-
-
Save MaxPeal/592e0c9641a8b52f0b1e81e5da028c8e to your computer and use it in GitHub Desktop.
Use https://traefik.me SSL certificates for local HTTPS without having to touch your /etc/hosts or your certificate CA.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3' | |
services: | |
traefik: | |
restart: unless-stopped | |
#image: traefik:v2.0.2 | |
image: traefik:v2.2 | |
depends_on: | |
- "wait" | |
ports: | |
- "80:80" | |
- "443:443" | |
labels: | |
- "traefik.http.services.traefik.loadbalancer.server.port=8080" | |
volumes: | |
- ./traefik.yml:/etc/traefik/traefik.yml | |
- ./tls.yml:/etc/traefik/tls.yml | |
- /var/run/docker.sock:/var/run/docker.sock | |
- certs:/etc/ssl/traefik | |
app1: | |
image: containous/whoami | |
labels: | |
- "traefik.http.routers.app1.rule=HostRegexp(`app1.{ip:.*}.traefik.me`)" #for accsess form extern | |
- "traefik.http.routers.app1.rule=Host(`app1.traefik.me`)" | |
- "traefik.http.routers.app1-tls.tls.domains[0].main=app1.traefik.me" | |
- "traefik.http.routers.app1-tls.tls.domains[0].sans=app1-*.traefik.me" | |
app2: | |
image: containous/whoami | |
labels: | |
- "traefik.http.routers.app2.rule=HostRegexp(`app2.{ip:.*}.traefik.me`)" #for accsess form extern | |
#- "traefik.http.routers.app2.rule=Host(`app2.traefik.me`)" | |
- "traefik.http.routers.app2-tls.tls.domains[0].main=app2.traefik.me" | |
- "traefik.http.routers.app2-tls.tls.domains[0].sans=app2-*.traefik.me" | |
wait: | |
#build: wait-for-file | |
image: woa7/wait-for-file | |
volumes: | |
- certs:/etc/ssl/traefik | |
entrypoint: /wait-for-file.sh /etc/ssl/traefik/traefik.me-cert-ca-bundle.pem /bin/sh | |
depends_on: | |
- "reverse-proxy-https-helper" | |
reverse-proxy-https-helper: | |
image: alpine | |
command: sh -c "apk update && apk add wget && mkdir -p /etc/ssl/traefik/tmpb && cd /etc/ssl/traefik/tmpb | |
&& rm -fr /etc/ssl/traefik/traefik.me-cert-ca-bundle.pem | |
&& wget --server-response --timestamping https://traefik.me/privkey.pem https://traefik.me/chain.pem https://traefik.me/fullchain.pem https://traefik.me/cert.pem | |
&& cat cert.pem > traefik.me-cert-ca-bundle.pem | |
&& wget --server-response --timestamping https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt | |
&& cat lets-encrypt-x3-cross-signed.pem.txt >> traefik.me-cert-ca-bundle.pem | |
&& wget --server-response --timestamping https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt | |
&& cat letsencryptauthorityx3.pem.txt >> traefik.me-cert-ca-bundle.pem | |
&& cp -p /etc/ssl/traefik/tmpb/* /etc/ssl/traefik/" | |
volumes: | |
- certs:/etc/ssl/traefik | |
volumes: | |
certs: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tls: | |
stores: | |
default: | |
defaultCertificate: | |
certFile: /etc/ssl/traefik/traefik.me-cert-ca-bundle.pem | |
keyFile: /etc/ssl/traefik/privkey.pem | |
certificates: | |
- certFile: /etc/ssl/traefik/traefik.me-cert-ca-bundle.pem | |
keyFile: /etc/ssl/traefik/privkey.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##logLevel = "DEBUG" | |
#logLevel: INFO | |
##logLevel: DEBUG | |
log: | |
level: DEBUG | |
#By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. | |
api: | |
insecure: true | |
dashboard: true | |
entryPoints: | |
http: | |
address: ":80" | |
https: | |
address: ":443" | |
providers: | |
file: | |
filename: /etc/traefik/tls.yml | |
docker: | |
endpoint: unix:///var/run/docker.sock | |
watch: true | |
exposedByDefault: true | |
defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.traefik.me`,`{{ index .Labels \"com.docker.compose.service\"}}-{dashed-ip:.*}.traefik.me`)" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment