Optimizing your LinkStack deployment to handle multiple domains is essential for businesses and individuals seeking versatile branding and streamlined management. By leveraging Traefik as a powerful reverse proxy, you can efficiently manage multiple domains, ensure secure connections with SSL certificates, and maintain scalability—all within a Dockerized environment. This SEO-optimized guide provides a comprehensive, step-by-step approach to configuring LinkStack under multiple domains using Traefik, including advanced DNS configurations with CNAME records.

Table of Contents

1. Introduction
2. Why Use Traefik for LinkStack?
3. Prerequisites
4. Configuration Overview
5. Step 1: Setting Up the Traefik Service
6. Step 2: Configuring LinkStack for Multiple Domains
7. Alternative Configuration: Multiple Domains Under One Router
8. Step 3: DNS Configuration
9. Step 4: Starting the Services
10. Step 5: Testing the Setup
11. Troubleshooting
12. Conclusion
13. Complete Docker Compose Configuration
14. Frequently Asked Questions (FAQ)

Introduction

Optimizing your LinkStack deployment to handle multiple domains is essential for businesses and individuals seeking versatile branding and streamlined management. By leveraging Traefik as a powerful reverse proxy, you can efficiently manage multiple domains, ensure secure connections with SSL certificates, and maintain scalability—all within a Dockerized environment. This SEO-optimized guide provides a comprehensive, step-by-step approach to configuring LinkStack under multiple domains using Traefik, including advanced DNS configurations with CNAME records.

Why Use Traefik for LinkStack?

Traefik stands out as an exceptional choice for managing LinkStack deployments due to its robust feature set tailored for modern containerized applications. Here’s why Traefik is the ideal reverse proxy for LinkStack:

• SSL Automation: Seamlessly generates and renews Let’s Encrypt certificates, ensuring all connections remain secure without manual intervention.
• Multiple Domains Support: Effortlessly route traffic across various domains to a single LinkStack instance, enhancing flexibility and user experience.
• Scalability: Easily integrate new domains or services into your existing setup without causing downtime or requiring significant configuration changes.
• Dynamic Configuration: Utilize Docker labels to allow Traefik to automatically detect and configure services, simplifying maintenance and updates.
• Load Balancing: Distribute incoming traffic efficiently across multiple instances if needed, enhancing performance and reliability.

Prerequisites

Before diving into the configuration, ensure you have the following prerequisites in place:

1. Docker and Docker Compose: Installed and properly configured on your server. Install Docker | Install Docker Compose
2. DNS Management Access: Administrative control over DNS records for the domains you intend to use.
3. Basic Knowledge: Familiarity with Traefik, Docker Compose, and general Docker concepts.
4. Server Environment: A server (VPS or dedicated) running a compatible operating system (e.g., Ubuntu, Debian).

Configuration Overview

This guide outlines the process to host a single LinkStack instance accessible via multiple domains. The setup leverages Traefik for reverse proxying and SSL certificate management, ensuring each domain routes traffic securely to your LinkStack application. Key aspects include:

• Hosting LinkStack at domains like:
  • https://links.hamish-fleming.com/@hamish
  • https://links.marsuvesvex.xyz/@MarsuvesVex
  • https://links.itsnotdatsrs.lol
• Utilizing Traefik for efficient traffic management and SSL automation.
• Configuring DNS records, including CNAME records for additional domains.

Step 1: Setting Up the Traefik Service

Begin by defining the Traefik service in your docker-compose.yml file. Traefik will act as the reverse proxy, handling incoming requests and directing them to the appropriate services.

services:
  traefik:
    image: traefik:v2.10
    container_name: traefik
    restart: unless-stopped
    command:
      - --api.insecure=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web
      - --certificatesresolvers.myhttpchallenge.acme.email=youremail@example.com
      - --certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json
      - --serversTransport.insecureSkipVerify=true
    ports:
      - "80:80"     # HTTP
      - "443:443"   # HTTPS
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik_letsencrypt:/letsencrypt
    networks:
      - traefik

Explanation:

• certificatesresolvers: Manages SSL certificate generation and renewal using Let’s Encrypt.
• entrypoints: Defines HTTP (web) and HTTPS (websecure) listeners.
• Docker Labels: Enable dynamic service discovery, allowing Traefik to automatically detect and configure services based on Docker labels.
• Volumes: Mounts the Docker socket for Traefik to communicate with Docker and a volume for storing Let’s Encrypt certificates.

