Skip to content

Instantly share code, notes, and snippets.

@MaxPeal

MaxPeal/docker-compose.yml

Forked from pyrou/docker-compose.yml
Last active October 15, 2021 13:05
Show Gist options
  • Save MaxPeal/592e0c9641a8b52f0b1e81e5da028c8e to your computer and use it in GitHub Desktop.
Save MaxPeal/592e0c9641a8b52f0b1e81e5da028c8e to your computer and use it in GitHub Desktop.
Download ZIP
Use https://traefik.me SSL certificates for local HTTPS without having to touch your /etc/hosts or your certificate CA.
Raw
docker-compose.yml
version: '3'
services:
traefik:
restart: unless-stopped
#image: traefik:v2.0.2
image: traefik:v2.2
depends_on:
- "wait"
ports:
- "80:80"
- "443:443"
labels:
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
volumes:
- ./traefik.yml:/etc/traefik/traefik.yml
- ./tls.yml:/etc/traefik/tls.yml
- /var/run/docker.sock:/var/run/docker.sock
- certs:/etc/ssl/traefik
app1:
image: containous/whoami
labels:
- "traefik.http.routers.app1.rule=HostRegexp(`app1.{ip:.*}.traefik.me`)" #for accsess form extern
- "traefik.http.routers.app1.rule=Host(`app1.traefik.me`)"
- "traefik.http.routers.app1-tls.tls.domains[0].main=app1.traefik.me"
- "traefik.http.routers.app1-tls.tls.domains[0].sans=app1-*.traefik.me"
app2:
image: containous/whoami
labels:
- "traefik.http.routers.app2.rule=HostRegexp(`app2.{ip:.*}.traefik.me`)" #for accsess form extern
#- "traefik.http.routers.app2.rule=Host(`app2.traefik.me`)"
- "traefik.http.routers.app2-tls.tls.domains[0].main=app2.traefik.me"
- "traefik.http.routers.app2-tls.tls.domains[0].sans=app2-*.traefik.me"
wait:
#build: wait-for-file
image: woa7/wait-for-file
volumes:
- certs:/etc/ssl/traefik
entrypoint: /wait-for-file.sh /etc/ssl/traefik/traefik.me-cert-ca-bundle.pem /bin/sh
depends_on:
- "reverse-proxy-https-helper"
reverse-proxy-https-helper:
image: alpine
command: sh -c "apk update && apk add wget && mkdir -p /etc/ssl/traefik/tmpb && cd /etc/ssl/traefik/tmpb
&& rm -fr /etc/ssl/traefik/traefik.me-cert-ca-bundle.pem
&& wget --server-response --timestamping https://traefik.me/privkey.pem https://traefik.me/chain.pem https://traefik.me/fullchain.pem https://traefik.me/cert.pem
&& cat cert.pem > traefik.me-cert-ca-bundle.pem
&& wget --server-response --timestamping https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt
&& cat lets-encrypt-x3-cross-signed.pem.txt >> traefik.me-cert-ca-bundle.pem
&& wget --server-response --timestamping https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt
&& cat letsencryptauthorityx3.pem.txt >> traefik.me-cert-ca-bundle.pem
&& cp -p /etc/ssl/traefik/tmpb/* /etc/ssl/traefik/"
volumes:
- certs:/etc/ssl/traefik
volumes:
certs:
Raw
tls.yml
tls:
stores:
default:
defaultCertificate:
certFile: /etc/ssl/traefik/traefik.me-cert-ca-bundle.pem
keyFile: /etc/ssl/traefik/privkey.pem
certificates:
- certFile: /etc/ssl/traefik/traefik.me-cert-ca-bundle.pem
keyFile: /etc/ssl/traefik/privkey.pem
Raw
traefik.yml
##logLevel = "DEBUG"
#logLevel: INFO
##logLevel: DEBUG
log:
level: DEBUG
#By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
api:
insecure: true
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
file:
filename: /etc/traefik/tls.yml
docker:
endpoint: unix:///var/run/docker.sock
watch: true
exposedByDefault: true
defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.traefik.me`,`{{ index .Labels \"com.docker.compose.service\"}}-{dashed-ip:.*}.traefik.me`)"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment