CasaOS
CasaOS copied to clipboard
IceWhaleTech
Include Traefik or NGINX Proxy Manager for SSL Certificates
Is your feature request related to a problem? Please describe. Not a really a problem, but it could be really comfortable to integrate the Containers and maybe Labels for Traefik
Describe the solution you'd like A clear and concise description of what you want to happen. Simply integrate one of these or maybe both Proyy Manager and i think there would be many people happy about this :)
You could create a new docker network for example, where all containers are in and only make them accessable over a secure Connection through the Proxy Manager. The only open ports on the Machine are then only 80,81 and 443.
Thanks for feedback! We are considering proxies and will update this feature in the near future, most likely using treafik.
hi,I need to contact you to ask you what you think, how should I contact you?
Traefik can use docker label to set proxy rule 、domain、https、basic auth。 Such as
start traefik and join docker network
domain=$1
base_data_dir=$2
docker_network_name=$3
echo "start dockerproxy"
docker run \
--privileged \
-m 16M --memory-swap 32M \
-e CONTAINERS=1 \
-e NETWORKS=1 \
-d --restart=always \
--network=$docker_network_name --network-alias=dockerproxy \
--name dockerproxy \
-v /var/run/docker.sock:/var/run/docker.sock \
tecnativa/docker-socket-proxy
echo "start traefik"
docker run --name=traefik \
--restart=always -d -m 64M --memory-swap 128M \
-e TZ="Asia/Shanghai" \
-e LANG="zh_CN.UTF-8" \
-p 80:80 -p 443:443 \
--network=$docker_network_name --network-alias=traefik \
--label 'traefik.http.routers.traefik.rule=Host(`traefik'.$domain'`)' \
--label "traefik.http.routers.traefik.tls=true" \
--label "traefik.http.routers.traefik.tls.certresolver=traefik" \
--label "traefik.http.routers.traefik.tls.domains[0].main=traefik.$domain" \
--label "traefik.http.services.traefik.loadbalancer.server.port=8080" \
--label "traefik.http.middlewares.traefik-auth.digestauth.users=$userlist" \
--label "traefik.http.routers.traefik.middlewares=traefik-auth@docker" \
--label "traefik.enable=true" \
-v $base_data_dir/traefik/acme:/acme traefik \
--api \
--api.dashboard=true \
--api.insecure=true \
--providers.docker=true \
--providers.docker.endpoint=tcp://dockerproxy:2375 \
--providers.docker.network=$docker_network_name \
--providers.docker.exposedbydefault=false \
--entrypoints.web.address=":80" \
--entrypoints.websecure.address=":443" \
--certificatesresolvers.traefik.acme.httpChallenge=true \
--certificatesresolvers.traefik.acme.httpChallenge.entryPoint=web \
--entrypoints.web.http.redirections.entryPoint.to=websecure \
--entrypoints.web.http.redirections.entryPoint.scheme=https \
--certificatesresolvers.traefik.acme.email=$acme_email \
--certificatesresolvers.traefik.acme.storage=/acme/acme.json
start other service like jellyfin
docker run -d \
--restart=always \
--name=jellyfin \
-m 512M --memory-swap=1024M \
--network=$docker_network_name \
--network-alias=jellyfin \
-e TZ="Asia/Shanghai" \
-e LANG="zh_CN.UTF-8" \
-e PUID=`id -u` -e PGID=`id -g` \
-v $base_data_dir/jellyfin/config:/config \
-v $base_data_dir/public/:/data \
-v /opt/vc/lib:/opt/vc/lib \
-v /dev/shm:/config/data/transcoding-temp/transcodes \
--device /dev/dri:/dev/dri \
--device /dev/vchiq:/dev/vchiq \
--device /dev/video10:/dev/video10 \
--device /dev/video11:/dev/video11 \
--device /dev/video12:/dev/video12 \
--device /dev/video13:/dev/video13 \
--label 'traefik.http.routers.jellyfin.rule=Host(`jellyfin'.$domain'`)' \
--label "traefik.http.routers.jellyfin.tls=true" \
--label "traefik.http.routers.jellyfin.tls.certresolver=traefik" \
--label "traefik.http.routers.jellyfin.tls.domains[0].main=jellyfin.$domain" \
--label "traefik.http.services.jellyfin.loadbalancer.server.port=8096" \
--label "traefik.enable=true" \
lscr.io/linuxserver/jellyfin:$arch-latest
echo "https://jellyfin.$domain"
This one is too old. Open a new issue or feature request if needed. Thanks.
