Skip to content

Instantly share code, notes, and snippets.

@dbene

dbene/README.md

Last active February 7, 2022 16:14
Show Gist options
  • Save dbene/c06ed2a0e1f7e9048824b74030781d3f to your computer and use it in GitHub Desktop.
Save dbene/c06ed2a0e1f7e9048824b74030781d3f to your computer and use it in GitHub Desktop.
Download ZIP
Traefik with Docker - Compose Example
Raw
README.md

How to deploy traefik on docker with docker-compose

This guide is about deployment and configuration of traefik with docker and docker-compose. The settings of traefik are saved within the compose file.

If you are looking for more information the following guide is also very good.

Setup

  • Traefik
    • Create a new docker network thats independent from your traefik compose
      • docker network create -d bridge traefik_proxy
    • Change email address in traefik compose
      • From admin@example.com to whatever your email is
    • Open port 80/tcp and 443/tcp if you use an external firewall
  • Webservice
    • Notice: docker-compose_whoami.yml is an example
    • Set up your domain or subdomain to point to your servers ip address
    • Add the external network to your service compose
    • Add the network to the desired service within the compose
    • Add the labels to the desired service within the compose
      • whoami is used as a name for the traefik service and router. Change this to whatever is useful for you.
    • Change the port to the internal port of your service
      • You do not need to publish your ports
    • Change domain from whoami.example.com to whatever your domain is
  • Access Web UI
    • On a remote server you can forward the port to your local maschine with an ssh tunnel
      • SSH tunnel example: ssh -L 8080:127.0.0.1:8080 user@example.com
    • Open http://127.0.0.1:8080
Raw
docker-compose.yml
version: '3'
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:v2.5
container_name: traefik
restart: unless-stopped
# Enables the web UI and tells Traefik to listen to docker
command:
- "--log.level=INFO"
- "--api"
- "--api.insecure=true"
- "--providers.docker"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--certificatesresolvers.httpresolver.acme.httpchallenge=true"
- "--certificatesresolvers.httpresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.httpresolver.acme.storage=/letsencrypt/acme.json"
# Change email adress
- "--certificatesresolvers.httpresolver.acme.email=admin@example.com"
# Use for testing
# - "--certificatesresolvers.httpresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
# - "--accesslog=true"
# - "--accesslog.filepath=/logs/access.log"
# HTTP/3
# Enable 443/udp and the following options
# - "--experimental.http3=true"
# - "--entrypoints.websecure.http3"
ports:
- "80:80"
- "443:443"
# - "443:443/udp"
# The Web UI (enabled by --api.insecure=true), bind on loopback address
- "127.0.0.1:8080:8080"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
- ./letsencrypt:/letsencrypt
networks:
- traefik_proxy
- default
# Create network first with "docker network create -d bridge traefik_proxy"
networks:
traefik_proxy:
external:
name: traefik_proxy
default:
driver: bridge
Raw
docker-compose_whoami.yml
version: '3'
services:
whoami:
image: "traefik/whoami"
container_name: "whoami-1"
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik_proxy"
- "traefik.http.services.whoami.loadbalancer.server.port=80"
- "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=httpresolver"
networks:
- traefik_proxy
whoami2:
image: "traefik/whoami"
container_name: "whoami-2"
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik_proxy"
- "traefik.http.services.whoami2.loadbalancer.server.port=80"
- "traefik.http.routers.whoami2.rule=Host(`whoami2.example.com`)"
- "traefik.http.routers.whoami2.entrypoints=websecure"
- "traefik.http.routers.whoami2.tls.certresolver=httpresolver"
networks:
- traefik_proxy
networks:
traefik_proxy:
external:
name: traefik_proxy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment