Traefik is the central reverse proxy, routing all HTTPS traffic to services via subdomain, handling TLS termination and certificate management.
- Category: infrastructure
- Phase: 1
- Server: lab-proxy1 (10.0.50.15)
- Ports: 80 (HTTP), 443 (HTTPS), 8080 (Dashboard)
| Dependency | Type | Required For |
|---|---|---|
| FreeIPA | Identity | User directory |
| Keycloak | SSO | Authentication |
| PostgreSQL | Database | Data persistence |
| Redis | Cache | Sessions/queues |
| Traefik | Proxy | HTTPS routing |
User → Traefik (HTTPS) → traefik → PostgreSQL (data)
↗ Keycloak (auth)
↗ Redis (sessions)
- All traffic over TLS via Traefik
- Authentication delegated to Keycloak OIDC
- Database credentials via Ansible Vault
- Logs shipped to Graylog