usr/bin/traefik --configFile=/etc/traefik/traefik.toml
	ExecStart=/usr/bin/traefik --configFile=/root/monitor/traefik/traefik.toml
	Restart=always
	WatchdogSec=1s

	# lock down system access
	# prohibit any operating system and configuration modification
	#ProtectSystem=strict
	# create separate, new (and empty) /tmp and /var/tmp filesystems
	#PrivateTmp=true
	# make /home directories inaccessible
	#ProtectHome=true
	# turns off access to physical devices (/dev/...)
	#PrivateDevices=true
	# make kernel settings (procfs and sysfs) read-only
	#ProtectKernelTunables=true
	# make cgroups /sys/fs/cgroup read-only
	#ProtectControlGroups=true
	# allow writing of acme.json
	#ReadWritePaths=/etc/traefik/acme.json
	# depending on log and entrypoint configuration, you may need to allow writing to other paths, too

	# limit number of processes in this unit
	#LimitNPROC=1

	[Install]
	WantedBy=multi-user.target
	logLevel = "INFO"

	# Default entry points
	[entryPoints]
	[entryPoints.http]
	address = ":80"
	[entryPoints.http.redirect]
	entryPoint = "https"
	permanent = true
	[entryPoints.https]
	address = ":443"

	[entryPoints.https.redirect]
	regex = "^https://www.(.*)"
	replacement = "https://$1"
	permanent = true

	[entryPoints.https.tls]
	compress = true
	minVersion = "VersionTLS12"
	cipherSuites = [
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
	]

	## Add basic authentication
	[entryPoints.https.auth.basic]
	usersFile = "/some/path/traefik/.htpasswd"


	# Enable ACME (Let's Encrypt): automatic SSL.
	[acme]
	email = "username@website.com"
	storage = "acme.json"
	entryPoint = "https"

	[[acme.domains]]
	main = "graph.website.com"

	[acme.tlsChallenge]


	# File configuration (frontends and backends)
	[file]
	watch = true

	[backends]
	## Note: Here my backend is called "graph"
	[backends.graph]

	[backends.graph.servers]
	[backends.graph.servers.server0]
	url = "http://localhost:8081"

	[frontends]
	[frontends.graph]
	entryPoints = ["https"]
	backend = "graph"
	passHostHeader = true
	[frontends.graph.routes]
	[frontends.graph.routes.route0]
	rule = "Host:graph.website.com"