Noobs guide to avoiding a potential pothole with Gsuite>Traefik>PGdef setup

Just wanted to take a second to try and point out a potential pothole during setup that is easy to avoid. This is not a “how to” but only a how I did it. Let me preface this with, I only know enough of this stuff (linux, logic, how to read and follow instructions etc.) to get me into trouble , so take it for what it’s worth. Unfortunately, for me, the problem did not manifest itself until later when I set up PGdef and I needed an API key from the domain host, provider, service whatever the hell you call it.

Ok the problem: you can’t get an API, for PGdef, from Gsuite because you signed up for a domain with a “partner” through Gsuite.

What did I do wrong? Since I know very little about this whole API key thing. I figured that since the domain was registered with GoDaddy I could go to GoDaddy, make an account, and generate an API key(please see my knowledge disclosure above)… mmmmrrrrrrmmmmPPP, NOT!.. Ya, that din’t work. Oh everything is cool with Traefik but not so much with PGdef. You get…


? Unable to reach your Subdomain for Portainer!

1. Forget to enable Traefik?
2. Valdiate if Subdomain is Working?<<<
hey devs what up wit da typo!? JK
3. Validate Portainer is Deployed?

Confirm Info | Press [ENTER]:


Uh yes, Traefik is deployed, I can reach the portainer subdomain and yes portainer is deployed because I am looking at it…thank you very much! WTF is going on here……logs people logs….decided to check out the Traefik logs in portainer and that gave me a hint to sump’n wuddn’t right even though everything seemed ok…." Authenticated user is not allowed access" gave me a clue that something was jacked up with the API and going rogue at GoDaddy was the culprit.

Now for what I did to get out of this predicament…This whole shabam started waaaay back when I set up Gsuite and here’s what I did to correct it.

  • Gsuite : When you set up Gsuite you are going to need a domain name and Big Brother G being the good Samaritan he is, is all too happy to assist you is setting one up with one of their partners, i.e. GoDaddy. This is a problem because you will not be able to get an API key from the “partner”. I don’t know why but it is what it is. Why is this important, you are going to need that API key for PGdef to work. Stay tuned!
    • Solution 1(easy) : BYOD from GoDaddy (or Gandi, they are cheaper but takes a long time to confirm your new domain).
      • NOOB note on buying domains that are on sale. Be careful of the $.99 domains the price could go up significantly when the domain renews… $.99 this year but maybe $19.99 from next year and into eternity, if you forget about it. So check the non sale price alse or turn off auto renew.
      • Why Godaddy or Gandi? They are the easiest to set up in Traefik.
    • Solution 2(not as easy but easy and more steps): take Google up on the offer on the domain registration and use Cloudflare.
    • Side note. - if you have domains already and the provider is not on the Trafik approved list I think you can go the cloudflare route.
  • Traefik: if you BYOD form GoDaddy or Gandi just follow the PG wiki and your good to go. IF not….
    • Log into your Gsuite admin console, the one you set up for this project.
    • Go to Domains>>>add/remove domains>>>advanced DNS settings(click the little triangle and a drop down will appear)>>>Sign into DNS console(this takes you to a GoDaddy page that is branded Gsuite)>>>login with credential provided in the grey box on the previous page>>>>click the little gear on the card of the domain you want to change the A record for>>>click manage DNS>>>nameservers and A record settings are there.
    • Change your A record before going to Cloudflare , if you are going the cloudflare route. Don’t mess with the nameservers until instructed to do so by Cloudflare.
    • Everything should go swimmingly with Traefik
  • PGdef: here’s the pothole! … PGdef wants an API key, where the hell go I get the GD API key if I registered my domain in Gsuite… and the answer, from Cloudflare!
    • Cloudflare: Go to Cloudflare, set up a free account. Cloudflare will ask you for your domain name right off the bat and scan your domain. Remember what I told you about updating the A record before doing the Cloudflare thing. If you don’t you will have to delete the domain at Cloudflare and start over with Cloudflare. Ask me how I know, go ahead ask!(I learn by making mistakes people, don’t judge)
      • Cloudflare will ask you to change your nameservers to their nameservers. Remember the GoDaddy, Gsuite branded, DNS management page. Well the nameserver entries are at the bottom. When you change them the DNS records will disappear(after refresh) since Cloudflare will be handling that.
      • Then, profit, use Cloudflare’s API key (FU Google and GoDaddy, there’s more than one way to Chicago)
    • Now follow the PGwiki for cloudflare and you should be good to go. Unfortunately I did not find the vid on the Cloudflare page helpful(sorry devs) but the text instructions were very helpful(thank you devs).

Credits for this guide go to Marinerdevil

2 Likes