Docker behind pfsense: haproxy, traefik, or ... ?



  • As discussed in other threads here I am happily using HAproxy on pfsense to proxy https to various servers in my LANs. So far they are mostly VMs in a VMware Vsphere environment, they get static DHCP-leases from pfsense and things work out fine.

    Now I added docker ... and this introduces additional networking. I set up traefik as proxy container within docker ... and now I start to wonder how to do the "ideal setup": traefik could pull LE-certs via ACME by itself, but this would only work or make sense for the containers. Should I introduce a subdomain like "docker.my.tld" for this tree of containers ...

    I would like to learn how others handle a mixed environment like this and avoid any pitfalls.



  • Noone? ok ... I just add some thoughts here, maybe someone chimes in ...

    Did my first tests here and as far as I get it, it will be better to decide for one spot to do the SSL-termination.
    So far I couldn't get things working with both ACME on pfsense (managing the certs for pfsense itself and some already existing VMs) and additional traefik trying to pull certs for the docker containers.

    I assume it should be possible though ;-)

    If HAproxy on pfsense filters out all traffic going to ".docker.my.tld" and forwards that to the traefix-proxy things should work, I assume.

    Another option would be to run traefik for http only ... but then I lose much of the magic features it brings.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy