Traefik reverse proxy configuration

Hello,
I have an open-webui http server running at port 8080 and git at 3000.
I was advised that the best way to get them working would be to use a reverse proxy, like traefik.
I have started out with trying to just get git to work and I came up with this:

{ config, pkgs, ... }:

{
  services.traefik = {
    enable = true;
    staticConfigOptions = {
      entryPoints = {
        http = {
          address = ":80";
        };
      };
      routers = {
        my-router = {
          entryPoints = [ "http" ];
          service = "git";
        };
      };
      services = {
        git.servers = [ { url = "http://localhost:3000"; } ];
      };
    };
  };
}

However it sems to be no good as curling the IP (or localhost) gives me a 404 error.
Why does this happen? What’s wrong

While you might up end receiving support for this here, I suggest the following approach:

  1. build
  2. examine the built traefik config file
  3. compare that with traefik docs
  4. if needed, get support in the traefik community

Nix is just a tool to build your traefik config file (and then some, but you get my point).

4 Likes

I was advised that the best way to get them working would be to use a reverse proxy, like traefik.

That depends on your context I guess. I personally might not use traefik when outside of docker or kubernetes. Nginx, HAproxy and Caddy are alternatives.

curling the IP (or localhost)

If curling localhost on port 3000 gives you nothing then your problem might not be traefik I’d say. Curling localhost:3000 should just work in your service runs on localhost:3000.

Apart from that I am unsure if the traefik service for NixOS will automatically open firewall ports. I suspect it might not. In that case you will have to do that.

That depends on your context I guess. I personally might not use traefik when outside of docker or kubernetes

I was recommended traefik as a memory-safe and fast so I’d like to try it at lest.

If curling localhost …

Let me clarify: curling localhost:80 that was to be redirected to localhost:3000 produces the 404.

I have all the ports open so if I curl it by hand they respond alright.

I think your servers= stanza needs to be under loadBalancer. I’m on mobile so I’m just looking at my own configs . Look under hosts/homeserver/services and at both the traefik.nix and any one of the other web-services.nix to see the router config.

1 Like

Thanks for the link
Do you need dynamic config? Does there not need to be a provider set?

I worked it out!

Here’s what I came up wth:

{ config, pkgs, ... }:
let
  domain = "my.domain";
in
{
  networking.firewall.allowedTCPPorts = [ 80 ];

  services.traefik = { enable = true;

    staticConfigOptions = {
      entryPoints = {
        http = {
          address = ":80";
	 forwardedHeaders = {
            trustedIPs = [ "127.0.0.1/32" "10.0.0.0/8" "192.168.0.0/16" ]; # "172.16.0.0/12"
	 };
        };
      };
    };

    dynamicConfigOptions = {
      http = {
        routers = {
 	 default-router = { entryPoints = [ "http" ];
	   rule = "Host(`${domain}`)";
            service = "website";
          };

          s1-router = { entryPoints = [ "http" ];
	   rule = "Host(`s1.${domain}`)";
            service = "s1";
          };
          s2-router = { entryPoints = [ "http" ];
	   rule = "Host(`s2.${domain}`)";
            service = "s1";
          };
          s3-router = { entryPoints = [ "http" ];
	   rule = "Host(`s3.${domain}`)";
            service = "s3";
          };
        };
        services = {
          website.loadBalancer.servers = [ { url = "http://localhost:8000"; } ];

          s1.loadBalancer.servers = [ { url = "http://localhost:8001"; } ];
          s2.loadBalancer.servers = [ { url = "http://localhost:8002"; } ];
          s3.loadBalancer.servers = [ { url = "http://localhost:8003"; } ];
        };
      };
    };
  };
}

As you can see this is repetetive and I’d like to simplify it somehow.
Do any of you have ideas on how to do it?

I’m no expert, but I’ve used traefik for a long time and it’s pretty verbose. Your config seems pretty straightforward to me. Glad you got it working!

1 Like