Hi everybody, Christian here. In this video, I show you the new reverse proxy traffic that I've been using the last weeks since I started to work more with Kubernetes and any cloud service deployments. I show you how to set up traffic on a Docker host to expose and load balance all your container applications with trusted SSL certs from Let's Encrypt. It's really cool and probably the most flexible reverse proxy that I've used so far.
What's also really cool is, if you want to protect your administrative web interfaces, SSH sessions, databases, or Kubernetes clusters with additional two-factor authentication, then take a look at the sponsor of this video, Teleport. Because with Teleport, you can protect and securely authenticate to your server's infrastructure, log any users' actions, and record sessions. You can install the free community edition completely self-hosted at no cost, so just download and try it out.
Guys, if you've watched some of my earlier videos about Docker or my home server project, you probably know that I've often used the Nginx Proxy Manager in my tutorials. The Nginx Proxy Manager is a simple reverse proxy that's based on the Nginx web server, which you can configure through a very simple and intuitive web interface. It's pretty cool, but I also had some problems with this project, as from time to time, it didn't work so well with automatic SSL renewal. It's probably the tutorial where I get the most questions on my Discord server and my YouTube comments so far.
Although Traffic might seem a little bit complex in the first place, I think, in the long term, it is very useful because I like software and applications that you need to learn once, and that probably will take some time, but it will also solve a variety of different problems for you, and you can use that in many different scenarios.
So now, in this section, we can customize our certificate resolver. So if you want to obtain any trusted SSL certs from Let's Encrypt, you can just go with these basic entries here. The only thing you would need to do is you need to replace this section here with your email address.
In this Docker Compose file, you simply can see that I just start Traffic and I don't configure it in any way because we are using the static configuration file to do all this stuff. And I don't need to add any labels or I don't need to add any command-line parameters to configure it. Now, the only thing I need is I need to create a volume to store the SSL certs because otherwise, any time you redeploy your container with Traffic, you probably would need to obtain a new SSL cert and you could hit some rate limits on Let's Encrypt, for example.
Now, we need to configure Traffic to expose this 'Nginx' container here. And we could now use several different ways of creating a dynamic configuration in Traffic so you can just go here to the entry points and the routers and create a new router for every container in the configuration file and all this stuff. So, you could do this in the YAML configuration file, but I'm using a different approach. I'm using the dynamic configuration in Docker labels.
So now I can reach this application and you can see that this certificate is not trusted, but don't worry
Q: What is the video 'Introduction to Reverse Proxy Traffic and Let's Encrypt SSL certs' about? A: The video explains how to set up reverse proxy traffic on a Docker host to expose and load balance container applications with SSL certs from Let's Encrypt. Q: What is Two-Factor Authentication with Teleport and why is it mentioned? A: Two-Factor Authentication with Teleport is a way to add an extra layer of security to administrative web interfaces, SSH sessions, databases, or Kubernetes clusters. It is mentioned in the context of enhancing security measures. Q: What is the comparison between Nginx Proxy Manager and Traffic? A: The comparison highlights the differences between Nginx Proxy Manager and Traffic, discussing the strengths and weaknesses of each, particularly in relation to SSL certificate renewal. Q: What does the video discuss about the functionality of Reverse Proxies and Load Balancers? A: The video explores the benefits of using Traffic as a reverse proxy and load balancer, emphasizing its usefulness in solving various problems efficiently once learned. Q: What can be customized in the Traffic configuration according to the content? A: The certificate resolver can be customized in the Traffic configuration to obtain trusted SSL certs from Let's Encrypt. This customization involves updating the email address in the configuration. Q: How is Traffic deployed and configured using Docker Compose? A: In the Docker Compose file provided, Traffic is started without additional configuration, utilizing a static configuration file. A separate volume is created to store SSL certs to avoid rate limits on Let's Encrypt. Q: How does one configure Traffic to expose the Nginx container dynamically? A: To expose the 'Nginx' container dynamically, Traffic can be configured using various methods, which include creating a new router for every container in the configuration file. Alternatively, dynamic configuration in Docker labels can also be used. Q: How can applications be secured with trusted SSL certs in Traffic as mentioned in the content? A: Applications can be secured with trusted SSL certs in Traffic, ensuring secure communication between clients and servers. The content mentions the importance of SSL certificates for security purposes.