Step 2: Configuring LinkStack for Multiple Domains

Next, configure the LinkStack service to work seamlessly with Traefik and handle multiple domains.

services:
  linkstack:
    image: linkstackorg/linkstack
    container_name: linkstack
    restart: unless-stopped
    hostname: linkstack
    ports:
      - "880:80"    # LinkStack HTTP
      - "8443:443"  # LinkStack HTTPS
    environment:
      TZ: Australia/Melbourne
      SERVER_ADMIN: [email protected]
      LOG_LEVEL: debug
      PHP_MEMORY_LIMIT: 256M
      UPLOAD_MAX_FILESIZE: 8M
    volumes:
      - linkstack_data:/htdocs
    labels:
      - "traefik.enable=true"
      # Configuration for first domain
      - "traefik.http.routers.linkstack-hamish.rule=Host(`links.hamish-fleming.com`)"
      - "traefik.http.routers.linkstack-hamish.entrypoints=websecure"
      - "traefik.http.routers.linkstack-hamish.tls=true"
      - "traefik.http.routers.linkstack-hamish.tls.certresolver=myhttpchallenge"
      - "traefik.http.services.linkstack-hamish.loadBalancer.server.port=80"
      # Configuration for second domain
      - "traefik.http.routers.linkstack-marsuves.rule=Host(`links.marsuvesvex.xyz`)"
      - "traefik.http.routers.linkstack-marsuves.entrypoints=websecure"
      - "traefik.http.routers.linkstack-marsuves.tls=true"
      - "traefik.http.routers.linkstack-marsuves.tls.certresolver=myhttpchallenge"
      - "traefik.http.services.linkstack-marsuves.loadBalancer.server.port=80"
      # Middleware for enhanced security headers
      - "traefik.http.middlewares.linkstack-head.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.middlewares.linkstack-head.headers.customResponseHeaders.X-Robots-Tag=none"
      - "traefik.http.middlewares.linkstack-head.headers.customResponseHeaders.Strict-Transport-Security=max-age=63072000"
      - "traefik.http.middlewares.linkstack-head.headers.stsSeconds=31536000"
      - "traefik.http.middlewares.linkstack-head.headers.accesscontrolalloworiginlist=*"
      - "traefik.docker.network=traefik"
    networks:
      - traefik

Key Points:

• Multiple Routers: Separate routers (linkstack-hamish and linkstack-marsuves) are defined for each domain, allowing Traefik to route traffic appropriately.
• SSL Configuration: Each router is configured to use TLS with the myhttpchallenge certificate resolver, ensuring secure connections.
• Middlewares: Enhance security by setting custom headers, such as Strict-Transport-Security and X-Robots-Tag.
• Docker Network: Ensures that LinkStack communicates within the Traefik network for seamless proxying.

Alternative Configuration: Multiple Domains Under One Router

For a more streamlined configuration, you can handle multiple domains under a single Traefik router. This approach reduces redundancy and simplifies management.

Updated Labels Configuration

Modify the LinkStack service labels to consolidate multiple domains into one router:

services:
  linkstack:
    image: linkstackorg/linkstack
    container_name: linkstack
    restart: unless-stopped
    hostname: linkstack
    ports:
      - "880:80"
      - "8443:443"
    environment:
      TZ: Australia/Melbourne
      SERVER_ADMIN: [email protected]
      LOG_LEVEL: debug
      PHP_MEMORY_LIMIT: 256M
      UPLOAD_MAX_FILESIZE: 8M
    volumes:
      - linkstack_data:/htdocs
    labels:
      - "traefik.enable=true"
      # Single router handling multiple domains
      - "traefik.http.routers.linkstack-ui.rule=Host(`links.marsuvesvex.xyz`) || Host(`links.itsnotdatsrs.lol`) || Host(`links.hamish-fleming.com`)"
      - "traefik.http.routers.linkstack-ui.entrypoints=web,websecure"
      - "traefik.http.routers.linkstack-ui.tls=true"
      - "traefik.http.routers.linkstack-ui.tls.certresolver=myhttpchallenge"
      - "traefik.http.services.linkstack-ui.loadBalancer.server.port=443"
      - "traefik.http.services.linkstack-ui.loadbalancer.server.scheme=https"
      # Middleware for enhanced security headers
      - "traefik.http.middlewares.linkstack-head.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.middlewares.linkstack-head.headers.customResponseHeaders.X-Robots-Tag=none"
      - "traefik.http.middlewares.linkstack-head.headers.customResponseHeaders.Strict-Transport-Security=max-age=63072000"
      - "traefik.http.middlewares.linkstack-head.headers.stsSeconds=31536000"
      - "traefik.http.middlewares.linkstack-head.headers.accesscontrolalloworiginlist=*"
      - "traefik.docker.network=traefik"
    networks:
      - traefik

