This project provides a dynamic configuration for a Traefik instance with the following features:
- HTTPS with Let's Encrypt via Cloudflare
- Dynamic subdomain certificates (SANs)
- Catch-all routing
- Support for Authelia or Basic Authentication
- Forwarding to an internal secondary Traefik instance
- Detailed logging and access logs
You need a Cloudflare account with the domains you want to manage already added and configured. Ensure:
- The domains have valid DNS records (e.g., A or CNAME records).
- The domains are active and using Cloudflare's nameservers.
To use Cloudflare's DNS challenge for Let's Encrypt, you need an API token with permissions to manage DNS records across all zones.
-
Log in to Cloudflare:
- Go to Cloudflare Dashboard.
-
Navigate to API Tokens:
- Click on your profile in the top-right corner and select API Tokens.
-
Create a New Token:
- Click Create Token.
-
Choose Custom Token Template:
- Under Custom Token, click Get Started.
-
Set Permissions:
- Select the following permissions:
- Account Resources:
- Account: All Accounts
- Permissions: Read
- Zone Resources:
- Zone: All Zones
- Permissions: DNS: Edit
- Account Resources:
- Select the following permissions:
-
Review and Generate:
- Click Continue to Summary, review the settings, and click Create Token.
-
Copy the Token:
- Save the token securely. You will need it for the configuration in
host_vars.
- Save the token securely. You will need it for the configuration in
This file contains host-specific variables for the Traefik instance. Example:
traefik_active: true
traefik_version: "3.3"
traefik_http_port: 80
traefik_https_port: 443
traefik_log_level: "INFO"
traefik_certresolver: "cloudflare"
traefik_second_instance: false
traefik_second_instance_url_or_ip: ""
docker_exposed_by_default: false
traefik_folder: ""
cloudflare_mail: ""
cloudflare_token: ""
acme_storage_path: ""
ddns_active: false
authelia_active: false
traefik_domain: ""
traefik_sans: []
basicauth_user: ""
basicauth_password: ""