EFP
ElfHosted / Funky Penguin9mo ago
3nm1

making a service private and not available from the internet?

Hi, gotten my first basic premix up and running, and managed to secure the "https://traefik.mydomain.com" via the forward-auth, so that it was not available to the public on the internet without a username and password. My question is: will all the services in the premix be public if I deploy them? if I spin up a sonarr service will it per default be accessible via the internet? And what would be the easiest way to change this? I want the benefit of using the dns name of the service, but since most of these services is for myself only, i find it more secure to connect to my local network via VPN and access sonarr, radarr etc.. that way. what should be my train of thought?
2 Replies
funkypenguin | ElfHosted
funkypenguin | ElfHosted9mo ago
sorry @3nm1 , I missed the notification for this thread 🤦‍♂️ so only a service with the appropriate traefik labels will be accessible via traefik. for example, radarr needs the following labels to work with traefik at all: 
      - "traefik.http.routers.radarr.rule=Host(`radarr.example.com`)"
      - "traefik.http.routers.radarr.entrypoints=https"
      - "traefik.http.services.radarr.loadbalancer.server.port=7878"
      - "traefik.http.routers.radarr.rule=Host(`radarr.example.com`)"
      - "traefik.http.routers.radarr.entrypoints=https"
      - "traefik.http.services.radarr.loadbalancer.server.port=7878"
and then yes, it'll be exposed without auth but if you add this label: 
- "traefik.http.routers.radarr.middlewares=forward-auth"
- "traefik.http.routers.radarr.middlewares=forward-auth"
now, it's protected Since TFA works nicely with session cookies etc, I'd probably just set it up anyway, as a safeguard
3nm1
3nm19mo ago
Thank you for the explanation, I will look into, securing it further with TFA.
Want results from more Discord servers?
Add your server