Customize main docker compose and traefik config

In this guide, we'll show you how to customize the default docker compose file of tipi and the traefik config.

⚠️

This guide is for advanced users who are familiar with docker and traefik. If you break the config we won't be able to support you.

Example use cases

Enable the traefik dashboard
Add an extra volume to the worker/dashboard containers
Use a dns challenge with traefik

Create a custom docker compose file

In this example we will expose the traefik dashboard by editing the main tipi compose file.

Firstly we need to figure out what port traefik dashboard uses (which is 8080) and what is the name of the docker container of traefik (which we can learn from the docker-compose.yml) which is runtipi-reverse-proxy in this case.

💡

Don't edit the docker-compose.yml file directly because it will be overwritten in every restart of tipi.

Create the file tipi-compose.yml in the user-config directory within the runtipi folder.

nano user-config/tipi-compose.yml

You should have this file structure:

- tipi-compose.yml

Restart tipi and test the changes

./runtipi-cli restart

After restarting you should be able to see the traefik dashboard by visiting localhost (opens in a new tab) (in your tipi server)

Edit the traefik config file

In this example we will use a dns challenge in traefik using cloudflare.

Firstly we need to figure out what changes we should do. Very helpful can be the docs of traefik here (opens in a new tab), specifically we are interested in this (opens in a new tab) section and in this (opens in a new tab) config.

The default traefik config is this:

api:
  dashboard: true
  insecure: true
 
providers:
  docker:
    endpoint: 'unix:///var/run/docker.sock'
    watch: true
    exposedByDefault: false
  file:
    directory: /root/.config/dynamic
    watch: true
 
entryPoints:
  web:
    address: ':80'
  websecure:
    address: ':443'
    http:
      tls:
        certResolver: myresolver
 
certificatesResolvers:
  myresolver:
    acme:
      email: acme@thisprops.com
      storage: /shared/acme.json
      httpChallenge:
        entryPoint: web
 
log:
  level: ERROR

So according to traefik we need to change the certificatesResolvers and include the cloudflare config. So after editing we should have something like this:

api:
  dashboard: true
  insecure: true
 
providers:
  docker:
    endpoint: 'unix:///var/run/docker.sock'
    watch: true
    exposedByDefault: false
  file:
    directory: /root/.config/dynamic
    watch: true
 
entryPoints:
  web:
    address: ':80'
  websecure:
    address: ':443'
    http:
      tls:
        certResolver: myresolver
 
certificatesResolvers:
  myresolver:
    acme:
      email: acme@thisprops.com
      storage: /shared/acme.json
      dnsChallenge:
        provider: cloudflare
        delayBeforeCheck: 0
        resolvers:
          - '1.1.1.1:53'
          - '8.8.8.8:53'
 
log:
  level: ERROR

Also we will need to use the previous step here and add this:

version: '3.9'
services:
  tipi-reverse-proxy:
    environment:
      - CF_DNS_API_TOKEN=sometoken

💡

Make sure to replace the previous content of the tipi-compose.yml or add the extra changes in one yaml scheme else docker won't work.

Now we can edit the traefik file

nano traefik/traefik.yml

Add your changes

So in this case we can either replace either everything or just the certificatesResolvers part.

Restart your tipi and the traefik config should be persisted

./runtipi-cli restart

Customize app config Expose your apps