🦺Træfik

Træfik with Docker

Official Traefik Labs documentation: https://doc.traefik.io/

Traefik is a reverse proxy that allows in our case to make redirections from a website to an application running on a specific port. We will also have an automatic TLS certificate renewed thanks to Let's Encrypt.

The necessary prerequisites:

Docker installation
Ports 80 and 443 opens

Once Docker is installed and ports 80 and 443 are open we will create a directory with the name of our choice in our case we will call it traefik.

mkdir traekif

Type the following command and keep the information. This will allow us to

echo $(htpasswd -nb username password) | sed -e s/\\$/\\$\\$/g

We will also create the proxy network.

docker network create proxy

In this directory we will create the files below.

docker-compose.yml
config.yml
traefik.yml
acme.json

The docker-compose.yml file which is the file that will be read during the execution of our container. Replace pathoffile by the path where the files are located after the . At the label level we put the username and password kept previously.

version: '3'

services:
  traefik:
    image: traefik:v2.6
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - chemindufichier/traefik.yml:/traefik.yml:ro
      - chemindufichier/traefik/acme.json:/acme.json
      - chemindufichier/traefik/config.yml:/config.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.domaine.(fr,com ou autres)`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=username:$$apr1$$motdepassehash"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.domaine.(fr,com ou autres)`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true

The traefik.yml file. Don't forget to put our email address.

api:
  dashboard: true
  debug: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml

certificatesResolvers:
  http:
    acme:
      email: monmail@gmail.com
      storage: acme.json
      httpChallenge:
        entryPoint: http

The config.yml file

http:
  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https

Then we will create the acme file and give it the necessary rights.

touch acme.json
chmod 600 acme.json

Now we just need to launch our container.

docker-compose up -d

Let's check that our container is up.

docker ps -a

So now we can access by url to traefik at traefik.domain.com

Now if we want to have another container with active TLS certificate in the docker compose we put this part. replace SERVICE by the name of the service you want to see displayed on the GUI of traefik.

    networks:
      - proxy
    labels:
        - "traefik.enable=true"
        - "traefik.http.routers.SERVICE.entrypoints=http"
        - "traefik.http.routers.SERVICE.rule=Host(`domaine.com`)"
        - "traefik.http.middlewares.SERVICE-https-redirect.redirectscheme.scheme=https"
        - "traefik.http.routers.SERVICE.middlewares=SERVICE-https-redirect"
        - "traefik.http.routers.SERVICE-secure.entrypoints=https"
        - "traefik.http.routers.SERVICE-secure.rule=Host(`domaine.com`)"
        - "traefik.http.routers.SERVICE-secure.tls=true"
        - "traefik.http.routers.SERVICE-secure.tls.certresolver=http"
        - "traefik.http.routers.SERVICE-secure.service=SERVICE"
        - "traefik.http.services.SERVICE.loadbalancer.server.port=8096"
        - "traefik.docker.network=proxy"
networks:
  proxy:
    external: true

PreviousDocker NextPassbolt

Last updated 1 year ago

version: '3' services: traefik: image: traefik:v2.6 container_name: traefik restart: unless-stopped security_opt: - no-new-privileges:true networks: - proxy ports: - 80:80 - 443:443 volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - chemindufichier/traefik.yml:/traefik.yml:ro - chemindufichier/traefik/acme.json:/acme.json - chemindufichier/traefik/config.yml:/config.yml:ro labels: - "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=http" - "traefik.http.routers.traefik.rule=Host(`traefik.domaine.(fr,com ou autres)`)" - "traefik.http.middlewares.traefik-auth.basicauth.users=username:$$apr1$$motdepassehash" - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - "traefik.http.routers.traefik-secure.entrypoints=https" - "traefik.http.routers.traefik-secure.rule=Host(`traefik.domaine.(fr,com ou autres)`)" - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.tls.certresolver=http" - "traefik.http.routers.traefik-secure.service=api@internal" networks: proxy: external: true

api: dashboard: true debug: true entryPoints: http: address: ":80" https: address: ":443" providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false file: filename: /config.yml certificatesResolvers: http: acme: email: monmail@gmail.com storage: acme.json httpChallenge: entryPoint: http

networks: - proxy labels: - "traefik.enable=true" - "traefik.http.routers.SERVICE.entrypoints=http" - "traefik.http.routers.SERVICE.rule=Host(`domaine.com`)" - "traefik.http.middlewares.SERVICE-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.SERVICE.middlewares=SERVICE-https-redirect" - "traefik.http.routers.SERVICE-secure.entrypoints=https" - "traefik.http.routers.SERVICE-secure.rule=Host(`domaine.com`)" - "traefik.http.routers.SERVICE-secure.tls=true" - "traefik.http.routers.SERVICE-secure.tls.certresolver=http" - "traefik.http.routers.SERVICE-secure.service=SERVICE" - "traefik.http.services.SERVICE.loadbalancer.server.port=8096" - "traefik.docker.network=proxy" networks: proxy: external: true