← 返回 Skills 市场
364
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install initial-traefik
功能描述
Initialize and configure Traefik reverse proxy with Docker. Install Traefik, configure Docker Compose, set up service routing via path prefix or host-based r...
使用说明 (SKILL.md)
Initial Traefik
Initialize and configure Traefik v3 reverse proxy with Docker Compose for service routing and load balancing.
Quick Start
1. Create Configuration
mkdir -p ~/.docker/compose
cd ~/.docker/compose
2. Create docker-compose.yml
Use assets/docker-compose.yml as template. Key configuration:
services:
traefik:
image: traefik:v3.0
container_name: traefik
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik-dynamic.yml:/etc/traefik/dynamic.yml:ro
command:
- --api=true
- --api.dashboard=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --providers.file.directory=/etc/traefik
- --providers.file.watch=true
- --entrypoints.web.address=:80
- --accesslog=true
- --metrics.prometheus=true
3. Create Dynamic Configuration
Use assets/traefik-dynamic.yml as template for service routing.
4. Start Traefik
docker compose up -d
5. Connect Services to Network
for container in \x3Cservice-names>; do
docker network connect compose_default $container
done
Routing Options
Option A: Path Prefix Routing (IP + Path)
Access services via http://\x3CIP>/\x3Cservice>:
http:
routers:
n8n:
rule: "PathPrefix(`/n8n`)"
service: n8n
entryPoints:
- web
middlewares:
- n8n-stripprefix
middlewares:
n8n-stripprefix:
stripPrefix:
prefixes:
- /n8n
services:
n8n:
loadBalancer:
servers:
- url: "http://n8n:5678"
Access: http://192.168.9.192/n8n
Option B: Host-Based Routing (.nip.io)
Access services via http://\x3Cservice>.\x3CIP>.nip.io:
http:
routers:
n8n:
rule: "Host(`n8n.192.168.9.192.nip.io`)"
service: n8n
entryPoints:
- web
services:
n8n:
loadBalancer:
servers:
- url: "http://n8n:5678"
Access: http://n8n.192.168.9.192.nip.io
Option C: Docker Labels
Configure routing directly in docker-compose.yml labels:
services:
traefik:
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`traefik.192.168.9.192.nip.io`)"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.entrypoints=web"
Enable Features
See references/features.md for complete feature list and configuration.
Common Tasks
Add New Service
-
Connect container to network:
docker network connect compose_default \x3Ccontainer-name> -
Add router to
traefik-dynamic.yml:routers: myservice: rule: "PathPrefix(`/myservice`)" service: myservice entryPoints: - web middlewares: - myservice-stripprefix services: myservice: loadBalancer: servers: - url: "http://\x3Ccontainer-name>:\x3Cport>"
Traefik auto-reloads configuration.
Check Status
docker logs traefik | grep -E "router|error"
docker exec traefik wget -q -O - http://localhost:8080/api/http/routers
Restart Traefik
docker restart traefik
References
- Features: See
references/features.mdfor all available features - Examples: See
references/examples.mdfor common configurations - Templates: See
assets/for configuration templates
Troubleshooting
- 404 errors: Check container is connected to
compose_defaultnetwork - Configuration not loading: Check
traefik-dynamic.ymlYAML syntax - Service not accessible: Verify container name and port in service configuration
- Dashboard not working: Ensure
--api.dashboard=trueis in command
安全使用建议
This skill appears to do what it says (set up Traefik via Docker Compose) but includes insecure defaults you should fix before deploying:
- Mounting /var/run/docker.sock into a container gives that container high privileges over your host. Only do this on trusted hosts and understand the risk; a read-only mount flag does not reliably prevent privileged actions.
- The provided docker-compose enables an insecure dashboard (--api.insecure=true) and exposes the dashboard via a public hostname example (nip.io). If you run this on a network reachable from the internet, an attacker could access the Traefik admin UI. Remove --api.insecure=true, restrict the dashboard to an internal network or localhost, and protect it with authentication (basicAuth) or firewall rules.
- Replace example/basicAuth password hashes with your own securely generated credentials; do not reuse the example hash in production.
- If you need public TLS, configure ACME carefully (provide a valid email and secure storage for acme.json) and consider rate limits and domain ownership implications of using nip.io.
Recommended immediate changes before use: remove or restrict --api.insecure=true, bind the dashboard to an internal entrypoint, enable authenticated access, limit exposure of services via firewall, and understand the implications of mounting the Docker socket. If you want, I can provide a hardened docker-compose.yml and traefik-dynamic.yml with safer defaults.
功能分析
Type: OpenClaw Skill
Name: initial-traefik
Version: 1.0.0
The skill is classified as suspicious due to the default configuration of `--api.insecure=true` in `assets/docker-compose.yml`. While the documentation in `references/features.md` explicitly states this is 'for dev only', deploying Traefik with an insecure API and dashboard by default creates a significant vulnerability, allowing unauthorized access to monitor and potentially reconfigure the proxy. Additionally, the skill mounts the Docker socket (`/var/run/docker.sock:ro`), which, even in read-only mode, grants powerful introspection capabilities into the host's Docker environment.
能力评估
Purpose & Capability
Name and description match the assets and runtime instructions: docker-compose and a dynamic Traefik config are provided. The requested filesystem mounts and commands (docker compose up, docker network connect) are expected for running Traefik with Docker.
Instruction Scope
Instructions stay within the stated scope (install/configure Traefik). However the provided examples and docker-compose defaults enable an insecure dashboard (--api.insecure=true / exposed dashboard hostname) and instruct mounting /var/run/docker.sock into the traefik container. Those are functional for the goal but raise security concerns (dashboard exposure, high privilege via Docker socket).
Install Mechanism
This is an instruction-only skill with no install spec or external downloads. Nothing is written to disk by the skill itself beyond the user's creation of the compose files provided as templates.
Credentials
No environment variables or external credentials are requested (proportional). That said, the recommended mount of /var/run/docker.sock grants the Traefik container effective control over the Docker host (common for providers but high privilege). Example basicAuth uses a hardcoded bcrypt string in docs—fine as an example but users must replace it with real credentials.
Persistence & Privilege
The skill is not marked always:true and does not request persistent platform privileges. It's instruction-only and does not modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install initial-traefik - 安装完成后,直接呼叫该 Skill 的名称或使用
/initial-traefik触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
initial-traefik 1.0.0 – Initial release
- Provides setup instructions for Traefik v3 reverse proxy with Docker Compose.
- Includes example Docker Compose and dynamic configuration templates.
- Covers multiple routing methods: path prefix, host-based (.nip.io), and Docker labels.
- Details enabling features like dashboard, metrics, logging, and tracing.
- Offers troubleshooting steps and references for further configuration.
元数据
常见问题
initial-traefik 是什么?
Initialize and configure Traefik reverse proxy with Docker. Install Traefik, configure Docker Compose, set up service routing via path prefix or host-based r... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 364 次。
如何安装 initial-traefik?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install initial-traefik」即可一键安装,无需额外配置。
initial-traefik 是免费的吗?
是的,initial-traefik 完全免费(开源免费),可自由下载、安装和使用。
initial-traefik 支持哪些平台?
initial-traefik 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 initial-traefik?
由 le-shi(@le-shi)开发并维护,当前版本 v1.0.0。
推荐 Skills