Cloudflare origin certificates in Traefik

23-07-2022 3 min read Article

Using Cloudflare as a DNS provider for your domains, you can take advantage of its SSL certificates to secure your websites. So you don’t have to struggle with Traefik and Let’s Encrypt to generate your own certificates.

This guide is also useful if you use the free domains described in this post, because Cloudflare blocks the creation of certificates via Let’s Encrypt.

Concept

Cloudflare creates a dedicated certificate that allows the server to communicate only with Cloudflare’s servers. The certificate is not recognized as valid by the various browsers. Cloudflare’s proxies will then provide a certificate that is valid and recognized by all major browsers.

Uptime Kuma e ping su traefik

28-10-2021 2 min read Article

Intro

Quando la propria rete casalinga inizia a crescere è comodo controllare i vari servizi/test attivi sulla rete. Uptime Kuma permette di avere un container Docker all-inclusive che permette di sorvegliare con vari metodi (ping, http(s), DNS) un sistema e di inviare notifiche in caso di problemi.

Scopo

installare Uptime Kuma in docker
aggiungere la configurazione di traefik
verificare che traefik funzioni correttamente

Requisiti

I passaggi seguenti richiedono il funzionamento su un host di docker, docker-compose e trafik con https. Seguire questi passaggi per avere le informazioni necessarie.

Esempio mutual TLS con Traefik

10-04-2021 1 min read Article

Many configuration guides for SSH server suggest eliminating the login with a username/password and replace it with a key. More and more I use this solution in my small home environment. A day on Twitter I have seen this tweet and I have made some tests with mutual TLS (or mTLS).

🇫🇷 Community Contribution 👉 Sécuriser #Traefik avec du mTLS by Romain Boulanger https://t.co/TofOPAYVYC
— Traefik Labs (@traefik) March 26, 2021

I find mTLS really helpful when you cannot use a VPN, for example on an enterprise pc or due to some firewall restriction. So you can protect your services with a certificate installed in a browser. This solution works only for sites that should only accessible for a few users.