Mistserver behind Traefik Reverse Proxy
31 views
Skip to first unread message
Michel Hageman
Apr 27, 2024, 11:25:27 AM4/27/24
to Mistserver.org
Hello!
Anybody succeeded in installing Mistserver behind Traefik? The Docker container is running great and is reached on https with cert and on port 4242.
But, port 8080, the http-side of things? I have no idea how to do this in the docker-compose.yml file for Mistserver.... Or for that matter in the traefik.yml file.
Anybody succeeded in installing Mistserver behind Traefik? The Docker container is running great and is reached on https with cert and on port 4242.
But, port 8080, the http-side of things? I have no idea how to do this in the docker-compose.yml file for Mistserver.... Or for that matter in the traefik.yml file.
Anybody already took a stab at it?
Thanks in advance!
Michel
Balder Vietor
Apr 29, 2024, 5:04:09 AM4/29/24
to mists...@googlegroups.com
Hey Michel,
Can't say I have tackled that one yet, however I'll try and find some time to try it out this week. Once I'm done I'll update the docs & let you know!
It shouldn't be much differently from using port 4242. One thing to keep in mind is that you can always just change the default 8080 port to something else if that makes it easier, I haven't used Treafik at all yet, but if it has automatic settings for port 80 you could just start the HTTP output on port 80 instead.
With kind regards,
Balder Viëtor
Head of Testing
Balder Viëtor
Head of Testing
MistServer
--
You received this message because you are subscribed to the Google Groups "Mistserver.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mistserver+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mistserver/05c6a2be-9e26-41fe-8f7d-b6d378f8d519n%40googlegroups.com.
Michel Hageman
Apr 29, 2024, 7:24:20 AM4/29/24
to mists...@googlegroups.com
He thanks Balder!
I'm interested in Traefik because of the many possibilities in routing once you have it running. There are many ways in which you can choose to traffic data to different containers and served websites on Docker (Podman) or Kubernetes. It's a blazing fast Edge-router, easy to secure and it takes care of the necessary Let's Encrypt Certs and the automatic renewal of these. DNS-challenges are easy to set up and the 'middleware' functions are easy to implement.
It's a chore though, to go through the documentation and the answers that people give on fora when it comes to more complex setup of the reverse proxy. There are many many possibilities in how things are handled. Either you create your 'routers', 'middleware', 'certresolver(s)' and alike in a traefik.yml, which in turn you include in the docker-compose of Traefik, or you can add 'labels:' to individual docker-compose files of the containers themselves that are to be served by Traefik. You can set up 'entrypoints', 'middleware', 'routers' and more in many locations and parrallel in both TOML and YAML.
The one thing that's holding me back, besides the confusing Docs and fora, is the way in which we can guide traffic to port 4242 on the domain mistserver.example.com/mistserver, being both the API-address and make sure that streams get delivered to 1935 on that same domain, and that the preview function on the streams works on 8080 at mistserver.example.com/mistserver. I indeed know that you can change the listening port 8080 to a different one in the Protocol-section under HTTP in Mistserver, but you could also change the port 8080 to another number, leading to the Traefik-dashboard (if enabled) in the docker-compose.yml of the Traefik instance.
But I guess that I'd need a different 'router' and loadbalancer to port 8080 than the 'router' to 4242 together with the designated loadbalancer to 4242 (including the adding of TLS-certresolver). For now I don't know how to combine both routers in one 'labels:'-block in the docker-compose.yml of Mistserver, and be able to serve both instances of the domain mistserver.example.com and the prefix '/mistserver'. The https 'router' is no problem and LE-cert is produced for use in the loadbalancer to port 4242, but to get it to 8080 without the TLS at the same prefix, that's the one that I can't solve...
Or, declare more 'Services:' and corresponding 'labels:' in the same docker-compose.yml of Mistserver. I don't know how to do this either, with both prefixes being the same. When splitting the domain in two parts, one being the subdomain (mistserver.example.com) and the prefix (mistserver.example.com/mistserver) the 'router' of the subdomain would get preference each time, because it being shorter.
I'm interested in Traefik because of the many possibilities in routing once you have it running. There are many ways in which you can choose to traffic data to different containers and served websites on Docker (Podman) or Kubernetes. It's a blazing fast Edge-router, easy to secure and it takes care of the necessary Let's Encrypt Certs and the automatic renewal of these. DNS-challenges are easy to set up and the 'middleware' functions are easy to implement.
It's a chore though, to go through the documentation and the answers that people give on fora when it comes to more complex setup of the reverse proxy. There are many many possibilities in how things are handled. Either you create your 'routers', 'middleware', 'certresolver(s)' and alike in a traefik.yml, which in turn you include in the docker-compose of Traefik, or you can add 'labels:' to individual docker-compose files of the containers themselves that are to be served by Traefik. You can set up 'entrypoints', 'middleware', 'routers' and more in many locations and parrallel in both TOML and YAML.
The one thing that's holding me back, besides the confusing Docs and fora, is the way in which we can guide traffic to port 4242 on the domain mistserver.example.com/mistserver, being both the API-address and make sure that streams get delivered to 1935 on that same domain, and that the preview function on the streams works on 8080 at mistserver.example.com/mistserver. I indeed know that you can change the listening port 8080 to a different one in the Protocol-section under HTTP in Mistserver, but you could also change the port 8080 to another number, leading to the Traefik-dashboard (if enabled) in the docker-compose.yml of the Traefik instance.
But I guess that I'd need a different 'router' and loadbalancer to port 8080 than the 'router' to 4242 together with the designated loadbalancer to 4242 (including the adding of TLS-certresolver). For now I don't know how to combine both routers in one 'labels:'-block in the docker-compose.yml of Mistserver, and be able to serve both instances of the domain mistserver.example.com and the prefix '/mistserver'. The https 'router' is no problem and LE-cert is produced for use in the loadbalancer to port 4242, but to get it to 8080 without the TLS at the same prefix, that's the one that I can't solve...
Or, declare more 'Services:' and corresponding 'labels:' in the same docker-compose.yml of Mistserver. I don't know how to do this either, with both prefixes being the same. When splitting the domain in two parts, one being the subdomain (mistserver.example.com) and the prefix (mistserver.example.com/mistserver) the 'router' of the subdomain would get preference each time, because it being shorter.
Oh well, so much to learn.... Your help is appreciated and
thanks for looking into this!
Have a great day!
Michel
Have a great day!
Michel
Op ma 29 apr 2024 om 11:04 schreef Balder Vietor <balder...@ddvtech.com>:
You received this message because you are subscribed to a topic in the Google Groups "Mistserver.org" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/mistserver/0o2e7DyBS0A/unsubscribe.
To unsubscribe from this group and all its topics, send an email to mistserver+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mistserver/CAKPFDa2%3DfuwqrJk92Gm537ULgki2KTUfOtA08ypcv-qk_grJHw%40mail.gmail.com.
Michel Hageman
Apr 29, 2024, 7:32:08 AM4/29/24
to mists...@googlegroups.com
Something like this might be useful I think. Maybe it's of some benefit to you.
https://stackoverflow.com/questions/59856722/multiple-routers-and-services-on-the-same-container-with-traefik-2
https://stackoverflow.com/questions/59856722/multiple-routers-and-services-on-the-same-container-with-traefik-2
Op ma 29 apr 2024 om 13:23 schreef Michel Hageman <mhag...@gmail.com>:
Reply all
Reply to author
Forward
0 new messages