I will likely have to do some tinkering, and more reading up on this from the documentation I am thinking. I am getting HTTP 200 statuses basically across the board. When going to the FQDN it doesn’t redirect to the PiHole admin page like I was expecting. Again, likely some configuration that I have wrong.

Shows in traefik, no errors there.

I hate to report back, but something isn’t quite working for pihole behind Traefik.

running “docker logs traefik” returns no error, and yet no certificate was presented to my pihole.

Not sure what else I might be missing or that I might have wrong.

I will give this a shot! Thank you for the help. I will report back, in hopes that between your knowledge and my fumbles that someone else too can learn from this!

so in my traefik.yml file I have cloudflare set as my certresolver as follows:

certificatesResolvers:
  cloudflare:
    acme:
      email: email@example.com
      storage: acme.json
      caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
      # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all aut>
        #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted 
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

And I had to get the secret mounted via the docker-compose file.

So where you have:

tls:

        certResolver: examplecom-dns

Do I have to redefine all of the same information I did in my Traefik yml but in this separate config.yml?

(I did set it up in my traefik.yml and docker-compose.yml to mount and use this config, which I had commented out for later use.

Thank you so much for the help!

Edit:

Essentially I am trying to get my PiHole which is hosted on another pi setup with an SSL cert for local use only:

So in looking at your config I tried using:

http:
  routers:
    pihole-rtr:
      entryPoints:
      - https
      service: pihole-rtr
      rule: "Host(`ph.local.domain.com`)"
      tls:
        certResolver: cloudflare

  services:
    pihole-svc:
      loadBalancer:
        servers:
          - url: "http://<ip>/admin"

However when doing this error logs returned:

2024-07-08T15:04:27-04:00 ERR error="the service \"pihole-rtr@file\" does not exist" entryPointName=https routerName=pihole-rtr@file
2024-07-08T15:04:28-04:00 ERR error="the service \"pihole-rtr@file\" does not exist" entryPointName=https routerName=pihole-rtr@file

I am doing something very wrong… And feel a little lost.

Would the file provider configs live on the Traefik server, or would they need to be on the external service. Reading through this, and looking at the example configuration files doesn’t really seem to point that out. Sorry for the noob questions.

Trying to understand this, but the way the documentation is written is different than I am used to.

Thank you!

Good to know. Thank you!

I ran into an issue where I changed nothing, and all of a sudden none of my SSL certs worked on top of most of the hosts were not working through the reverse proxy. I had not even changed ip addresses on any of them. I am not sure what was going on.

It was more of a “I didn’t want to troubleshoot” and gave up, so I shut down my servers.

Today I learned about Linkwarden, and I am so excited to check it out. Thank you!

NPM I did use, however it was ultimately the catalyst as to why I quit homelabbing. But when it did work, it was simple even for SSL cert renewal.

I will have to check out gitolite. Thank you!

Traefik or Caddy are the 2 I am bouncing back and forth between currently. I may spin up a nextcloud instance.

I still want to get familiarized with NixOS and the concepts behind it. Just haven’t taken the time.

I may have to check out BookStack. I dig the looks of it.

I appreciate that mentality though. When things break, if your understanding of your setup is there, it’s less to deal with.

I am forgoing the Portainer route this time. I am going to strictly use Docker Compose for my containers. I had too many issues with Portainer to consider using it.

For reverse proxy, I just need/want it for simple ip:port to sub.domain.lan type addresses locally. Anything I need outside of my home will be tunneled through wireguard.

I always quite liked Dozzle. It was handy, and has helped me comb through logs in the past.

I think Traefik is going to be what I investigate using. However the last time I tried, I was a little lost. I will have to comb over the documentation better this time.

That is good advice, and honestly never really occurred to me to set specific versions for containers.

I will likely dabble with Logseq.

I used NGINX Proxy Manager for a while, then had some issues that ultimately killed my homelab setup, so not sure that I want to go down that route again, or if I want to investigate Caddy, Traefik, or another.

I think I am going down the docker compose route. When I started using docker, I didn’t use compose, however, now I plan to. Though, Ansible has been on my list of things to learn, as well as nixOS.

Thank you for the suggestion. The fact that it’s FOSS wins my vote. I have been trying to go all open source where possible.

I think I need to utilize this strategy because I get lazy and don’t update external documentation.