Explanation:

• Single Router Rule: Utilizes logical OR (||) to match multiple domains within a single router (linkstack-ui).
• Entrypoints: Includes both web (HTTP) and websecure (HTTPS) to handle all types of incoming traffic.
• Load Balancer Configuration: Points to port 443 with the HTTPS scheme, ensuring secure backend communication.
• Simplified Management: Adding new domains only requires updating the Host rule without creating additional routers.

Benefits of This Approach

• Simplified Configuration: Reduces the number of routers, making the Docker Compose file cleaner and easier to manage.
• Easier Maintenance: Centralizes routing rules, facilitating easier updates and scalability.
• Efficiency: Minimizes redundancy, ensuring Traefik handles routing more efficiently.

Step 3: DNS Configuration

Proper DNS configuration is crucial to ensure that your domains correctly point to your server and are accessible via Traefik. This section covers setting up A, AAAA, and CNAME records.

1. Primary Domains

Configure your primary domains to point directly to your server’s IP address:

• A Record: Maps your domain to your server’s IPv4 address.
  • Example:
    • links.hamish-fleming.com A 123.456.789.012
    • links.marsuvesvex.xyz A 123.456.789.012
• AAAA Record (if applicable): Maps your domain to your server’s IPv6 address.
  • Example:
    • links.hamish-fleming.com AAAA 2001:0db8:85a3:0000:0000:8a2e:0370:7334
    • links.marsuvesvex.xyz AAAA 2001:0db8:85a3:0000:0000:8a2e:0370:7334

2. Additional Domains Using CNAME Records

For any additional subdomains or domains, utilize CNAME records to alias them to one of your primary domains. This approach simplifies DNS management and ensures consistency.

• CNAME Record: Aliases a subdomain to a primary domain.
  • Example:
    • links.anotherdomain.com CNAME links.hamish-fleming.com
    • links.yetanotherdomain.com CNAME links.marsuvesvex.xyz

Note: Ensure that the primary domains (links.hamish-fleming.com and links.marsuvesvex.xyz) are correctly pointed to your server’s IP addresses before setting up CNAME records.

3. DNS Propagation

After updating DNS records, allow up to 48 hours for changes to propagate globally. Use tools like DNS Checker to monitor propagation status.

Step 4: Starting the Services

With your docker-compose.yml configured and DNS records set, start your Docker services to deploy Traefik and LinkStack.

1. Launch Containers

Execute the following command to start your services in detached mode:

docker-compose up -d

2. Verify Running Containers

Ensure that both Traefik and LinkStack containers are up and running:

docker ps

Expected Output:

You should see entries for both traefik and linkstack containers, indicating they are active and listening on the specified ports.

Step 5: Testing the Setup

After successfully starting your services, it’s time to verify that everything is functioning as expected.

1. Access Your Domains

Open your web browser and navigate to your configured domains:

• https://links.hamish-fleming.com
• https://links.marsuvesvex.xyz
• https://links.itsnotdatsrs.lol

2. Verify SSL Certificates

Ensure that each domain loads securely with a valid SSL certificate. Look for the padlock icon in the browser’s address bar.

3. Check LinkStack Functionality

Interact with your LinkStack instance to confirm that all features are operational and that content is loading correctly.

4. Test CNAME Records

If you’ve set up additional domains using CNAME records, verify that they correctly redirect to your primary domains and load the LinkStack instance seamlessly.

Troubleshooting

Encountering issues is common when setting up complex configurations. Below are common problems and their solutions:

1. Port Conflicts

Issue: Other services are using ports 80 or 443, preventing Traefik from binding to these ports.

