Skip to main content

Traefik - Docker Compose, Reverse Proxy with automated Let's Encrypt Certificate for Docker Containers

361 words·
Traefik Reverse Proxy Docker-Compose Let's Encrypt
Table of Contents

Traefik
#

Folder Structure
# 

# Create folders
sudo mkdir -p /opt/traefik && cd /opt/traefik

Docker Compose
# 

# Create Docker Compose file
sudo vi docker-compose.yml

Default Container
# 

version: "3.9"
services:

  traefik:
    image: "traefik:v2.11"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
      #- "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=juergen.klug@outlook.at"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
      - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    restart: unless-stopped

Example: Whoami
# 

version: "3.9"
services:

  traefik:
    image: "traefik:v2.11"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
      #- "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=juergen.klug@outlook.at"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
      - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    restart: unless-stopped

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.jklug.work`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
    restart: unless-stopped

Example: Networking
# 

# Create network used for Traefik to communicate with other Docker containers
sudo docker network create traefik

# List Docker networks
sudo docker network ls
  • Traefik Container
version: "3.9"
services:

  traefik:
    image: "traefik:v2.11"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
      #- "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=juergen.klug@outlook.at"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
      - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    restart: unless-stopped
    networks:
      - traefik 

networks:
  traefik:
    external: true
  • Whoami Container
version: "3.9"
services:

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.jklug.work`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
      - "traefik.http.services.whoami.loadbalancer.server.port=80"
      - "traefik.docker.network=traefik"
    restart: unless-stopped
    networks:
      - traefik 

networks:
  traefik:
    external: true
  • Apache Container no 1
version: '3.9'
services:

  webserver:
    image: httpd:latest
    ports:
      - "80"
    volumes:
      - ./html:/usr/local/apache2/htdocs/
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.apache-no1.rule=Host(`apache-no1.jklug.work`)"
      - "traefik.http.routers.apache-no1.entrypoints=websecure"
      - "traefik.http.routers.apache-no1.tls.certresolver=myresolver"
      - "traefik.http.services.apache-no1.loadbalancer.server.port=80"
      - "traefik.docker.network=traefik"
    restart: unless-stopped
    networks:
      - traefik 

networks:
  traefik:
    external: true
  • Apache Container no 2
version: '3.9'
services:

  webserver:
    image: httpd:latest
    ports:
      - "80"
    volumes:
      - ./html:/usr/local/apache2/htdocs/
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.apache-no2.rule=Host(`apache-no2.jklug.work`)"
      - "traefik.http.routers.apache-no2.entrypoints=websecure"
      - "traefik.http.routers.apache-no2.tls.certresolver=myresolver"
      - "traefik.http.services.apache-no2.loadbalancer.server.port=80"
      - "traefik.docker.network=traefik"
    restart: unless-stopped
    networks:
      - traefik 

networks:
  traefik:
    external: true

# Start Docker container
sudo docker compose up -d

Settings
#

Dashboard
#

To enable the Traefik dashboard that is accessible via port 8080 uncomment the following line:

#- "--api.insecure=true"

Log Level
#

Define the log level as follows:

- "--log.level=DEBUG"

The following log levels are allowed: info, warn, error, debug


Links # 

# Official Documentation
https://doc.traefik.io/traefik/user-guides/docker-compose/acme-tls/