Traefik reverse proxy, SSL certificates, and overlay networking
SSL Certificate Management with Cloudflare Certificate Resolver Configuration:
certificatesresolvers: cloudflare: acme: dnschallenge: true dnschallenge.provider: cloudflare email: [SECRET] storage: /certificates/acme.json Cloudflare Integration:
DNS-01 challenge for wildcard certificates API token stored as Docker secret:traefik_cloudflare_api_token Automatic certificate renewal Storage location:/mnt/swarm-data/traefik/certificates Service Discovery and Routing Automatic Service Discovery:
providers: swarm: true swarm.exposedByDefault: false swarm.network: homelab swarm.watch: true Routing Examples:
auth.bitfrost.me→ Authentik (10.0.1.210:9000) docs.bitfrost.me→ Paperless (10.0.1.50:8000) tasks.bitfrost.me→ Vikunja (10.0.1.227:3456) wiki.bitfrost.me→ BookStack (10.0.1.145:80) home.bitfrost.me→ Homarr (10.0.1.233:3000) portainer.
External Access Patterns Published Ports on Swarm:
80/tcp: HTTP → HTTPS redirect 443/tcp: HTTPS termination 8081/tcp: Traefik dashboard 5432/tcp: PostgreSQL direct access 3306/tcp: MariaDB direct access SSL-Terminated Services: All web applications are accessed via HTTPS through Traefik with automatic certificate provisioning.
Internal Service Communication Database Access Patterns:
# PostgreSQL clients POSTGRES_HOST: postgres POSTGRES_USER: admin POSTGRES_PASSWORD: [SECRET] # MariaDB clients DB_HOST: mariadb DB_USERNAME: bookstack DB_PASSWORD: [SECRET] Redis Communication:
# Authentik Redis AUTHENTIK_REDIS__HOST: authentik_redis # Paperless Redis PAPERLESS_REDIS: redis://paperless_redis:6379 # Nextcloud Redis REDIS_HOST: redis Port Management Strategy Internal Port Assignments:
Homelab Network Configuration The cluster utilizes Docker’s overlay networking with three primary networks:
Primary Application Network:homelab Network ID:[SECRET] Subnet: 10.0.1.0/24 Gateway: 10.0.1.1 Driver: overlay Scope: swarm Attachable: true (allows manual container attachment) Services on Homelab Network:
Traefik (10.0.1.201) PostgreSQL (10.0.1.204) Adminer (10.0.1.208) Authentik Server (10.0.1.210) Authentik Worker (10.0.1.212) Authentik Redis (10.0.1.214) Nextcloud Redis (10.0.1.216) Nextcloud (10.0.1.218) Vikunja (10.0.1.227) Homarr (10.0.1.233) Paperless Redis (10.0.1.48) Paperless Webserver (10.0.1.50) BookStack (10.0.1.145) MariaDB (10.0.1.139) Uptime Kuma (10.