The traefik-deployment.yml
base manifest desribes a classical 1-node
deployment of a Træfik reverse-proxy, that can be deployed in
BOSH-Lite.
It enables a TLS endpoint with a custom certificate named traefik_tls
,
signed by a custom Certificate Authority named traefik_ca
. When you need
your Certificate Authority, or your certificate to be used, upload it in
CredHub with the correct //<director-name>/<deployment-name>/<variable-name>
path or put it in your --vars-store
file prior to deploying.
This Operation File is an example of how you can tweak the BOSH-Lite default cloud config and use Træfik as the main reverse-proxy in front of Cloud Foundry routers in BOSH-Lite.
This operations file is an example of how to tweak the base deployment and use Træfik as the main reverse-proxy in front of Cloud Foundry routers in BOSH-Lite.
This operation file enables the automatic provisioning of Let's Encrypt TLS certificates. The HTTP-01 challenge is used.
When the default kind-of-self-signed TLS certificate doesn't suit your needs, then use this operation file to remove it.
(With v1.1.0 and before, default TLS certificates were necessary for the HTTPS
challenge to properly work. Now with v1.2.0 and onwards using the HTTP-01
challenge, the default TLS certificate must be deactivated, so this ops file
has been inlined into enable-lets-encrypt.yml
.)
This operation file enables the [api]
section of the configuration. This
provides an HTTPS entry-point for viewing the Træfik config through a
read-only web UI (but a read-write API). This managment UI runs on port 8443
and is protected by a Digest Auth username and password.
Set a static IP to the Træfik reverse-proxy.
Allows to customize the deployment name.
Allows to customize the network name.
By default, the default deployment manifest pins this release version to the
latest final version available. When iterating on newer versions of this BOSH
release, you'll be interested in using the latest
release that has been
uploaded to the BOSH Director. This is exactly what's provided by this
operations file.
This operation file enables the web
backend for viewing the Træfik config
through a read-only web UI. This managment UI runs on port 8080
and is
protected by a Basic Auth username and password.
This alone is not compatible with the default cf-integration.yml
ops file
that assumes the web
backend is accessible on th 8443
port in order to
expose it on the main TLS entrypoint for a certain host. In such case, you'll
also need the enable-web-backend-tls.yml
ops file.
Together with enable-web-backend.yml
, this enables TLS on the web
backend,
and have it served on port 8443
.
This is required when using enable-web-backend.yml
with the
cf-integration.yml
ops file.
This operation file enables the web
backend for modifying the Træfik config
through a read-only web UI and a read-write API. Enabling this is discouraged
in production, unless proper access restrictions are applied on the web
backend, and TLS is enabled.