Created
November 12, 2019 17:29
-
-
Save bgraf-zlab/2459d517d9047de443a26717af3d1c98 to your computer and use it in GitHub Desktop.
Use `traefic` within AWS Elasticbeanstalk Multi-Container Docker as a letsencrypt-secured load balancer & proxy to other services
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSEBDockerrunVersion": 2, | |
"volumes": [ | |
{ | |
"name": "dockersock", | |
"host": { "sourcePath": "/var/run/docker.sock" } | |
}, | |
{ | |
"name": "traefik-config", | |
"host": { "sourcePath": "/var/app/current/reverseproxyconf.yml" } | |
} | |
], | |
"containerDefinitions": [ | |
{ | |
"name": "tls-terminator", | |
"image": "traefik:v2.0", | |
"command": [ | |
"--api.insecure=true", | |
"--providers.file.filename=/var/traefik/reverseproxyconf.yml", | |
"--serverstransport.insecureskipverify=true", | |
"--certificatesResolvers.main-ssl.acme.email=<your-email-address>", | |
"--certificatesResolvers.main-ssl.acme.httpchallenge=true", | |
"--certificatesResolvers.main-ssl.acme.httpChallenge.entryPoint=web", | |
"--entrypoints.web.address=:80", | |
"--entrypoints.main-ssl.address=:443" | |
], | |
"portMappings": [ | |
{ "hostPort": 80, "containerPort": 80 }, | |
{ "hostPort": 8080, "containerPort": 8080 }, | |
{ "hostPort": 443, "containerPort": 443 } | |
], | |
"memory": 256, | |
"essential": true, | |
"mountPoints": [ | |
{ | |
"sourceVolume": "dockersock", | |
"containerPath": "/var/run/docker.sock" | |
}, | |
{ | |
"sourceVolume": "traefik-config", | |
"containerPath": "/var/traefik/reverseproxyconf.yml" | |
} | |
] | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http: | |
routers: | |
default-http: | |
entryPoints: | |
- web | |
service: proxy-service | |
rule: Host(`<a-host.tld>`) | |
middlewares: | |
- always-do-https | |
backend-secure: | |
entryPoints: | |
- main-ssl | |
service: proxy-service | |
rule: Host(`<a-host.tld>`) | |
tls: | |
certResolver: main-ssl | |
# Force https | |
middlewares: | |
always-do-https: | |
headers: | |
sslRedirect: true | |
# define backend service*s | |
services: | |
proxy-service: | |
loadBalancer: | |
servers: | |
- url: <a-backend-service-uri> | |
passHostHeader: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# put this in `.ebextensions/` | |
option_settings: | |
aws:elb:listener:443: | |
ListenerProtocol: TCP | |
InstancePort: 443 | |
InstanceProtocol: TCP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment