Advanced reverse proxy setup for managing multiple external projects with automatic SSL, load balancing, and comprehensive development stack
This repository provides a production-ready Traefik v3.0 configuration designed to manage multiple external projects with:
- ✅ Automatic HTTPS with Let's Encrypt SSL certificates
- ✅ Development Stack with PostgreSQL, MySQL, Redis, and Mailhog
- ✅ Security Middleware with rate limiting, CORS, and security headers
- ✅ Project Integration for Cyber-Nomad blog and Red Rum Racing AI
-
Setup the complete development stack:
./setup-dev.sh
-
Start all development services:
./manage.sh start-dev
-
Access development services:
- 🔧 Traefik Dashboard: https://traefik.localhost
- 🧪 Test Service: https://whoami.localhost
- 📧 Mailhog: https://mail.localhost
- 🗄️ PostgreSQL: localhost:5432 (devuser/devpass)
- 🗄️ MySQL 8.4.6: localhost:3306 (devuser/devpass)
- ⚡ Redis: localhost:6379
-
Setup production infrastructure:
./setup.sh
-
Configure production settings:
- Edit
traefik.prod.yml- replaceyour-email@example.com - Update admin password in
docker-compose.prod.yml
- Edit
-
Start production Traefik:
./manage.sh start
./setup-cyber-nomad.sh- 📝 Blog: https://cyber-nomad.localhost
- ⚙️ Admin: https://cyber-nomad.localhost/ghost
./setup-red-rum.sh- 🏇 API: https://red-rum.localhost
- 📊 Dashboard: https://dashboard.red-rum.localhost
- 📚 API Docs: https://red-rum.localhost/docs
- Traefik v3.0: Reverse proxy with automatic service discovery
- PostgreSQL 16: Primary database with
cyber_nomad,red_rum, andtest_dbdatabases - MySQL 8.4.6: Secondary database with matching databases
- Redis 7: Caching and session storage
- Mailhog: Email testing and development
- Cyber-Nomad Blog - Ghost 5-alpine blog platform
- Red Rum Racing AI - FastAPI horse racing handicapping system
global-traefik/
├── 🔧 Core Configuration
│ ├── docker-compose.dev.yml # Development stack (Traefik + DBs)
│ ├── docker-compose.prod.yml # Production Traefik
│ ├── traefik-dev.yml # Development static config
│ ├── traefik.prod.yml # Production static config
│ └── dynamic/middlewares.yml # Security & CORS middlewares
│
├── 🚀 Project Configurations
│ ├── docker-compose.cyber-nomad-final.yml # Ghost blog config
│ ├── setup-cyber-nomad.sh # Blog setup script
│ ├── setup-red-rum.sh # Racing AI setup script
│ └── test-red-rum.sh # Racing AI test suite
│
├── 🛠️ Management Scripts
│ ├── setup-dev.sh # Development environment setup
│ ├── setup.sh # Production setup
│ └── manage.sh # Service management
│
├── 📂 Data & Storage
│ ├── acme/ # SSL certificates (prod)
│ ├── certs/ # Self-signed certs (dev)
│ ├── logs/ # Traefik logs
│ ├── backups/ # Database backups
│ └── cyber-nomad/ # Blog content volume
│
└── 📋 Configuration Templates
├── .env.dev.example # Development environment
└── .env.prod.example # Production environment
- Host: localhost (external) / postgres-dev (internal)
- Credentials: devuser / devpass
- Databases:
cyber_nomad- Ghost blog datared_rum- Racing AI datatest_db- Development testing
- Host: localhost (external) / mysql-dev (internal)
- Credentials: devuser / devpass
- Databases: Same as PostgreSQL
- Features: Updated from 8.0, fixed authentication plugins
- Host: localhost (external) / redis-dev (internal)
- Use Cases: Caching, session storage, real-time data
All external projects connect via the traefik-dev network and use Traefik labels for routing.
version: "3.8"
services:
your-service:
image: your-app:latest
container_name: your-app
restart: unless-stopped
labels:
# Enable Traefik
- "traefik.enable=true"
# HTTPS router
- "traefik.http.routers.your-app.rule=Host(\`your-app.localhost\`)"
- "traefik.http.routers.your-app.entrypoints=https"
- "traefik.http.routers.your-app.tls=true"
- "traefik.http.services.your-app.loadbalancer.server.port=8000"
# HTTP redirect
- "traefik.http.routers.your-app-insecure.rule=Host(\`your-app.localhost\`)"
- "traefik.http.routers.your-app-insecure.entrypoints=http"
- "traefik.http.routers.your-app-insecure.middlewares=redirect-to-https"
# HTTPS redirect middleware
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
networks:
- traefik-dev
networks:
traefik-dev:
external: trueThe Ghost blog connects to the global MySQL database:
services:
cyber-nomad-blog:
image: ghost:5-alpine
environment:
- url=https://cyber-nomad.localhost
- database__client=mysql
- database__connection__host=mysql-dev
- database__connection__user=devuser
- database__connection__password=devpass
- database__connection__database=cyber_nomad
labels:
- "traefik.http.routers.cyber-nomad.rule=Host(\`cyber-nomad.localhost\`)"
# ... Traefik configuration
networks:
- traefik-devThe FastAPI application connects to PostgreSQL and Redis:
services:
racing-ai-api:
image: python:3.11-slim
environment:
- DATABASE_URL=postgresql://devuser:devpass@postgres-dev/red_rum
- REDIS_URL=redis://redis-dev:6379
labels:
- "traefik.http.routers.red-rum-api.rule=Host(\`red-rum.localhost\`)"
# ... Traefik configuration
networks:
- traefik-devGenerate a new password hash:
htpasswd -nb admin yourpasswordUpdate the traefik.http.middlewares.auth.basicauth.users label in production config.
