Traefik: Reverse Proxy with Configuration Discovery and Let's Encrypt

You might already know the “cloud native” proxy Traefik from Kubernetes. Or not, as Kubernetes hides most of the configuration from you. But Traefik can be really useful on its own and has a lot of functionality. I find two of its features especially useful for smaller servers ot home servers: the configuration/service discovery and Traefiks ability to resolve and renew Let’s Encrypt certificates.

Traefik Configuration Discovery

Traefik configuration discovery decouples the service configuration from the proxy configuration. Instead of editing a proxy config file every time you want to add a new webpage, you place the configuration at a known source and let Traefik pick it up. This allows for modular deployments where the services that Traefik serves do not have to be known beforehand with minimal downtime of the proxy.

Traefik can watch multiple sources for new configurations of services that it shall act as a proxy for. The service configurations can be read from a file, etcd, Redis and others. One particularly useful variant is the Docker configuration discovery where Traefik reads the configuration from the labels of a running container.

Automatic Lets’t Encrypt certificates with Traefik

Traefik is able to obtain Let’s Encrypt certificates for the domains of your services. When discovering a new configuration, for instance when a docker container starts up, Traefik will check wether SSL is required and how the certificate shall be resolved. If the ACME resolver is selected, Traefik will obtain a SSL certificate for the domain the service will run on and also keep it up to date.
The domain in question has to point to the server that runs Traefik, of course.

The following example shows how to set up Traefik in a Docker container and discover services on the same Docker network, serving them with SSL certificates. I will reuse the jumphost VM created in my guide for Azure VM Deployment With Ansible.

Read More

Azure VM Deployment With Ansible

Lately, I wanted to try some web service that would scale to multiple machines so putting them in the cloud seemed to be a good idea.

But before scaling a set of machines, I need a single VM that can do some monitoring and also serve as a jumphost to reach the scale set. I turned the resulting Ansible script into this howto for deploying VMs on Azure with Ansible.

For tasks like that, everyone else is using AWS and Terraform, so I thought: too mainstream. Instead, I went with Azure and Ansible.

Read More

Squeezefix Update v1.1.0: Fujifilm X-T4 Support

v1.1.0 of Squeezefix is out! Finally with support for newer Fujifilm Cameras. I tested everything with an X-T4 and X-T10, but the script might also work with other Fujifilm cameras. I just don’t have these lying around.

Read More

Monero Mining on Raspberry Pis

Apparently mining Monero on Raspberry Pis seems to be all the rave now? So let’s try:

I had 5 Raspi 3B and one 4B 8GB lying around…

Read More

Debugging PHP in an alpine docker container

Don’t we all have that annoying buggy app that should be fixed but works just enough to not do it right now? Well, for me that was my Bookstack wiki that took around 3 sec for every page load. So I will share what I learned and how I fixed it.

Read More

Self signed certificates that Chrome will accept

Starting with version 58 in 2017 Chrome only accepts certificates that not only define the domain name in the commonName field of the certificate but also the subjectAltName. By doing so they brought their implementation more in line with RFC2818 as Mozilla has done with Firefox 48. Unfortunaltely some tools like the popular script do not support the new field in a convenient manner. But you can generate self signed certificates with that newer Chrome and Firefox versions will accept. Here is how to monkeypatch the problem away.

Read More

Raspberry Pi HQ Camera vs Logitech c922

Update 2022-04-26: In a newer post I compare the contemporary webcams of 2022: Logitech StreamCam, Logitech Brio, Razer Kiyo Pro and Elgato Facecam.

During the supply shortages of 2020 I always wondered wether my Raspberry Pi High Quality Camera would have better image quality in Zoom than the Logitech c922 I normally use. Now that you can again order any webcam at a reasonable price I finally got around to test which one is better.

Focus of the tests are less pixel peeping and more a qualitiative result wether it would be worthwile to check out the Raspberry Pi High Quality Camera as a streaming option.

Read More

Name your docker bridges with Ansible

I recently wanted to debug something on my linux server and listed all bridges. The output was disappointing. All bridges were named with random strings like this:


I create all my bridges with ansible and it seems that the ansible docker_network module is not very good at naming things in a human readable way. But there is a way you can influence the system bridge names when using docker through ansible.

Read More

Streaming with the Raspberry Pi High Quality Camera

Update 2022-04-03: Since I published this post, Raspbian evolved into Raspberry Pi OS with its current version Bullseye. There, the old camera stack was replaced with libcamera and the old commands like raspivid and raspistill are now deprecated. If you want to check out the new commands, see Raspberry Pi Streaming update: Raspberry Pi OS.

The introduction of the Raspberry Pi High Quality Camera in 2020 has been a perfect excuse for me to acquire new hardware. After some initial tests and use as toy cam, I wanted to build a high quality streaming unit that I could place somewhere nice and watch the images at home. Of course you could buy something like that from off the shelf. But who does that when you can go through the whole development process by yourself and end up with an inferior product at a much higher cost?

Now I had some initial problems getting the stream to work but I found solutions for 3 media tools that I want to share.

Read More

7 days of gather the learnings

Our team is consulting a telco customer and due to the pandemic we all have to work from home. To mitigate the negative effects of remote work we all have been taking part in a continuous Zoom session during the work day. Most of the time our cameras are turned on, so we can see each other kinda like in an office. Everyone from the team would be present in the main Zoom room, moving to breakout rooms as necessary.

Unfortunately, after a while some problems became evident:

  • Every time someone starts to talk in the main room, everyone would hear it even if they don’t want to
  • Everyone in the room is beeing addressed as if he was the person in focus even if they aren’t
  • Lot’s of people don’t want to have a camera in their face all the time
  • Finding people in breakout rooms is tedious

During a virtual retreat we learned about, which is basically what happens if you crossbreed Zoom with Zelda. After initial positive reactions we decided to give it a try in our team.

Read More