====== docker compose con traffic ======
Traefik requires two configuration files:
===== traefik.yaml =====
Basic configuration with panel to see traefik active configuration:
#debug: "true"
#logLevel: "DEBUG"
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
http:
acme:
email: domains@example.com
storage: acme.json
httpChallenge:
entryPoint: http
===== acme.json =====
An empty storage file for all Let's Encrypt certificates
touch acme.json
chmod 600 acme.json
===== compose.yaml =====
The access is configured with user ''admin'' and password from htpasswd (MD5, SHA1 or BCrypt): [[https://htpasswd.org/|htpasswd generator]]
**NOTE 1:** pay attention to double ''$$'' at password.
**NOTE 2:** the domain (''host.example.com'') must resolve against host, because traefik will start to obtain certificates as soon as it start.
services:
traefik:
image: traefik:v2.1
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yaml:/traefik.yaml:ro
- ./acme.json:/acme.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`host.example.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$apr1$$yjlvJ56A$$$R20oIMhPsstfBc8.ZFaW43"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`host.example.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
* Ref: [[https://doc.traefik.io/traefik/middlewares/http/basicauth/|Traefik basicauth]]
===== example proxy -> application =====
Both the domains
* ''host.example.com'' to access traefik panel
* ''app.example.com'' to access app with traefik proxy
must resolve against host, because traefik will start to obtain certificates as soon as it start.
==== compose.yaml ====
services:
traefik:
image: traefik:v2.1
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yaml:/traefik.yaml:ro
- ./acme.json:/acme.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`host.example.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$apr1$$ablvJ36A$$Q21oIBhPxftfMc8.ZFeW31"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`host.example.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
app:
image: oguzpastirmaci/hostname
container_name: app
labels:
- "traefik.enable=true"
- "traefik.http.routers.app.entrypoints=http"
- "traefik.http.routers.app.rule=Host(`app.example.com`)"
- "traefik.http.middlewares.app-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.app.middlewares=app-https-redirect"
- "traefik.http.routers.app-secure.entrypoints=https"
- "traefik.http.routers.app-secure.rule=Host(`app.example.com`)"
- "traefik.http.routers.app-secure.tls=true"
- "traefik.http.routers.app-secure.tls.certresolver=http"
- "traefik.http.routers.app-secure.service=app"
- "traefik.http.services.app.loadbalancer.server.port=8000"
{{:docs:virtualizacion:docker:captura_de_pantalla_2024-12-12_a_la_s_1.28.18 p._m..png?400|}}