Traefik advanced

Deploys Bearicorn with Traefik as the web router. Traefik automatically obtains TLS certificates from Let's Encrypt and provides a web dashboard for monitoring running services.

Use this setup when running multiple services on the same server. If you are only running Bearicorn, Caddy is the simpler choice.

Requirements

• Docker installed — Debian/Ubuntu · Fedora · Alpine
• A domain name pointing to your server's IP — see Getting Started

Deployment

Step 1 - Download the required files

sudo mkdir -p /opt/bearicorn
sudo chown "$USER":"$USER" /opt/bearicorn
cd /opt/bearicorn
git clone https://github.com/bybearicorn/monorepo.git
cd monorepo/deploy/compose

Step 2 - Populate the .env file

cp .env.traefik .env

Generate secret values:

openssl rand -hex 32  # use for JWT_SECRET
openssl rand -hex 16  # use for DB_PASSWORD

Open the file for editing:

nano .env

Set the following values:

• JWT_SECRET — paste the 64-character value generated above
• DB_PASSWORD — paste the 32-character value generated above
• TRAEFIK_HOST — your domain name (e.g. chat.yourcompany.com)
• TRAEFIK_ACME_EMAIL — a valid email address for Let's Encrypt certificate registration
• TZ — optional, your timezone (e.g. Europe/Berlin); defaults to UTC
• TRAEFIK_DASHBOARD_PORT — optional, port for the Traefik dashboard; defaults to 8081

WARNING

The default .env.traefik values (localhost, [email protected]) are placeholders only. A real domain and a valid email address are required for TLS certificate issuance.

Do not leave JWT_SECRET and DB_PASSWORD at their default placeholder values in production.

Step 3 - Start the containers

docker compose --env-file .env -f docker-compose.traefik.yml up --build -d

The first build takes 3–5 minutes. Traefik will obtain the TLS certificate automatically on startup.

Access the application

	Address
Bearicorn	https://your-domain.com
Traefik dashboard	http://YOUR_SERVER_IP:8081

The first user to register becomes the admin. Database migrations run automatically on first start.

INFO

Always access the application via the configured domain name. Requests sent directly to the server IP will not match Traefik's routing rules and will return an error.

WARNING

The Traefik dashboard is not password-protected by default. For production, restrict port 8081 in your firewall or configure BasicAuth middleware.

Management

# View logs
docker compose -f docker-compose.traefik.yml logs -f
docker compose -f docker-compose.traefik.yml logs traefik  # Traefik only
docker compose -f docker-compose.traefik.yml logs hub-app  # app only

# Check container status
docker compose -f docker-compose.traefik.yml ps

# Restart all containers
docker compose -f docker-compose.traefik.yml restart

# Stop all containers
docker compose -f docker-compose.traefik.yml down

# Update to the latest version
git pull && docker compose -f docker-compose.traefik.yml up --build -d