Expose Traefik 2 Dashboard
I wrote some time ago a blog post on how to expose the dashboard back in Traefik 1.x
Traefik 2.x has come out and with its new configuration file structure, the way to configure it has changed.
First, let's declare the HTTP and HTTPS entrypoints.
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
Second, we enable the Dashboard. Note that this will only enable it "internally" through a service called "api@internal", but we still need to expose it by defining route rules.
[api]
dashboard = true
Next, we define the actual entries to expose it on a specific url.
[http.routers.api]
rule = "Host(`traefik.mydomain.org`)"
entrypoints = ["web"]
service = "api@internal"
[http.routers.api-secure]
rule = "Host(`traefik.mydomain.org`)"
entrypoints = ["web-secure"]
service = "api@internal"
Technically speaking, the dashboard should now be reachable, but it's a Wild World Web out there, some security should be added and HTTPS enforced.
Here's the complete secure example using Let's Encrypt with DNS validation through Digital Ocean (of course you should consult the documentation and make changes more relevant to what you're using). BasicAuth is being used for authentication, you can generate your own password by using "htpasswd"
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
[api]
dashboard = true
[providers.file]
filename = "/etc/traefik/traefik.toml"
[certificatesResolvers.default.acme]
email = "<youremail@address>"
storage = "/var/lib/traefik/acme.json"
[certificatesResolvers.default.acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
[http.routers.api]
rule = "Host(`traefik.mydomain.org`)"
entrypoints = ["web"]
service = "api@internal"
middlewares = ["redirect2https"]
[http.routers.api-secure]
rule = "Host(`traefik.mydomain.org`)"
entrypoints = ["web-secure"]
service = "api@internal"
middlewares = ["traefik-auth"]
[http.routers.api-secure.tls]
certResolver = "default"
[http.middlewares.traefik-auth.basicAuth]
users = [
"myusername:$SomehtpasswdGeneratePassword"
]
[http.middlewares.redirect2https.redirectScheme]
scheme = "https"