moar doc rework
This commit is contained in:
kjeld Schouten-Lebbing
parent
bdf8f02f63
commit
d928be0816
|
|
@ -1,5 +1,7 @@
|
|||
# 10 - Installing Traefik
|
||||
|
||||
Within TrueCharts our aim is to make it as easy as possible to secure your Apps. To support this we supply a seperate Traefik "ingress" app, which has been preconfigured to provide secure and fast connections.
|
||||
|
||||
#### Video Guide
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,33 @@
|
|||
# 12 - Exposing Apps using Ingress and Traefik
|
||||
|
||||
To use Traefik as ingress, all you have to do is enable "ingress" in the App of your choice and fill out a little form.
|
||||
We currently require Traefik to be installed before you enable ingress on your App.
|
||||
|
||||
|
||||
##### Requirements
|
||||
|
||||
- Make sure your storage-pool is created and working
|
||||
- Make Make sure you selected your storage-pool when you first opened the "Apps" interface, if not please refer to quick-start guide `01 - First time Apps setup`
|
||||
- Make sure you have a working internet connection and can reach github and truecharts.org from the host system.
|
||||
- Make sure you already added the TrueCharts catalog from guide 02
|
||||
- Make sure your App is installed and, preferably, working
|
||||
- Make sure you added your certificates in guide 09
|
||||
- Make sure you've setup traefik in guide 10
|
||||
|
||||
|
||||
#### Video Guide
|
||||
|
||||
|
||||
|
||||
|
||||
### Notes
|
||||
|
||||
There are a few highlights to take into account when adding a ingress to an App:
|
||||
|
||||
- Adding hosts is required
|
||||
By default the hosts list is empty, this is due to upstream design choices and is a issue that is yet to be solved upstream.
|
||||
However: adding hosts (preferably just one) is required for ANY app to function with a ingress enabled. Apps might not install and throw errors if you do not add any hosts.
|
||||
|
||||
- Traefik not accepting/using certificates
|
||||
Sometimes you might notice Traefik ignores your certificate. This is most likely due to the domain on your certificate, being different from the domain you entered into the reverse proxy host box.
|
||||
Traefik requires your certificate to match the domain used for Ingress. This is an upstream design decision and something we can easily and safely disable.
|
||||
|
|
|
|||
|
|
@ -4,8 +4,7 @@ At TrueCharts we support HTTPS deployments of every app using our Traefik Revers
|
|||
|
||||
### Self Signed certificates
|
||||
|
||||
Self signed certificates are relatively straight forward and handled by Traefik itself. You just select "self signed" when adding a reverse-proxy to your App and Traefik does the rest!
|
||||
|
||||
Self signed certificates are relatively straight forward and handled by Traefik itself. You just select the default TrueNAS certificate when adding a ingress to your App and Traefik does the rest!
|
||||
Please be aware that these certificates are not really secure, but are "good enough" for testing.
|
||||
|
||||
### Lets-Encrypt Certificates
|
||||
|
|
@ -17,26 +16,3 @@ After you managed to complete this, you should be able to select "iX Certificate
|
|||
|
||||
TrueNAS SCALE also allows you to manually import certificates, this is rather straight forward:
|
||||
Copy-Paste the keys into their respective boxes and hit `save`
|
||||
|
||||
|
||||
### Notes
|
||||
|
||||
There are a few known bugs, issues and/or oddities currently in regards to Certificates
|
||||
|
||||
##### Error during certificate creation
|
||||
|
||||
ACME (the system doing letsencrypt) is not super stable on TrueNAS SCALE currently. This is a SCALE issue and not (directly) related to TrueCharts.
|
||||
We suggest the following steps to limit the chance of errors during certificate creation:
|
||||
|
||||
- Use the DNS-Authenticators DNS server as TrueNAS SCALE DNS server under "Networking". For example, for cloudflare this would be `1.1.1.1`
|
||||
|
||||
- Use global Cloudflare API keys, not zoned Tokens
|
||||
|
||||
- Reboot after ACME errors
|
||||
|
||||
We sincerely hope iX Systems solves the ACME instabilities with due priority.
|
||||
|
||||
##### Traefik not accepting/using certificates
|
||||
|
||||
Sometimes you might notice Traefik ignores your certificate. This is most likely due to the domain on your certificate, being different from the domain you entered into the reverse proxy host box.
|
||||
Traefik requires your certificate to match the domain used for Ingress. This is an upstream design decision and something we can easily and safely disable.
|
||||
|
|
|
|||
|
|
@ -1,20 +0,0 @@
|
|||
# Ingress
|
||||
|
||||
Within TrueCharts our aim is to make it as easy as possible to secure your Apps. To support this we supply a seperate Traefik "ingress" app, which has been preconfigured to provide secure and fast connections.
|
||||
|
||||
To use Traefik as ingress, all you have to do is enable "ingress" in the App of your choice and fill out a little form.
|
||||
We currently require Traefik to be installed before you enable ingress on your App.
|
||||
|
||||
### Adding Certificates
|
||||
|
||||
To add certificates to Apps, we use the TrueNAS SCALE certificate storage. This means you first need to add Certificates to TrueNAS SCALE, after which you can select them when Installing or Editing your App.
|
||||
|
||||
### Notes
|
||||
|
||||
There are a few highlights to take into account when adding a ingress to an App:
|
||||
|
||||
##### Adding hosts is required
|
||||
|
||||
By default the hosts list is empty, this is due to upstream design choices and is a issue that is yet to be solved upstream.
|
||||
|
||||
However: adding hosts (preferably just one) is required for ANY app to function with a ingress enabled. Apps might not install and throw errors if you do not add any hosts.
|
||||
Loading…
Reference in New Issue