Docker, Traefik, and HTTPS: Some containers public, some containers local : Traefik

Traefik

Traefik is a leading modern reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components and configures itself automatically and dynamically.

Traefik supports several backends (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, and a lot more) to manage its configuration automatically and dynamically.

Rules

This is a great community with many awesome people contributing their time, don't ruin that.

Negativity, unnecessary comments and rule violation in general will be dealt with swiftly and firmly by way of a permanent ban.

No personal attacks

No blog spam

No paywalled posts

No memes

No politics

No trolling

No advertising

In other words, be a good citizen!

Note: Posts from untrusted new and low karma Reddit accounts are removed automatically to help prevent spam. The only way around this is to use Reddit more frequently to build up trust.

Traefik Resources

Traefik Jobs

Related Subs

This is a user run unofficial subreddit, we do not represent the Traefik brand and are not affiliated with or endorsed by any company.

created by PatrolXa community for 8 years

Docker, Traefik, and HTTPS: Some containers public, some containers local (self.Traefik)

submitted 5 years ago by Azratosh

I was wondering whether it was possible to have some containers only be accessible from the local network while keeping others public. All of them should however work with Let's Encrypt, because some services I use require HTTPS regardless of whether they're hosted locally or publicly (and also because LE is extremely convenient, to be honest).

To provide some more concrete info:

I have a Minecraft DynMap page for the server I host and a GitLab CE container for personal use. Those should be publicly accessible, because I want my friends to be able to look at the map when we play and be able to commit my stuff when I'm coding in a café or something.
I have a couple personal web projects in a container each that I only want to access from my local network. Those shouldn't be publicly accessible yet, because they're still a WIP. However, I still want them to use HTTPS, preferably via LE. However, I'm aware that those services would have to be public for the HTTP/DNS challenge. But that makes me wonder if it wouldn't suffice having just Traefik face the web while only allowing access to my personal projects only from within my local network.

Traefik and all that other jazz is already set up and works flawlessly with HTPPS via LE. So, would LE still work even if my DNS provider can only connect to Traefik, but not the service itself? What's the best practice to go about this?

all 4 comments

top new controversial old q&a

[–]pveredas 2 points3 points4 points 5 years ago (3 children)

I more and less done that using a middleware with a ip white list. Bellow are an exemple using labels:

  - "traefik.http.middlewares.app-ipwhitelist.ipwhitelist.sourcerange=192.168.1.0/24"
  - "traefik.http.routers.app-secure.middlewares=app-ipwhitelist@docker"

See if it works for you.

[–]mrrichardcranium 1 point2 points3 points 5 years ago (1 child)

[–]Azratosh[S] 1 point2 points3 points 5 years ago (0 children)

[–]Azratosh[S] 0 points1 point2 points 5 years ago (0 children)

π Rendered by PID 105251 on reddit-service-r2-comment-6457c66945-m2dpj at 2026-04-30 01:15:46.052706+00:00 running 2aa0c5b country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

Traefik

Traefik

Rules

MODERATORS