The majority of Traefik tutorials all have the same problem, they expose all services routed through Traefik to the Internet. This is bad from a security perspective and increases the attack surface for your homelab. It's not a good idea to externalise Portainer, PiHole, Vaultwarden etc...
In this video I provide 3 options to restrict access to applications so you can specify exactly which services you want to expose and to which clients. Let's secure Traefik now!
Traefik Docker Files:
https://github.com/JamesTurland/JimsGarage/tree/main/Traefik-Secure
Recommended Hardware: https://github.com/JamesTurland/JimsGarage/blob/main/Homelab-Buyer's-Guide/Q3-2023.md
Discord: https://discord.gg/qW5vEBekz5
Twitter: https://twitter.com/jimsgarage_
Reddit: https://www.reddit.com/user/Jims-Garage
GitHub: https://github.com/JamesTurland/JimsGarage
00:00 - Introduction to the Traefik 'Security Problem'
01:29 - Demonstrating the 'Problem'
03:23 - Option 1: Cloudflare Proxy
05:00 - Option 2: Multiple Traefik Entrypoints
14:44 - Option 3: Traefik WhiteList
19:20 - Bonus Option: Deploy Two Traefik Instances
20:30 - Outro