SSL Certificate Management with Cloudflare
Certificate Resolver Configuration:
certificatesresolvers:
cloudflare:
acme:
dnschallenge: true
dnschallenge.provider: cloudflare
email: [SECRET]
storage: /certificates/acme.json
Cloudflare Integration:
- DNS-01 challenge for wildcard certificates
- API token stored as Docker secret:
traefik_cloudflare_api_token - Automatic certificate renewal
- Storage location:
/mnt/swarm-data/traefik/certificates
Service Discovery and Routing
Automatic Service Discovery:
providers:
swarm: true
swarm.exposedByDefault: false
swarm.network: homelab
swarm.watch: true
Routing Examples:
auth.bitfrost.me→ Authentik (10.0.1.210:9000)docs.bitfrost.me→ Paperless (10.0.1.50:8000)tasks.bitfrost.me→ Vikunja (10.0.1.227:3456)wiki.bitfrost.me→ BookStack (10.0.1.145:80)home.bitfrost.me→ Homarr (10.0.1.233:3000)portainer.bitfrost.me→ Portainer (10.0.2.3:9000)status.bitfrost.me→ Uptime Kuma (10.0.1.123:3001)tracker.bitfrost.me→ Taylor’s Tracker (load balanced)nextcloud.bitfrost.me→ Nextcloud (10.0.1.218:80)miner.bitfrost.me→ Adminer (10.0.1.208:8080)
Middleware Configuration
Basic Authentication Middleware:
middlewares:
traefik-auth:
basicAuth:
users: ["admin:[SECRET]"]
Custom Headers for Applications:
# Nextcloud headers
nextcloud-headers:
headers:
customRequestHeaders:
X-Forwarded-Proto: "https"
X-Forwarded-Host: "nextcloud.bitfrost.me"
# Paperless headers
paperless-headers:
headers:
customRequestHeaders:
X-Forwarded-Proto: "https"