My booring Blog

Mauro Frigerio blog

Cloudflare origin certificates in Traefik

23-07-2022 3 min read Article

Using Cloudflare as a DNS provider for your domains, you can take advantage of its SSL certificates to secure your websites. So you don’t have to struggle with Traefik and Let’s Encrypt to generate your own certificates.

This guide is also useful if you use the free domains described in this post, because Cloudflare blocks the creation of certificates via Let’s Encrypt.

Concept

Cloudflare creates a dedicated certificate that allows the server to communicate only with Cloudflare’s servers. The certificate is not recognized as valid by the various browsers. Cloudflare’s proxies will then provide a certificate that is valid and recognized by all major browsers.

Continue reading

Uptime Kuma e ping su traefik

28-10-2021 2 min read Article

Intro

Quando la propria rete casalinga inizia a crescere è comodo controllare i vari servizi/test attivi sulla rete. Uptime Kuma permette di avere un container Docker all-inclusive che permette di sorvegliare con vari metodi (ping, http(s), DNS) un sistema e di inviare notifiche in caso di problemi.

Scopo

  • installare Uptime Kuma in docker
  • aggiungere la configurazione di traefik
  • verificare che traefik funzioni correttamente

Requisiti

I passaggi seguenti richiedono il funzionamento su un host di docker, docker-compose e trafik con https. Seguire questi passaggi per avere le informazioni necessarie.

Continue reading

Esempio mutual TLS con Traefik

10-04-2021 1 min read Article

Many configuration guides for SSH server suggest eliminating the login with a username/password and replace it with a key. More and more I use this solution in my small home environment. A day on Twitter I have seen this tweet and I have made some tests with mutual TLS (or mTLS).

I find mTLS really helpful when you cannot use a VPN, for example on an enterprise pc or due to some firewall restriction. So you can protect your services with a certificate installed in a browser. This solution works only for sites that should only accessible for a few users.

Continue reading