Last active
May 16, 2020 16:12
-
-
Save Cauen/70388e27d0b3d18ff7a2851ea70f9ed3 to your computer and use it in GitHub Desktop.
Docker Swarm + Traefik (Global Redirection & Subdomain & Auth to view Dashboard) + 2 backends
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Is needed to add A records to the address of the network | |
# Cname with * wildcard would be good | |
version: '3' | |
services: | |
traefik: | |
image: traefik:v2.0.0 | |
command: | |
- --api.insecure=false # set to 'false' on production | |
- --api.dashboard=true # see https://docs.traefik.io/v2.0/operations/dashboard/#secure-mode for how to secure the dashboard | |
- --api.debug=true # enable additional endpoints for debugging and profiling | |
- --log.level=DEBUG # debug while we get it working, for more levels/info see https://docs.traefik.io/observability/logs/ | |
- --providers.docker.endpoint=unix:///var/run/docker.sock | |
- --providers.docker.swarmMode=true | |
- --providers.docker.exposedbydefault=false | |
- --providers.docker.network=traefik-public | |
- --entrypoints.web.address=:80 | |
- --entrypoints.websecure.address=:443 | |
- --certificatesresolvers.letsencryptresolver.acme.httpchallenge=true | |
- --certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web | |
- --certificatesresolvers.letsencryptresolver.acme.email=user@domain.com | |
- --certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json | |
ports: | |
- 80:80 | |
- 443:443 | |
volumes: | |
# To persist certificates | |
- traefik-certificates:/letsencrypt | |
# So that Traefik can listen to the Docker events | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
networks: | |
- traefik-public | |
deploy: | |
labels: | |
- traefik.enable=true | |
# Dashboard | |
- traefik.http.routers.traefik.rule=Host(`proxy.domain.com`) | |
- traefik.http.routers.traefik.service=api@internal | |
- traefik.http.routers.traefik.tls.certresolver=letsencryptresolver | |
- traefik.http.routers.traefik.entrypoints=websecure | |
- traefik.http.routers.traefik.middlewares=authtraefik | |
# user/password (https://www.web2generators.com/apache-tools/htpasswd-generator) | |
# comma-separated users | |
- traefik.http.middlewares.authtraefik.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/ | |
# global redirect to https | |
- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`) | |
- traefik.http.routers.http-catchall.entrypoints=web | |
- traefik.http.routers.http-catchall.middlewares=redirect-to-https | |
# middleware redirect | |
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https | |
- traefik.http.services.dummy-svc.loadbalancer.server.port=9999 | |
placement: | |
constraints: | |
- node.role == manager | |
helloworld: | |
image: tutum/hello-world:latest | |
networks: | |
- traefik-public | |
deploy: | |
labels: | |
- traefik.enable=true | |
- traefik.http.routers.helloworld-web-secure.rule=Host(`domain.com`) | |
- traefik.http.routers.helloworld-web-secure.tls.certresolver=letsencryptresolver | |
- traefik.http.routers.helloworld-web-secure.tls=true | |
- traefik.http.routers.helloworld-web-secure.entrypoints=websecure | |
# if you have multiple ports exposed on the service, specify port in the web-secure service | |
- traefik.http.services.helloworld-web-secure.loadbalancer.server.port=80 | |
backend: | |
image: cauen/cauenode_backend | |
networks: | |
- traefik-public | |
networks: | |
- traefik-public | |
deploy: | |
mode: global | |
placement: | |
constraints: | |
- node.role == worker | |
labels: | |
- traefik.enable=true | |
# securing | |
- traefik.http.routers.backend-secure.rule=Host(`api.domain.com`) | |
- traefik.http.routers.backend-secure.tls.certresolver=letsencryptresolver | |
- traefik.http.routers.backend-secure.tls=true | |
- traefik.http.routers.backend-secure.entrypoints=websecure | |
# Service port | |
- traefik.http.services.backend.loadbalancer.server.port=1234 | |
volumes: | |
traefik-certificates: | |
networks: | |
traefik-public: | |
external: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment