schmurnan

schmurnan, 10 months ago

OK so made a start with this. Spun up a Pi-hole container, added mydomain.com as an A record in Local DNS, and created a CNAME for traefik.mydomain.com to point to mydomain.com.

In Cloudflare, I removed the mydomain.com A record and the www CNAME record.

Doing an nslookup on mydomain.com I get

<span style="color:#323232;">Non-authoritative answer:
</span><span style="color:#323232;">*** Can't find mydomain.com: No answer
</span>

Which I guess is to be expected.

However, when I then navigate to traefik.mydomain.com in my browser, I’m met with a Cloudflare error page: https://imgur.com/XhKOywo.

Below is the docker-compose of my traefik container:

<span style="color:#323232;">traefik:
</span><span style="color:#323232;">    container_name: traefik
</span><span style="color:#323232;">    image: traefik:latest
</span><span style="color:#323232;">    restart: unless-stopped
</span><span style="color:#323232;">    networks:
</span><span style="color:#323232;">      - medianet
</span><span style="color:#323232;">    ports:
</span><span style="color:#323232;">      - 80:80
</span><span style="color:#323232;">      - 443:443
</span><span style="color:#323232;">    expose:
</span><span style="color:#323232;">      - 8080
</span><span style="color:#323232;">    volumes:
</span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro
</span><span style="color:#323232;">      - /var/run/docker.sock:/var/run/docker.sock:ro
</span><span style="color:#323232;">      - /volume1/docker/traefik:/etc/traefik
</span><span style="color:#323232;">      - /volume1/docker/traefik/access.log:/logs/access.log
</span><span style="color:#323232;">      - /volume1/docker/traefik/traefik.log:/logs/traefik.log
</span><span style="color:#323232;">      - /volume1/docker/traefik/acme/acme.json:/acme.json
</span><span style="color:#323232;">    environment:
</span><span style="color:#323232;">      - TZ=Europe/London
</span><span style="color:#323232;">    labels:
</span><span style="color:#323232;">      - traefik.enable=true
</span><span style="color:#323232;">      - traefik.http.routers.traefik.rule=Host(`$TRAEFIK_DASHBOARD_HOST`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
</span><span style="color:#323232;">      - traefik.http.routers.traefik.service=api@internal
</span><span style="color:#323232;">      - traefik.http.routers.traefik.entrypoints=traefik
</span>

My traefik.yml is also nice and basic at this point:

<span style="color:#323232;">global:
</span><span style="color:#323232;">  sendAnonymousUsage: false
</span><span style="color:#323232;">
</span><span style="color:#323232;">entryPoints:
</span><span style="color:#323232;">  web:
</span><span style="color:#323232;">    address: ":80"
</span><span style="color:#323232;">  traefik:
</span><span style="color:#323232;">    address: "8080"
</span><span style="color:#323232;">
</span><span style="color:#323232;">api:
</span><span style="color:#323232;">  dashboard: true
</span><span style="color:#323232;">  insecure: true
</span><span style="color:#323232;">
</span><span style="color:#323232;">providers:
</span><span style="color:#323232;">  docker:
</span><span style="color:#323232;">    endpoint: "unix:///var/run/docker.sock"
</span><span style="color:#323232;">    watch: true
</span><span style="color:#323232;">    exposedByDefault: false
</span><span style="color:#323232;">
</span><span style="color:#323232;">log:
</span><span style="color:#323232;">  filePath: traefik.log
</span><span style="color:#323232;">  level: DEBUG
</span><span style="color:#323232;">
</span><span style="color:#323232;">accessLog:
</span><span style="color:#323232;">  filePath: access.log
</span><span style="color:#323232;">  bufferingSize: 100
</span>

Any ideas what’s going wrong? I’m unclear on why the domain is still routing to Cloudflare.

schmurnan, 10 months ago

Actually, no I don’t see anything coming through.

So the IP address of my router is 192.168.1.1, IP of my NAS is 192.168.1.116.

Checked the DNS on my Mac and it’s 192.168.1.1. Checked the DNS on my NAS and it’s 192.168.1.1. I changed the DNS in my router to 192.168.1.116.

Have I missed a step somewhere?

schmurnan, 10 months ago (edited 10 months ago)

I wasn’t planning on using Pi-hole for DHCP - I have a LOT of reserved addresses on my network and I don’t fancy having to move them all over. My hope had been to use Pi-hole for DNS but keep the DHCP reservation with the router.

I’ve manually updated the DNS on my Mac to 192.168.1.116 and I can now access the Traefik dashboard via traefik.mydomain.com:8080 (so, getting there). So some kind of issue with the DNS on my router I think - caching maybe?

schmurnan, 10 months ago (edited 10 months ago)

I’ve just added in a macvlan network to my Pi-hole compose as well, not sure if it’s making any difference or not.

schmurnan, 10 months ago

Figured it out. It’s a weird setting on Netgear routers whereby you have to also update the MAC address. All been working well for the last few hours and getting queries running through Pi-hole.

I’ve also got my Homepage container setup at home.mydomain.com and configured Traefik a little further so it’s now accessible from traefik.mydomain.com (no port).

For the past few hours I’ve been struggling with getting Pi-hole behind Traefik and accessible using pihole.mydomain.com. Only works if I stick /admin on the end, which defeats the object of using a subdomain. Found a forum post suggesting to use Traefik’s addPrefix after declaring the Host as pihole.mydomain.com, which works great for accessing the login screen, but when you enter the password it just loops back to the login screen.

Also tried a few other things that ultimately broke the Pi-hole container and took out my entire connection, as everything is dependent on Pi-hole for DNS! So need to figure out some kind of resiliency/backup for that (my router is using the NAS IP as it’s primary and only DNS server).

So, some progress. I’ve set Pi-hope back to IP:port and I’m gonna focus on getting other containers behind Traefik and leave Pi-hole till last. Then and only then will I look at SSL certificates (unless it’s advised to do it earlier?)

Any pointers on any of the above would be appreciated! And thanks again for getting me this far.