Hi there,
I’m new to openBalena and trying to get it up and running in our environment. Normally we use traefik as our reverse proxy which works great and makes flexible deployment quite easy. I’m now analyzing the ha-proxy/cert-manager config and the design patterns behind it.
At the moment, it looks like quite an inconvenient and hard to read service-build, which could be much easier to configure with traefik.
Before I start to do this on my own, I’ll just want to know if someone already tried it, or somebody knows a reason why this could not work.
Also, would the project be interested in a migration to traefik, or would this never ever happen?
I’m not sure whether I want to go down the road to maintain my own implementation of the openBalena stack or just try to modify the given configuration as less as possible.
But what’s your opinion about this topic?
Hello and welcome to the Balena Community!
Using Traefik as the reverse proxy is currently not supported. If you go look at the HAProxy config you can see openbalena uses an ACL to filter between VPN and HTTPS traffic.
I’ve recently looked at Traefik again and I do see the possibility to write your own TCP middleware. Maybe some sort of ACL equivalent can be added to Traefik this way, but I haven’t had the time to investigate it further.
The other option which would make it fully possible without the need of big changes is running the VPN on a different port than 443. Do note that some corporate firewalls do block all ports except 443, 80 (outgoing)
Best regards
GoogleIt
Hi,
Welcome to the forum. I don’t think we have had a similar 1:1 for use of Trafeik yet in our stack. We did have a repo which supported Trafeik stack over balena. Check here: GitHub - klutchell/balena-traefik: traefik stack for balenaCloud to proxy https domains to internal services
Adoption depends on many other constraints and community support. But we encourage experimentation and openBalena provides flexibility to attend to different needs. Do let us about your journey with this work and if we can help answer questions along the way.
Regards,
Nitish