Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (like Docker and 
Docker swarm) and configures itself automatically and dynamically. Pointing Traefik at your orchestrator should be the only configuration step you need.
All the configuration happens through containers labels. We also created a simple static config to setup our SSL Certificates through 
Cloudflare, providing up to date and valid SSL certificates for all our subdomains easily (even without exposing them publicly).
Compose
Section titled “Compose”version: "3.7"services: app: image: traefik:v3.0 container_name: traefik_app ports: - target: 80 published: 80 protocol: tcp mode: host - target: 443 published: 443 protocol: tcp mode: host - 8080:8080 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - /data/apps/traefik/data:/etc/traefik - /data/apps/traefik/ssl-certs:/ssl-certs - /data/apps/traefik/logs:/var/log environment: - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN} restart: always dns: - 100.100.100.100 depends_on: - redis networks: - homelab labels: - traefik.enable=true - traefik.http.services.traefik-rpi.loadbalancer.server.port=8080 - traefik.http.routers.traefik-rpi.rule=Host(`traefik.zrx.sh`) - traefik.http.routers.traefik-rpi.middlewares=homelab-whitelist@file - traefik.http.routers.traefik-rpi.tls=true - traefik.http.routers.traefik-rpi.tls.certresolver=production - traefik.http.routers.traefik-rpi.tls.domains[0].main=zrx.sh - traefik.http.routers.traefik-rpi.tls.domains[0].sans=*.zrx.sh redis: image: redis:latest container_name: traefik_redis restart: always command: redis-server --requirepass ${REDIS_PASSWORD} ports: - 6379:6379 volumes: - ./redis_data:/data networks: - homelab mhos: image: ghcr.io/zareix/traefik-mhos container_name: traefik_mhos restart: always environment: - REDIS_ADDRESS=traefik_redis:6379 - REDIS_PASSWORD=${REDIS_PASSWORD} - HOST_IP=rpi.zrx.sh - LOG_LEVEL=debug volumes: - /var/run/docker.sock:/var/run/docker.sock depends_on: - redis ports: - 8888:8888 networks: - homelab labels: - traefik.enable=true - traefik.http.routers.mhos-rpi.rule=Host(`traefikmhos-rpi.zrx.sh`) - traefik.http.services.mhos-rpi.loadbalancer.server.port=8888 - traefik.http.routers.mhos-rpi.middlewares=homelab-whitelist@file - traefik.http.routers.mhos-rpi.tls=true - traefik.http.routers.mhos-rpi.tls.certresolver=production - traefik.http.routers.mhos-rpi.tls.domains[0].main=zrx.sh - traefik.http.routers.mhos-rpi.tls.domains[0].sans=*.zrx.shnetworks: homelab: external: trueMulti-hosts setup
Section titled “Multi-hosts setup”I run services/containers on multiple hosts using docker standalone.
To proxy them all through a single traefik instance I wrote an app called https://github.com/Zareix/traefik-mhos, that help simplifying this process.
I listen on different hosts for docker containers, and when a new one is created, it adds to a redis database the labels corresponding to traefik.
Then on the main host, traefik is setup to read those labels from the redis db and proxy correctly the services.
Middleware
Section titled “Middleware”I’ve added 
Crowdsec to my Traefik setup.