Traefik: Difference between revisions

From NixOS Wiki
Dander (talk | contribs)
m rewording
Dander (talk | contribs)
m be more specific that "Using files"
 
(4 intermediate revisions by 2 users not shown)
Line 8: Line 8:
== Configuration ==
== Configuration ==


==== Using Nixlang (Nix the language) ====
==== Using Nix ====
<syntaxhighlight lang="nixos">
<syntaxhighlight lang="nixos">
   services.traefik = {
   services.traefik = {
Line 55: Line 55:
</syntaxhighlight>
</syntaxhighlight>


==== Using files ====
==== Using non-Nix configuration files ====
If you are migrating from a Non-NixOS system, you might be interested in the <code>staticConfigFile</code> and <code>dynamicConfigFile</code> options.
If you are migrating from a Non-NixOS system, you might be interested in the <code>staticConfigFile</code> and <code>dynamicConfigFile</code> options.


You can set  <code>staticConfigFile</code> like this:<syntaxhighlight lang="nixos">
You can set  <code>staticConfigFile</code> like this:<syntaxhighlight lang="nixos">
services.traefik.staticConfigFile = ./static_config.toml;
services.traefik.staticConfigFile = ./static_config.toml;
</syntaxhighlight>But you need to be careful about how you set the <code>services.traefik.dynamicConfigFile</code> option, if you use a path like shown above, your file will end up in the [[Nix store]], so the path to your config file will change every time you update it, which means Traefik won't be able to reload with your changes automatically, which defeats the point of using the dynamic config file.
</syntaxhighlight>But you need to be careful about how you set the <code>services.traefik.dynamicConfigFile</code> option, if you use a path like shown above, your file will end up in the [[Nix store]], and it will change every time you update your configuration, which means Traefik won't be able to reload with your changes automatically, which defeats the point of using the dynamic config file.


A way to avoid this is to use <code>etc.environment</code>:<syntaxhighlight lang="nixos">
A way to avoid this is to use <code>etc.environment</code>:<syntaxhighlight lang="nixos">
Line 79: Line 79:
};
};
</syntaxhighlight>Additionally, you can not use a <code>...ConfigFile</code> option and a <code>...ConfigOptions</code> for either static or dynamic configuration. The file options always take precedence over the options options, which are ignored.
</syntaxhighlight>Additionally, you can not use a <code>...ConfigFile</code> option and a <code>...ConfigOptions</code> for either static or dynamic configuration. The file options always take precedence over the options options, which are ignored.
[[Category:Applications]]
[[Category:Server]]
[[Category:Networking]]

Latest revision as of 20:25, 23 October 2024

Traefik is a reverse proxy and load balancer.

Installation

To install Traefik, add the following to your NixOS configuration:

services.traefik.enable = true;

More options are available.

Configuration

Using Nix

  services.traefik = {
    enable = true;

    staticConfigOptions = {
      entryPoints = {
        web = {
          address = ":80";
          asDefault = true;
          http.redirections.entrypoint = {
            to = "websecure";
            scheme = "https";
          };
        };

        websecure = {
          address = ":443";
          asDefault = true;
          http.tls.certResolver = "letsencrypt";
        };

        log = {
          level = "INFO";
          filePath = "${config.services.traefik.dataDir}/traefik.log";
          format = "json";
        };

        certificatesResolvers.letsencrypt.acme = {
          email = "postmaster@YOUR.DOMAIN";
          storage = "${config.services.traefik.dataDir}/acme.json";
          httpChallenge.entryPoint = "web";
        };
      };

      api.dashboard = true;
      # Access the Traefik dashboard on <Traefik IP>:8080 of your server
      # api.insecure = true;
    };

    dynamicConfigOptions = {
      http.routers = {};
      http.services = {};
    };
  };

Using non-Nix configuration files

If you are migrating from a Non-NixOS system, you might be interested in the staticConfigFile and dynamicConfigFile options.

You can set staticConfigFile like this:

services.traefik.staticConfigFile = ./static_config.toml;

But you need to be careful about how you set the services.traefik.dynamicConfigFile option, if you use a path like shown above, your file will end up in the Nix store, and it will change every time you update your configuration, which means Traefik won't be able to reload with your changes automatically, which defeats the point of using the dynamic config file. A way to avoid this is to use etc.environment:

# Note the quotes around the path!
services.traefik.dynamicConfigFile = "/etc/traefik/dynamic_config.toml";
# If you use staticConfigFile instead, update your file provider accordingly.
services.traefik.staticConfigOptions.providers.file.watch = true;

environment.etc."traefik/dynamic_config.toml" = {
    user = config.systemd.services.traefik.serviceConfig.User;
    group = config.systemd.services.traefik.serviceConfig.Group;
    mode = "400";
    text = ''
        # ...
    '';
    # Or,
    # source = ./dynamic_config.toml     
};

Additionally, you can not use a ...ConfigFile option and a ...ConfigOptions for either static or dynamic configuration. The file options always take precedence over the options options, which are ignored.