-
-
Save bennigraf/12bf575c976de013298a4aefae1c2fb9 to your computer and use it in GitHub Desktop.
Use `traefic` within AWS Elasticbeanstalk Multi-Container Docker as a letsencrypt-secured load balancer & proxy to other services
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSEBDockerrunVersion": 2, | |
"volumes": [ | |
{ | |
"name": "dockersock", | |
"host": { "sourcePath": "/var/run/docker.sock" } | |
}, | |
{ | |
"name": "traefik-config", | |
"host": { "sourcePath": "/var/app/current/reverseproxyconf.yml" } | |
} | |
], | |
"containerDefinitions": [ | |
{ | |
"name": "tls-terminator", | |
"image": "traefik:v2.0", | |
"command": [ | |
"--api.insecure=true", | |
"--providers.file.filename=/var/traefik/reverseproxyconf.yml", | |
"--serverstransport.insecureskipverify=true", | |
"--certificatesResolvers.main-ssl.acme.email=<your-email-address>", | |
"--certificatesResolvers.main-ssl.acme.httpchallenge=true", | |
"--certificatesResolvers.main-ssl.acme.httpChallenge.entryPoint=web", | |
"--entrypoints.web.address=:80", | |
"--entrypoints.main-ssl.address=:443" | |
], | |
"portMappings": [ | |
{ "hostPort": 80, "containerPort": 80 }, | |
{ "hostPort": 8080, "containerPort": 8080 }, | |
{ "hostPort": 443, "containerPort": 443 } | |
], | |
"memory": 256, | |
"essential": true, | |
"mountPoints": [ | |
{ | |
"sourceVolume": "dockersock", | |
"containerPath": "/var/run/docker.sock" | |
}, | |
{ | |
"sourceVolume": "traefik-config", | |
"containerPath": "/var/traefik/reverseproxyconf.yml" | |
} | |
] | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http: | |
routers: | |
default-http: | |
entryPoints: | |
- web | |
service: proxy-service | |
rule: Host(`<a-host.tld>`) | |
middlewares: | |
- always-do-https | |
backend-secure: | |
entryPoints: | |
- main-ssl | |
service: proxy-service | |
rule: Host(`<a-host.tld>`) | |
tls: | |
certResolver: main-ssl | |
# Force https | |
middlewares: | |
always-do-https: | |
headers: | |
sslRedirect: true | |
# define backend service*s | |
services: | |
proxy-service: | |
loadBalancer: | |
servers: | |
- url: <a-backend-service-uri> | |
passHostHeader: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# put this in `.ebextensions/` | |
option_settings: | |
aws:elb:listener:443: | |
ListenerProtocol: TCP | |
InstancePort: 443 | |
InstanceProtocol: TCP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment