Today's Problem:

Today I just wanted to add a few more services to traefik and get them authenticated with my self-signed certs through traefik. The services I wanted to configure today were

  • Cockpit
  • Traefik

Cockpit:

This was already installed thanks to it being bundled as an option with the Rocky Linux installer, I just hadn't added it to traefik. The wildcard cert I generted in Day 10/11 already covered my desired URL and I had no issues getting this routed.

Portainer (again):

In another VM (located on a different server), I have an additional portainer instance running. I want to eventually connect it with my main portainer instance, but for today I'm ok keeping them separate. For now, I just needed to route it in traefik and generate a new wildcard cert. Getting it routed through traefik took longer than expected though, thanks to my inability to configure my DNS records correctly.

My last portainer instance has a DNS record I've added in Pi-Hole that points from portainer.server1.example -> server1.example. Since I was configuring portainer.server2.example, my idle brain thought to route that to server2.example. However, server2.example isn't running an instance of traefik, nor had I planned on doing so. So after quite a bit of digging and investigation, I realized I wasn't pointing my domain to traefik at all! So now that record looks like portainer.server2.example -> server1.example. Reloading the page, I got my certificate invalid warning and I was good to start getting my certs in order.

Certs

As I work with traefik more and more, I'm finding myself having less and less hiccups. After generating new certs (link to cheat sheet in Day 10), getting those new certs plugged into Traefik was a breeze. Documentation was clear on where exactly to add my file paths for my new certs, no hiccups (or annyoing typos) with how I'd configured anything, and just with a refresh of the page my new cert appeared as valid. And with that I'd spent a bit over an hour, and my homelabbing for today was complete.

Conclusion/Improvements

Overall today was just a relaxing rinse/repeat sort of day. Aside from my DNS issue, no real problems getting traefik or my new certs to accept my configuration.

Futher along in this series, I'd like to

  • Connect my portainer instances, so they can be managed from one UI. Maybe portainer.realdomain.com.
  • Centralize all the domains/services I run into a knowledge base, so that I don't accidentally forget that I'm running cockpit (which I currently do often).
  • Configure Let's Encrypt DNS challenges so that my public facing services can have proper certs instead of how traefik somehow does it currently.