Linux

Install and configure Traefik Hub API Gateway.

Before You Begin

It is recommended that you have a basic understanding of Systemd. You should have access to a working virtual machine/host, either on a cloud provider or on your own infrastructure.

Please make sure that you have the following:

systemd
Traefik Hub binary
Networking requirements to make sure that the Traefik Hub API Gateway can communicate with Traefik Hub to validate the token.

To install Traefik Hub API Gateway, copy and paste the following instructions in /etc/systemd/system/traefik-hub.service. This will install Traefik Hub API Gateway.

Traefik Hub binary can be downloaded on https://github.com/traefik/hub/releases, e.g.:

VERSION=v3.5.1
ARCH=amd64
curl -L https://github.com/traefik/hub/releases/download/${VERSION}/traefik-hub_${VERSION}_linux_${ARCH}.tar.gz -o traefik-hub.tar.gz
tar xfvz traefik-hub.tar.gz
sudo mv traefik-hub-linux-amd64 /usr/local/bin/traefik-hub
sudo chmod +x /usr/local/bin/traefik-hub
rm -f traefik-hub.tar.gz

Copy the following systemd unit file to /etc/systemd/system/traefik-hub.service:

Install Traefik Hub API Gateway
[Unit]
Description=Traefik Hub
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service

[Service]
Restart=on-abnormal
User=traefik-hub
Group=traefik-hub
ExecStart=/usr/local/bin/traefik-hub --configfile=/etc/traefik-hub/traefik-hub.toml
; Use private /tmp and /var/tmp, which are discarded after traefik stops.
PrivateTmp=true
; Hide /home, /root, and /run/user. Nobody may have access to SSH-keys.
ProtectHome=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
; The following additional security directives only work with systemd v229 or later.
; They further restrict privileges that can be gained by traefik. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

Create the traefik-hub user, configuration directory and log file:

sudo useradd -r traefik-hub -s /usr/sbin/nologin
sudo mkdir /etc/traefik-hub
sudo touch /var/log/traefik-hub.log
sudo chown traefik-hub: /var/log/traefik-hub.log

Copy the following configuration file to /etc/traefik-hub/traefik-hub.toml:

Traefik Hub API Gateway config file
[hub]
  token = "YOUR-TRAEFIK-HUB-TOKEN"

[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.websecure]
    address = ":443"

[log]
  level = "INFO"
  filePath = "/var/log/traefik-hub.log"

# Enable API and dashboard
[api]

# Enable ping
[ping]

YOUR-TRAEFIK-HUB-TOKEN: Your token provided by Traefik Labs

Reload Daemon:

sudo systemctl daemon-reload

Enable Service:

sudo systemctl enable traefik-hub

Start Service:

sudo systemctl start traefik-hub

Check Status:

sudo systemctl status traefik-hub

Before You Begin​

Before You Begin