docker compose con traffic
Traefik requires two configuration files:
traefik.yaml
Basic configuration with panel to see traefik active configuration:
#debug: "true" #logLevel: "DEBUG" api: dashboard: true entryPoints: http: address: ":80" https: address: ":443" providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false certificatesResolvers: http: acme: email: domains@example.com storage: acme.json httpChallenge: entryPoint: http
acme.json
An empty storage file for all Let's Encrypt certificates
touch acme.json chmod 600 acme.json
compose.yaml
The access is configured with user admin and password from htpasswd (MD5, SHA1 or BCrypt): htpasswd generator
NOTE 1: pay attention to double $$ at password.
NOTE 2: the domain (host.example.com) must resolve against host, because traefik will start to obtain certificates as soon as it start.
services: traefik: image: traefik:v2.1 container_name: traefik restart: unless-stopped security_opt: - no-new-privileges:true ports: - 80:80 - 443:443 volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - ./traefik.yaml:/traefik.yaml:ro - ./acme.json:/acme.json labels: - "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=http" - "traefik.http.routers.traefik.rule=Host(`host.example.com`)" - "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$apr1$$yjlvJ56A$$$R20oIMhPsstfBc8.ZFaW43" - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - "traefik.http.routers.traefik-secure.entrypoints=https" - "traefik.http.routers.traefik-secure.rule=Host(`host.example.com`)" - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.tls.certresolver=http" - "traefik.http.routers.traefik-secure.service=api@internal"
- Ref: Traefik basicauth
example proxy -> application
Both the domains
host.example.comto access traefik panelapp.example.comto access app with traefik proxy
must resolve against host, because traefik will start to obtain certificates as soon as it start.
compose.yaml
services: traefik: image: traefik:v2.1 container_name: traefik restart: unless-stopped security_opt: - no-new-privileges:true ports: - 80:80 - 443:443 volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - ./traefik.yaml:/traefik.yaml:ro - ./acme.json:/acme.json labels: - "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=http" - "traefik.http.routers.traefik.rule=Host(`host.example.com`)" - "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$apr1$$ablvJ36A$$Q21oIBhPxftfMc8.ZFeW31" - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - "traefik.http.routers.traefik-secure.entrypoints=https" - "traefik.http.routers.traefik-secure.rule=Host(`host.example.com`)" - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.tls.certresolver=http" - "traefik.http.routers.traefik-secure.service=api@internal" app: image: oguzpastirmaci/hostname container_name: app labels: - "traefik.enable=true" - "traefik.http.routers.app.entrypoints=http" - "traefik.http.routers.app.rule=Host(`app.example.com`)" - "traefik.http.middlewares.app-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.app.middlewares=app-https-redirect" - "traefik.http.routers.app-secure.entrypoints=https" - "traefik.http.routers.app-secure.rule=Host(`app.example.com`)" - "traefik.http.routers.app-secure.tls=true" - "traefik.http.routers.app-secure.tls.certresolver=http" - "traefik.http.routers.app-secure.service=app" - "traefik.http.services.app.loadbalancer.server.port=8000"
rodolfo