Solution:

• Identify services occupying the ports:

  sudo lsof -i :80
  sudo lsof -i :443
  

• Stop or reconfigure conflicting services.

• Ensure Docker and Traefik have the necessary permissions to bind to these ports.

2. SSL Certificate Errors

Issue: SSL certificates are not being issued or renewed correctly.

Solution:

• Check Traefik logs for errors:

  docker logs traefik
  

• Ensure your email address in the certificatesresolvers is correct.

• Verify that your domains are correctly pointed to your server’s IP.

• Confirm that ports 80 and 443 are open and accessible.

3. DNS Propagation Delays

Issue: DNS changes have not fully propagated, causing domains to be inaccessible.

Solution:

• Wait up to 48 hours for DNS propagation.
• Use DNS Checker to monitor the status of your DNS records.
• Verify DNS configurations for accuracy.

4. Traefik Not Routing Correctly

Issue: Traefik is not directing traffic to the LinkStack service as expected.

Solution:

• Ensure Docker labels are correctly defined in the docker-compose.yml.

• Confirm that both Traefik and LinkStack are connected to the same Docker network.

• Restart the Docker services to apply configuration changes:

  docker-compose down
  docker-compose up -d
  

5. Middleware Configuration Issues

Issue: Security headers or other middleware functionalities are not working.

Solution:

• Verify middleware labels are correctly specified.
• Check Traefik logs for any middleware-related errors.
• Ensure that the middleware names are consistent across configurations.

Conclusion

By following this comprehensive guide, you’ve successfully configured LinkStack to operate under multiple domains using Traefik as a reverse proxy within a Docker environment. This setup not only ensures secure connections through automated SSL certificate management but also offers scalability and ease of maintenance. Leveraging CNAME DNS records further simplifies the management of additional domains, allowing for streamlined DNS configurations.

Key Takeaways:

• Traefik Integration: Efficiently manages routing and SSL for multiple domains.
• Docker Compose: Simplifies service deployment and management.
• Scalability: Easily add or remove domains without disrupting existing services.
• Security: Enhanced through automated SSL and robust middleware configurations.

This optimized deployment strategy empowers you to maintain a robust, secure, and scalable LinkStack instance tailored to diverse domain requirements.

Complete Docker Compose Configuration

For your convenience, below is the complete docker-compose.yml file that incorporates both separate routers for each domain and a single router handling multiple domains. You can choose the configuration that best fits your management preferences.

version: "3.8"

services:
  traefik:
    image: traefik:v2.10
    container_name: traefik
    restart: unless-stopped
    command:
      - --api.insecure=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web
      - --certificatesresolvers.myhttpchallenge.acme.email=marsuvesvex@gmail.com
      - --certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json
      - --serversTransport.insecureSkipVerify=true
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik_letsencrypt:/letsencrypt
    networks:
      - traefik

  linkstack:
    image: linkstackorg/linkstack
    container_name: linkstack
    restart: unless-stopped
    hostname: linkstack
    ports:
      - "880:80"
      - "8443:443"
    environment:
      TZ: Australia/Melbourne
      SERVER_ADMIN: [email protected]
      LOG_LEVEL: debug
      PHP_MEMORY_LIMIT: 256M
      UPLOAD_MAX_FILESIZE: 8M
    volumes:
      - linkstack_data:/htdocs
    labels:
      - "traefik.enable=true"
      # Configuration for multiple domains using separate routers
      - "traefik.http.routers.linkstack-hamish.rule=Host(`links.hamish-fleming.com`)"
      - "traefik.http.routers.linkstack-hamish.entrypoints=websecure"
      - "traefik.http.routers.linkstack-hamish.tls=true"
      - "traefik.http.routers.linkstack-hamish.tls.certresolver=myhttpchallenge"
      - "traefik.http.services.linkstack-hamish.loadBalancer.server.port=80"
      - "traefik.http.routers.linkstack-marsuves.rule=Host(`links.marsuvesvex.xyz`)"
      - "traefik.http.routers.linkstack-marsuves.entrypoints=websecure"
      - "traefik.http.routers.linkstack-marsuves.tls=true"
      - "traefik.http.routers.linkstack-marsuves.tls.certresolver=myhttpchallenge"
      - "traefik.http.services.linkstack-marsuves.loadBalancer.server.port=80"
      # Alternative configuration: Multiple domains under one router
      - "traefik.http.routers.linkstack-ui.rule=Host(`links.marsuvesvex.xyz`) || Host(`links.itsnotdatsrs.lol`) || Host(`links.hamish-fleming.com`)"
      - "traefik.http.routers.linkstack-ui.entrypoints=web,websecure"
      - "traefik.http.routers.linkstack-ui.tls=true"
      - "traefik.http.routers.linkstack-ui.tls.certresolver=myhttpchallenge"
      - "traefik.http.services.linkstack-ui.loadBalancer.server.port=443"
      - "traefik.http.services.linkstack-ui.loadbalancer.server.scheme=https"
      # Middleware for enhanced security headers
      - "traefik.http.middlewares.linkstack-head.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.middlewares.linkstack-head.headers.customResponseHeaders.X-Robots-Tag=none"
      - "traefik.http.middlewares.linkstack-head.headers.customResponseHeaders.Strict-Transport-Security=max-age=63072000"
      - "traefik.http.middlewares.linkstack-head.headers.stsSeconds=31536000"
      - "traefik.http.middlewares.linkstack-head.headers.accesscontrolalloworiginlist=*"
      - "traefik.docker.network=traefik"
    networks:
      - traefik