- Development: Self-signed certificates for
*.localhostdomains - Production: Let's Encrypt automatic SSL with email notifications
- Staging: Uncomment staging configuration for testing
security-headers: HSTS, XSS protection, content-type sniffing protectionrate-limit: Rate limiting (10 req/sec, burst 50)cors: Cross-origin resource sharing for APIsadmin-whitelist: IP whitelist for admin areasauth: Basic authentication for protected areas
-
Traefik Dashboard: https://traefik.localhost
- View all active routers and services
- Monitor SSL certificate status
- Check middleware configurations
-
Application Logs:
# Traefik logs docker logs traefik-dev -f # Database logs docker logs postgres-dev -f docker logs mysql-dev -f # Project logs docker logs cyber-nomad-blog -f docker logs racing-ai-simple -f
# Run Red Rum test suite
./test-red-rum.sh
# Manual service testing
curl -k https://traefik.localhost # Dashboard
curl -k https://whoami.localhost # Test service
curl -k https://mail.localhost # Mailhog
curl -k https://cyber-nomad.localhost # Ghost blog
curl -k https://red-rum.localhost # Racing AI API# PostgreSQL connection
docker exec -it postgres-dev psql -U devuser -d red_rum
# MySQL connection
docker exec -it mysql-dev mysql -u devuser -pdevpass cyber_nomad
# Redis connection
docker exec -it redis-dev redis-cli ping- Access Logs: Available in
./logs/directory with detailed request information - Health Checks: Built-in service health monitoring with automatic failover
- SSL Monitoring: Automatic certificate renewal with email notifications
# Start development environment
./manage.sh start-dev
# Stop all services
./manage.sh stop-dev
# Restart specific service
docker restart traefik-dev
docker restart postgres-dev
docker restart mysql-dev
# View service status
docker ps | grep -E "(traefik|postgres|mysql|redis|cyber|racing)"# Create database backups
docker exec postgres-dev pg_dump -U devuser red_rum > backups/red_rum_$(date +%Y%m%d).sql
docker exec mysql-dev mysqldump -u devuser -pdevpass cyber_nomad > backups/cyber_nomad_$(date +%Y%m%d).sql
# Restore database backups
docker exec -i postgres-dev psql -U devuser red_rum < backups/red_rum_backup.sql
docker exec -i mysql-dev mysql -u devuser -pdevpass cyber_nomad < backups/cyber_nomad_backup.sql# Inspect traefik network
docker network inspect traefik-dev
# List connected containers
docker network inspect traefik-dev --format='{{range .Containers}}{{.Name}}: {{.IPv4Address}}{{"\n"}}{{end}}'
# Recreate network if needed
docker network rm traefik-dev
docker network create traefik-dev# Check if service is running
docker ps | grep service-name
# Verify Traefik labels
docker inspect service-name | grep -A 20 Labels
# Check Traefik routing
curl -k http://localhost:8080/api/http/routers | jq# Check certificate status
curl -k https://traefik.localhost/api/http/routers | jq '.[] | select(.name | contains("service-name"))'
# Force certificate renewal (production)
docker exec traefik-prod rm -rf /etc/traefik/acme/acme.json
docker restart traefik-prod# Test database connectivity
docker exec postgres-dev pg_isready -U devuser
docker exec mysql-dev mysqladmin -u devuser -pdevpass ping
# Check database logs
docker logs postgres-dev --tail 50
docker logs mysql-dev --tail 50# Verify network membership
docker network inspect traefik-dev | grep -A 5 service-name
# Reconnect to network
docker network disconnect traefik-dev service-name
docker network connect traefik-dev service-name# Stop all services
./manage.sh stop-dev
# Remove all containers (preserves data volumes)
docker container prune -f
# Restart environment
./setup-dev.sh
./manage.sh start-dev# List volumes
docker volume ls | grep -E "(cyber|red_rum|postgres|mysql)"
# Backup volumes
docker run --rm -v cyber_nomad_content:/data -v $(pwd)/backups:/backup alpine tar czf /backup/cyber_nomad_content_$(date +%Y%m%d).tar.gz -C /data .
# Restore volumes
docker run --rm -v cyber_nomad_content:/data -v $(pwd)/backups:/backup alpine tar xzf /backup/cyber_nomad_content_backup.tar.gz -C /data- ✅ Traefik v3.0 - Running and healthy
- ✅ PostgreSQL 16 - Upgraded and optimized
- ✅ MySQL 8.4.6 - Recently upgraded from 8.0
- ✅ Redis 7 - Caching and session storage
- ✅ Mailhog - Email development testing
- 🚧 Cyber-Nomad Blog - Ghost 5-alpine, MySQL integration
- 🚧 Red Rum Racing AI - FastAPI, PostgreSQL + Redis integration
- Complete project deployments with respective Copilot agents
- Set up production SSL certificates
- Configure domain routing for production
- Implement monitoring and alerting
- Traefik v3.0 Documentation
- Docker Compose Documentation
- Let's Encrypt Documentation
- Ghost Documentation
- FastAPI Documentation
This infrastructure supports rapid development and deployment of new projects. To add a new project:
- Create project-specific docker-compose configuration
- Add Traefik labels for routing
- Connect to
traefik-devnetwork - Use existing databases or add new ones as needed
- Create setup script for automated deployment
This project is open source and available under the MIT License.
Last Updated: July 30, 2025
Version: 2.0.0 - Comprehensive infrastructure with integrated projects
Maintainer: Global Traefik Infrastructure Team