Traefik

Expose Traefik 2 Dashboard

Expose Traefik 2.x's dashboard

Christophe Vanlancker

1 min read
Expose Traefik 2 Dashboard

I wrote some time ago a blog post on how to expose the dashboard back in Traefik 1.x

Traefik 2.x has come out and with its new configuration file structure, the way to configure it has changed.

First, let's declare the HTTP and HTTPS entrypoints.

[entryPoints.web]
  address = ":80"

[entryPoints.web-secure]
  address = ":443"

Second, we enable the Dashboard. Note that this will only enable it "internally" through a service called "api@internal", but we still need to expose it by defining route rules.

[api]
  dashboard = true

Next, we define the actual entries to expose it on a specific url.

[http.routers.api]
  rule = "Host(`traefik.mydomain.org`)"
  entrypoints = ["web"]
  service = "api@internal"
[http.routers.api-secure]
  rule = "Host(`traefik.mydomain.org`)"
  entrypoints = ["web-secure"]
  service = "api@internal"

Technically speaking, the dashboard should now be reachable, but it's a Wild World Web out there, some security should be added and HTTPS enforced.

Here's the complete secure example using Let's Encrypt with DNS validation through Digital Ocean (of course you should consult the documentation and make changes more relevant to what you're using). BasicAuth is being used for authentication, you can generate your own password by using "htpasswd"

[entryPoints.web]
  address = ":80"

[entryPoints.web-secure]
  address = ":443"

[api]
  dashboard = true

[providers.file]
filename = "/etc/traefik/traefik.toml"

[certificatesResolvers.default.acme]
  email = "<youremail@address>"
  storage = "/var/lib/traefik/acme.json"
  [certificatesResolvers.default.acme.dnsChallenge]
    provider = "digitalocean"
    delayBeforeCheck = 0

[http.routers.api]
  rule = "Host(`traefik.mydomain.org`)"
  entrypoints = ["web"]
  service = "api@internal"
  middlewares = ["redirect2https"]
[http.routers.api-secure]
  rule = "Host(`traefik.mydomain.org`)"
  entrypoints = ["web-secure"]
  service = "api@internal"
  middlewares = ["traefik-auth"]
  [http.routers.api-secure.tls]
    certResolver = "default"

[http.middlewares.traefik-auth.basicAuth]
  users = [
    "myusername:$SomehtpasswdGeneratePassword"
  ]

[http.middlewares.redirect2https.redirectScheme]
  scheme = "https"

Sign up for more like this.

Enter your email
Subscribe
Mastodon