Statcounter code invalid. Insert a fresh copy.
Skip to content

Part 5: Summary ​

The following is the complete summary or workflow to expose a service to Traefik, all using Labels instead of modifying Traefik configuration file.

Add the following labels for each unRAID container service that you want to handle by Traefik.

Add Labels to unRAID Container Template ​

This is needed so that Traefik will intercept any hostname that matches and route through it via Authelia authentication and authorization.

Add the following FOUR labels to unRAID container templates. Then click Apply to restart the container.

For automatically adding the route to the service to Traefik. ​

Label 1:

  • Name: Enable Traefik
  • Key: traefik.enable
  • Value: true

Label 2:

  • Name: https entrypoint
  • Key: traefik.http.routers.<APP_NAME>.entryPoints
  • Value: https

Label 3:

  • Name: traefik.http.routers.<APP_NAME>.rule
  • Key: traefik.http.routers.<APP_NAME>.rule
  • Value: Host(`<APP_NAME>.DOMAIN.COM`)

For automatically adding the route to Cloudflare DNS server via docker-traefik-cloudflare-companion service. ​

Label 4:

  • Name: traefik.constraint
  • Key: traefik.constraint
  • Value: proxy-public

Forward traffic to Authelia to authenticate and authorize user before reaching the final service. ​

Label 5:

  • Name: Traefik Authelia Forward Auth
  • Key: traefik.http.routers.<APP_NAME>.middlewares
  • Value: auth@file

Specify custom port ​

By default Traefik will use the first exposed port for the target service picked up from the dockerfile. In case there are multiple ports exposed by a service, you can specify a specific port for that target service. See https://docs.ibracorp.io/traefik/master/unraid/proxying-your-first-app/proxying-an-app-with-multiple-exposed-ports for more info.

Label:

  • Name: Traefik Target Service Port
  • Key: traefik.http.services.<APP_NAME>.loadbalancer.server.port
  • Value: 8096

Congratulations for completing this tutorial! You now have a secure gateway to access your unRAID services!

What's Next? ​

If you are very paranoid, you can even create an additional layer or authentication that took place before the traffic even reaches the cloudflared tunnel or Authelia. This would enable a stagerring FOUR layer authentication that any malicious attacker must bypass! See my post here on creating Google OAuth using CloudFlare policy.

  1. Google OAuth (limited to only a selected emails)
  2. Authelia 1-factor auth: username + password
  3. Authelia 2-factor auth: TOTP (6 digits)
  4. Final service auth (if any)

Layout Switch

Adjust the layout style of VitePress to adapt to different reading needs and screens.

Expand all
The sidebar and content area occupy the entire width of the screen.
Expand sidebar with adjustable values
Expand sidebar width and add a new slider for user to choose and customize their desired width of the maximum width of sidebar can go, but the content area width will remain the same.
Expand all with adjustable values
Expand sidebar width and add a new slider for user to choose and customize their desired width of the maximum width of sidebar can go, but the content area width will remain the same.
Original width
The original layout width of VitePress

Page Layout Max Width

Adjust the exact value of the page width of VitePress layout to adapt to different reading needs and screens.

Adjust the maximum width of the page layout
A ranged slider for user to choose and customize their desired width of the maximum width of the page layout can go.

Content Layout Max Width

Adjust the exact value of the document content width of VitePress layout to adapt to different reading needs and screens.

Adjust the maximum width of the content layout
A ranged slider for user to choose and customize their desired width of the maximum width of the content layout can go.

Spotlight

Highlight the line where the mouse is currently hovering in the content to optimize for users who may have reading and focusing difficulties.

ONOn
Turn on Spotlight.
OFFOff
Turn off Spotlight.