Setting up the ADS panel behind Traefik

[Liquidtouch]

Are there any examples of configuring this to run behind a Traefik reverse proxy with Google OAuth by chance? Or is it better to run this on its own docker network and utilize AMPs method which I believe is NGINX?

Update: I got the ADS panel accessible through Traefik reverse proxy and OAuth. Now just need to figure out how to route the game server through traefik.

[Liquidtouch]

Got it working! AMP Panel can be connected to via "amp.domain.com" which is behind Oauth and Traefik2 reverse proxy. Instances can be fired up and their game servers connected to via "game.domain.com" within the game. Superslick! If anyones looking to do this I can probably provide some instructions, was a great entry into learning docker and reverse proxies.

[MitchTalmadge]

Hey sorry for not getting back to you and I'm glad you got it working! I'm not familiar with this system but I bet that instructions could be helpful to others if you wanted to take the time to write them :)

[Liquidtouch]

No worries, see below. I also cross posted the instructions and linked back to your container on htpcBeginners repo. Hope thats ok!

[MitchTalmadge]

Yep totally okay! Really great writeup :)

[Liquidtouch]

The base of my server build is based on the work and instructions done by Anand and Seth of SmartHome Beginner. So for that I will just refer to the work they've already done. Use these resources to get Docker-Compose, Google Oauth, Traefik 2, and the DNS settings for your domain setup and running as well as anything else you want like Plex.

Github: https://github.com/htpcBeginner/docker-traefik
Guide: https://www.smarthomebeginner.com/traefik-2-docker-tutorial/

Note: The guide is quite extensive and their server build is constantly improving/evolving so I'd recommend starting with the github docker files and using the comments in those. Then if anything isn't clear use the guide.

Assuming you have that setup and working to add AMP-dockerized what I did was:

1. Under the Traefik service in your docker-compose.yml add TCP and/or UDP entry points for whatever game servers you are planning on running. These are placed underneath the existing http and https entryPoints for ports 80 and 443. If you are planning on creating multiple servers of the same game make sure you make entrypoints for each one with different ports. Example for TCP minecraft ports and a Factorio UDP port:

- --entryPoints.minecraft1.address=:25565/tcp
- --entryPoints.minecraft1.address=:25566/tcp
- --entryPoints.factorio1.address=:34197/udp

2. Under the Traefik service in your docker-compose.yml add the ports for whatever game servers you are planning on running. These can be listed under the pre-existing ports:

- 25565:25565/tcp
- 25566:25566/tcp
- 34197:34197/udp

3. Edit and copy MitchTalmadge's AMP-Dockerized container into your docker-compose.yml. This is only the code beginning with amp: as everything else should already by in your docker-compose file.

4. Under the Amp service comment out all of the ports using #. These will all be handled by Traefik.

#- "8080:8080"

5. Under the Amp service create a new section beneath the environment: section called labels: and ensure that it begins in the same column as environment:. This is where the Traefik 2 routers, middleware, and endpoints will be created.

6. To create an entry point and make the Main ADS instance accessible via your domain add under the labels: section:

- "traefik.enable=true"
- "traefik.http.routers.amp-rtr.entrypoints=https"
- "traefik.http.routers.amp-rtr.rule=Host(amp.$DOMAINNAME0)"
- "traefik.http.routers.amp-rtr.tls=true"

7. To place ADS behind the Google Oauth middleware add the following:

- "traefik.http.routers.amp-rtr.middlewares=chain-oauth@file"

8. Next add the following two lines to create the service that will connect the entrypoint and router from "amp.domain.com" to port 8080 of this container:

- "traefik.http.routers.amp-rtr.service=amp-svc"
- "traefik.http.services.amp-svc.loadbalancer.server.port=8080"

9. Now we need to create routers that connect the traefik entrypoints we created in Step 1 to the AMP Instances you will be creating for your game servers. These will need to be customized based on whatever game servers you will be running. Each one will need a tcp or udp router that connects to an entrypoint created in Step 1.

Example Minecraft (TCP)

- "traefik.tcp.routers.minecraft1-rtr.entrypoints=minecraft1"
- "traefik.tcp.routers.minecraft1-rtr.rule=HostSNI(*)"
- "traefik.tcp.routers.minecraft1-rtr.service=minecraft1-svc"
- "traefik.tcp.services.minecraft1-svc.loadbalancer.server.port=25565"

Example Minecraft2 (TCP)

- "traefik.tcp.routers.minecraft2-rtr.entrypoints=minecraft2"
- "traefik.tcp.routers.minecraft2-rtr.rule=HostSNI(*)"
- "traefik.tcp.routers.minecraft2-rtr.service=minecraft2-svc"
- "traefik.tcp.services.minecraft2-svc.loadbalancer.server.port=25566"

Example Factorio (UDP)

- "traefik.udp.routers.factorio-rtr.entrypoints=factorio"
- "traefik.udp.routers.factorio-rtr.service=factorio-svc"
- "traefik.udp.services.factorio-svc.loadbalancer.server.port=34197"

10. Finally you need to update the DNS settings for your domain. Create new A records for each game server that point to your WAN IP address. So your A records should look like:

A Record 1: Name = domain.com IPv4 Address = 10.10.10.10
A Record 2: Name = minecraft IPv4 Address = 10.10.10.10
A Record 3: Name = minecraft2 IPv4 Address = 10.10.10.10
etc.

These would make your servers accessible at "minecraft.domain.com" and "minecraft2.domain.com" set them to be whatever you want.

11. Last create SRV records in your DNS records so you won't need to add ports to the end of your subdomains when entering them in game.

SRV Record 1: Name = minecraft Service = _minecraft1 Protocol = TCP Priority = 0 Weight = 0 Port = 25565 Target = minecraft.domain.com TTL = Auto

SRV Record 1: Name = minecraft2 Service = _minecraft1 Protocol = TCP Priority = 0 Weight = 0 Port = 25566 Target = minecraft2.domain.com TTL = Auto

If everything is working correctly you should be able to fire up your docker-compose file and connect to AMP. Navigating to "amp.domain.com" should prompt for your Google Authentication and then bring you to your Main AMP panel. Once that's setup create instances for your games configured above. These can be deleted and recreated whenever you want just make sure you use the ports used during the setup. Within Minecraft you should be able to connect to your servers by entering in "minecraft.domain.com" and "minecraft2.domain.com" using the examples above.

Note: I didn't create DNS records for Factorio because Factorio doesn't support SRV records. To access this server you need to either make it public (add a password if you want it private) and access it from the list of public servers or use your WAN IP address to connect directly.

If you have anyways of making this work even better let me know!