I run my own small kubernetes cluster at Hetzner. And I want to self host a bunch of static web sites. I looked for a solution, simple, cloud native, low on resource usage. It must auto-update from Git (branch) like git[hub|lab] pages.

And there is not such a solution.

So I wrote my own: CRD, Operator, Syncer and a Helm chart to glue all together with Nginx and Traefik. Simplicity first, as admin publishing a page its one StaticSite custom resource with 4 or 5 values set, done.
It comes with tests/lint for Go and Helm code, full CI untegration (including image build, helm release and docs build with Hugo).

Welcome **kup6s-pages** to the light of the cloud. It is already live and publishes 2 sites. https://pages-docs.kup6s.com/
#Kubernetes #cloudnative #hosting #selfhosting #git #nginx #traefik #staticsite

Как я выяснял, что провайдер блокирует входящий 443 порт, и что это означает для self-hosting и хомлабов

В какой-то момент я решил заняться self-hosting’ом дома: небольшой хомлаб, Proxmox, несколько сервисов за reverse proxy, HTTPS - всё максимально стандартно. Никакой экзотики: обычный домашний интернет, белый IP, проброс портов, nginx с TLS. Но на этапе публикации сервисов наружу выяснилось странное: входящий 443 порт просто не открывается , при том что 80 и другие порты работают.

https://habr.com/ru/articles/991520/

#Homelab #Блокировка_портов #Порт_443 #HTTPS #Белый_IP #Reverse_Proxy #Proxmox #NAT #Traefik #nmap

書きました!!

はてなブログに投稿しました
Traefikプラグインを作って公開する際の注意点と知見 - await wakeUp(); https://sublimer.hatenablog.com/entry/2026/01/31/111444

#はてなブログ #traefik #golang #Kubernetes

1/6:
When using Traefik as a reverse proxy for Drupal (or any backend), you need to configure both sides to properly handle client IPs and forwarded headers.

#Traefik #Drupal #ReverseProxy #DevOps

Do #selfhosted #rss #relay exist.

As i centralize unavoidable US rss on my VPS, so i can easily plug them into TOR in anything happen to regain access.

I know i can do it with traefik, but i prefer an easy centralised way (if exist).

#rss #vps #us #tor #relay #selfhosted #centralized #traefik

RE: https://social.jelliefrontier.net/@jesse/115964733997867216

Done! That went way smoother than I expected. The hardest part was interpreting Traefik’s dizzying documentation.

All reverse proxies and load balancers swapped out in place with no noticeable downtime. 💜

#HomeLab #Traefik #Networking

I think it’s time I finally grew up and replaced my #NginxProxyManager with #Traefik.

#HomeLab #Networking

My VPS gets https certs automatically from Cloudflare, it was the most documented way for the Traefik rev proxy.

But I hate myself for depending on CF. Before I start searching, I would like to ask my fellow fediverzens...

Do you recommend any non-profit/ethical/community or at least Europe based alternative to CF & Acme chalanges compatible with Traefik?

#selfhost #vps #vpsfree #traefik #https

Hey, ich bin #neuhier (auf der Instanz).

Ich bin Admin (in Ausbildung) bei @adminforge.

Ich beschäftige mich mit:

#foss #opensource #linux #homelab #smarthome #datenschutz #privacy #security

Ich fummel rum mit:

#docker #podman #debian #ubuntu #fedora #ansible #crowdsec #homeassistant #nginx #caddy #traefik

Sonstiges:

#bookstack #ntfy #molly #grapheneos #grafana #unifi

Middleware Manager v4.1.2 giờ hoạt động độc lập với Traefik và hỗ trợ mTLS gốc cho từng tài nguyên/router. Nâng cấp đáng chú ý bao gồm:
- Quản lý dịch vụ/middleware tinh vi, hiệu suất ổn định hơn
- Hỗ trợ plugin nâng cao như mTLS, Bandwidth Limiter
- Giao diện người dùng tối ưu hóa với Dark Mode
- Tích hợp sâu với API Traefik

#Traefik #MiddlewareManager #mTLS #SelfHosting #CôngNghệMới #TraefikPlugin #SecurityTech

https://www.reddit.com/r/selfhosted/comments/1qm8a4c/traefik_middleware

Spannendes Prinzip an der Stelle: ich fange die Requests schon am Frontend-Proxy ab, also am #Traefik.

Sollte der Angriff weitergehen, landen die Requests nicht mehr am Backend, aber ich analysiere sie weiterhin.
Schickt der Angreifer also weiterhin Kram, so steigt die Bannzeit ins unermessliche, ohne dass weitere Requests ans Backend durchgehen.

Ich sag ja; OverEngineered ;)

#Traefik mit über 1 Million Requests in 30 Minuten quälen

ODER

#MinIO zu #Garage migrieren

Wobei ich glaube den Traefik kratzt das am wenigsten^^
Aber jeder einzelne Request wird als fettes JSON auch gegen #Loki und eben diesen Garage Storage geloggt, also isses deutlich mehr Last, aber bisher ist alles geschmeidig :)

🛠️ Mới: loglynx - công cụ phân tích log & dashboard giám sát lưu lượng cho dịch vụ tự host (Traefik, Pangolin, Caddy). Dễ cấu hình Docker‑compose, giúp bạn thấy ai đang truy cập domain. Mã nguồn mở, luôn chào đón đóng góp! #selfhosting #opensource #Traefik #Caddy #Pangolin #logparser #dev #tựchủ #mãnguồn

https://www.reddit.com/r/SideProject/comments/1qjrq0i/made_a_tool_to_visualize_and_monitor_traffic_on/

Ich habe mal meinen crowdsec stack geupdated.

Der traefik-crowdsec-bouncer wurde durch as native crowdSec traefik plugin.

Das bringt einige vorteile mit sich, die du hier nachlesen kannst.

https://2tap2.be/crowdsec-plugin-appsec

#homelab #traefik #crowdsec #waf #security #selfhost

If you are having issues with uploading big files with e.g. #nextcloud and especially your #traefik (v3.x) setup - than have a look at the respond, write, idle timeouts. They were set to 60s as defaults with traefik 3.

The timeouts can be increased or deactivated as follows in for example the traefik.yml:
```
entryPoints:
web:
address: ':80'
transport:
respondingTimeouts:
readTimeout: 0s
writeTimeout: 0s
idleTimeout: 0s
```

Is there something about LEGO (Let's Encrypt library in Go) not working with Step CA's http challenge? #Traefik and the LEGO CLI client always stop at "Trying to solve HTTP-01", nothing happens anymore after that. 🤷‍♂️

Other apps (e.g. Proxmox) have no issue getting a certificate.

Well, this turned out to be a #haproxy issue. Haproxy -- with proxy protocol enabled -- is on the path for both IPs -- but there's one difference, one of the hosts is on an AWS internal IP, so haproxy transmits this internal IP as destination, which is then unknown (and won't ever match) traefik's idea of IP address for the connection.

Otherwise I'm impressed that #traefik correctly decides the destination IP is what's needed for the cert matching where it's the only correct detail.

More details - in a local capture, of course, both instances of the `s_client -servername` command produce a visible SNI. With `curl`, neither -- ok, maybe curl doesn't think IP addresses are worth to signal as #tls #tlssni. But then how does *one* of the IP addresses still work with #traefik to get the correct certificate to respond with???