volumes:
  traefik_letsencrypt:
    external: false
  linkstack_data:

networks:
  traefik:
    external:
      name: traefik

Important Notes:

• Dual Configuration: This docker-compose.yml includes both separate routers for each domain and a single router handling multiple domains. Choose one approach based on your preference to avoid conflicts.

  • Separate Routers: Uncomment and use the individual router configurations (linkstack-hamish and linkstack-marsuves) if you prefer managing each domain independently.

  • Single Router: Use the consolidated router (linkstack-ui) for handling multiple domains under one configuration.

• Network Setup: Ensure that the traefik network exists and is marked as external. Create it if necessary:

  docker network create traefik
  

• Email Configuration: Replace [email protected] and [email protected] with your actual email addresses to receive SSL-related notifications from Let’s Encrypt.

• Environment Variables: Adjust environment variables such as TZ, SERVER_ADMIN, PHP_MEMORY_LIMIT, and UPLOAD_MAX_FILESIZE to suit your specific requirements.

• Volumes: Ensure persistent storage by correctly mounting volumes for Traefik’s Let’s Encrypt certificates (traefik_letsencrypt) and LinkStack’s data (linkstack_data).

Frequently Asked Questions (FAQ)

1. What is LinkStack?

LinkStack is a self-hosted, open-source link management tool that allows you to create, manage, and share shortened URLs efficiently.

2. Why Use Traefik as a Reverse Proxy?

Traefik offers dynamic service discovery, automated SSL certificate management, and seamless integration with Docker, making it an excellent choice for managing complex routing scenarios like multiple domains.

3. Can I Add More Domains Beyond the Examples Provided?

Absolutely! You can add as many domains as needed by updating your Docker Compose labels and DNS configurations. Using CNAME records simplifies this process for additional subdomains.

4. How Do I Secure My Traefik Dashboard?

The provided configuration enables an insecure Traefik dashboard (--api.insecure=true). For production environments, it’s recommended to secure the dashboard by setting up proper authentication and restricting access.

5. How Can I Monitor Traefik and LinkStack Logs?

Use Docker commands to view logs:

• Traefik Logs:

  docker logs traefik
  

• LinkStack Logs:

  docker logs linkstack
  

6. Is It Possible to Use Other SSL Certificate Providers Instead of Let’s Encrypt?

Yes, Traefik supports various certificate resolvers. You can configure Traefik to use different SSL providers by adjusting the certificatesresolvers settings in the docker-compose.yml file.

7. How Do I Update LinkStack or Traefik to the Latest Versions?

Pull the latest images and recreate the containers:

docker-compose pull
docker-compose up -d

Ensure you review any breaking changes in the release notes before updating.

By following this optimized guide, you can efficiently deploy and manage a secure, scalable LinkStack instance across multiple domains using Traefik and Docker. This setup not only enhances your application’s accessibility and reliability but also ensures that your deployment adheres to best practices in security and scalability.

For further assistance, refer to the official documentation of Traefik and LinkStack, or join their respective communities for support and updates.