{"id":35059457,"url":"https://github.com/rendermani/traefik","last_synced_at":"2025-12-27T10:14:00.666Z","repository":{"id":311460684,"uuid":"1043477634","full_name":"rendermani/traefik","owner":"rendermani","description":"Traefik edge router and load balancer for infrastructure services","archived":false,"fork":false,"pushed_at":"2025-08-24T16:03:04.000Z","size":48,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-24T20:25:53.309Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rendermani.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-24T00:09:04.000Z","updated_at":"2025-08-24T16:03:08.000Z","dependencies_parsed_at":"2025-08-24T20:27:35.210Z","dependency_job_id":"39f328b6-f60e-447c-aca8-4f37e8b8230c","html_url":"https://github.com/rendermani/traefik","commit_stats":null,"previous_names":["rendermani/traefik"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/rendermani/traefik","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rendermani%2Ftraefik","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rendermani%2Ftraefik/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rendermani%2Ftraefik/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rendermani%2Ftraefik/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rendermani","download_url":"https://codeload.github.com/rendermani/traefik/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rendermani%2Ftraefik/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28077395,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-27T02:00:05.897Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-12-27T10:13:58.736Z","updated_at":"2025-12-27T10:14:00.657Z","avatar_url":"https://github.com/rendermani.png","language":"Shell","readme":"# Traefik Repository\n\nEdge router and reverse proxy for all services with automatic SSL/TLS termination.\n\n## Overview\n\nThis repository contains the infrastructure code for deploying Traefik as the foundation reverse proxy with:\n- Automatic SSL/TLS with Let's Encrypt\n- Service discovery and dynamic routing\n- Security middleware and rate limiting\n- Dashboard with authentication\n- Integration with Vault for certificate storage\n- Auto-detection of backend services\n\n## Repository Structure\n\n```\ntraefik/\n├── .github/\n│   └── workflows/\n│       └── deploy.yml         # Deployment workflow\n├── config/\n│   ├── traefik.yml           # Static configuration\n│   └── dynamic/              # Dynamic configurations\n│       ├── services.yml      # Service definitions\n│       ├── routers.yml       # Routing rules\n│       └── middlewares.yml   # Security middleware\n├── scripts/\n│   ├── deploy-traefik.sh     # Main deployment script\n│   ├── setup-ssl.sh          # SSL certificate setup\n│   └── check-services.sh     # Service discovery\n├── certs/                    # SSL certificates (gitignored)\n└── tests/                    # Integration tests\n```\n\n## Quick Start\n\n### Deployment via GitHub Actions\n\n1. Go to Actions tab\n2. Select \"Deploy Traefik\"\n3. Run workflow with desired action:\n   - `install` - Fresh installation\n   - `upgrade` - Upgrade Traefik version\n   - `configure` - Update configuration\n   - `restart` - Restart service\n\n### Manual Deployment\n\n```bash\n# Clone repository\ngit clone https://github.com/rendermani/traefik.git\ncd traefik\n\n# Deploy to server\n./scripts/deploy-traefik.sh --environment production --action install\n```\n\n## Services Routing\n\nTraefik automatically configures routing for:\n\n| Service | Domain | Backend |\n|---------|--------|---------|\n| Vault | vault.cloudya.net | http://localhost:8200 |\n| Nomad | nomad.cloudya.net | http://localhost:4646 |\n| Prometheus | metrics.cloudya.net | http://localhost:9090 |\n| Grafana | grafana.cloudya.net | http://localhost:3000 |\n| Loki | logs.cloudya.net | http://localhost:3100 |\n| Traefik Dashboard | traefik.cloudya.net | Internal |\n\n## SSL/TLS Configuration\n\nTraefik uses Let's Encrypt for automatic SSL certificates:\n\n```yaml\ncertificatesResolvers:\n  letsencrypt:\n    acme:\n      email: admin@cloudya.net\n      storage: /etc/traefik/acme.json\n      httpChallenge:\n        entryPoint: web\n```\n\n## Security Features\n\n### Middleware Stack\n\n- **Security Headers**: HSTS, CSP, X-Frame-Options\n- **Rate Limiting**: Configurable per service\n- **IP Whitelist**: Optional restriction\n- **Basic Auth**: For admin interfaces\n- **CORS**: Configurable per service\n\n### Authentication\n\nDashboard and admin interfaces use:\n1. Basic authentication (initial setup)\n2. Vault-based authentication (when available)\n3. Forward auth to external IdP (optional)\n\n## Auto-Detection\n\nTraefik automatically detects and configures routing for:\n- Services registered in Nomad\n- Services with health endpoints\n- Docker containers with labels\n\n## Integration with Vault\n\nWhen Vault is available:\n- Stores SSL certificates in Vault\n- Uses Vault for authentication secrets\n- Rotates credentials automatically\n\n## Integration with Nomad\n\nWhen Nomad is available:\n- Discovers services via Nomad API\n- Updates routing dynamically\n- Handles service scaling\n\n## Monitoring\n\nTraefik exposes metrics at `/metrics` for Prometheus:\n- Request rates and latencies\n- Error rates by service\n- SSL certificate expiry\n- Backend health status\n\n## Configuration\n\n### Environment Variables\n\n```bash\n# Domain configuration\nBASE_DOMAIN=cloudya.net\nACME_EMAIL=admin@cloudya.net\n\n# Dashboard authentication\nDASHBOARD_USER=admin\nDASHBOARD_PASSWORD=secure-password\n\n# Let's Encrypt\nACME_STAGING=false  # Use true for testing\n\n# Service discovery\nENABLE_NOMAD_PROVIDER=true\nENABLE_DOCKER_PROVIDER=false\n```\n\n### Dynamic Configuration\n\nServices can be added dynamically via:\n1. File provider (config/dynamic/)\n2. Nomad provider (auto-discovery)\n3. Docker provider (container labels)\n\n## Backup and Recovery\n\n```bash\n# Backup configuration and certificates\n./scripts/backup-traefik.sh\n\n# Restore from backup\n./scripts/restore-traefik.sh /backups/traefik/20250124-123456\n```\n\n## Troubleshooting\n\n### Check Service Health\n```bash\ncurl -s http://localhost:8080/api/http/services | jq\n```\n\n### View Access Logs\n```bash\njournalctl -u traefik -f\n```\n\n### SSL Certificate Issues\n```bash\n# Check certificate status\n./scripts/check-certificates.sh\n\n# Force renewal\n./scripts/renew-certificates.sh\n```\n\n## Dependencies\n\n- Traefik 3.0+\n- systemd\n- Let's Encrypt account\n- Valid DNS for domains\n\n## Related Repositories\n\n- [rendermani/vault](https://github.com/rendermani/vault) - Secret management\n- [rendermani/nomad](https://github.com/rendermani/nomad) - Container orchestration\n- [rendermani/monitoring](https://github.com/rendermani/monitoring) - Observability stack\n\n## Security Considerations\n\n- Never commit acme.json or certificates\n- Keep dashboard authentication strong\n- Regularly update Traefik version\n- Monitor SSL certificate expiry\n- Review access logs regularly# Trigger deploy\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frendermani%2Ftraefik","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frendermani%2Ftraefik","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frendermani%2Ftraefik/lists"}