Last active
October 23, 2021 06:53
-
-
Save fucyber/bc88c00c7cfe1bc869c2944272b2fdff to your computer and use it in GitHub Desktop.
traefik-docker-compose.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.5" | |
services: | |
traefik-proxy: | |
image: traefik:v2.5.2 | |
container_name: traefik | |
networks: | |
- apps | |
ports: | |
- 80:80 | |
- 443:443 | |
expose: | |
- 8080 | |
restart: unless-stopped | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock #เพื่อให้ทำงานกับ docker ได้ | |
- './traefik.toml:/traefik.toml' | |
- './acme.json:/acme.json' | |
- './traefik_dynamic.toml:/traefik_dynamic.toml' | |
labels: | |
- traefik.enable=true | |
- traefik.network=https | |
- traefik.port=8080 | |
- traefik.http.routers.traefik.service=api@internal | |
- traefik.http.routers.traefik.rule=Host(`dashboard-traefik.abcd.com`) | |
- traefik.http.routers.traefik.middlewares=traefik-auth | |
- traefik.http.middlewares.traefik-auth.basicauth.users=admin:$apr1$tv3carHm$KPB8yg9Ph4V6awdBLUz/o1 | |
# สร้างใช้โดย htpasswd | |
# echo $(htpasswd -nb username password) | sed -e s/\\$/\\$\\$/g | |
# Output format => username:encoded-password | |
environment: | |
- CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL} #ใช้ในการขอ SSL กับ letsencrypt | |
- CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY} | |
networks: | |
apps: | |
driver: bridge | |
name: app-network |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[entryPoints] | |
[entryPoints.web] | |
address = ":80" | |
[entryPoints.web.http.redirections.entryPoint] # บังคับให้ Redirect https | |
to = "https" | |
scheme = "https" | |
[entryPoints.https] | |
address = ":443" | |
# API and dashboard configuration | |
[api] | |
insecure = true | |
dashboard = true | |
[certificatesResolvers.lets-encrypt.acme] | |
email = "youremail@" # เมลที่ใช้ขอ letsencrypt | |
storage = "acme.json" # ไฟล์ที่สร้างไว้เก็บค่า Private key | |
caserver = "https://acme-v02.api.letsencrypt.org/directory" # Production | |
# caserver = "https://acme-staging-v02.api.letsencrypt.org/directory" # staging ระหว่างลองทำแนะนำให้ใช้ staging เนื่องจาก letsencrypt จำกัดจำนวนใน Request ถ้าหากเกินจะไม่สามารถของได้ทำให้เราไม่รู้ว่าเรา config อะไรผิด | |
[certificatesResolvers.lets-encrypt.acme.tlsChallenge] | |
[certificatesResolvers.lets-encrypt.acme.dnsChallenge] | |
provider = "cloudflare" | |
delayBeforeCheck = 0 | |
# อธิบาย 4 บรรทัดบน lets-encrypt ตัวหนาเป็นการตั้งชื่อที่เราตั้งขึ้นเพื่อเรียกใช้งานในครั้งต่อไปได้ | |
# dnsChallenge เป็นการชี้ไปที่ DNS ที่เราใช้งานซึ่งมีค่า Provider Code และ Environment Variables ที่ต้องไปกำหนดที่ DNS ตัวอย่างเป็น cloudflare ไปเจนได้ที่ Profile -> API tokens (https://doc.traefik.io/traefik/https/acme/) | |
# Docker configuration backend | |
[providers] | |
[providers.docker] | |
watch = true | |
network = "app-network" | |
exposedbydefault = false | |
[providers.file] | |
filename = "traefik_dynamic.toml" | |
[log] | |
level = "ERROR" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# สร้างใช้โดย htpasswd | |
# echo $(htpasswd -nb username password) | sed -e s/\\$/\\$\\$/g | |
# Output format => username:encoded-password | |
#[http.middlewares.basicAuthName.basicAuth] | |
# users = [ | |
# "admin:$apr1$tv3carHm$KPB8yg9Ph4V6awdBLUz/o1" | |
# ] | |
# Dynamic configuration | |
#--jenkins | |
#[entryPoints.jenkins.tcpep] | |
# address=":8080" | |
## Dynamic configuration | |
# สร้าง service ขึ้นมาใช้เองชื่อ jenkins-service เป็น type คือ loadBalancer ชี้ไปที่เครื่อง 192.168.0.222:8888 | |
[http.services] | |
[http.services.jenkins-service.loadBalancer] | |
passHostHeader = true | |
#serversTransport = ignore-self-signed | |
[[http.services.jenkins-service.loadBalancer.servers]] | |
url = "http://192.168.0.222:8888" | |
#[serversTransports.ignore-self-signed] | |
# insecureskipverify = true | |
# สร้าง router ชื่อ jenkins โดยให้ jenkins.abcd.com ชี้ไปที่ jenkins-service ที่ตั้งไว้ด้านบน | |
[http.routers.jenkins] | |
rule = "Host(`jenkins.abcd.com`)" | |
entrypoints = ["https"] | |
service = "jenkins-service" | |
# middlewares = ["simpleAuth"] | |
[http.routers.jenkins.tls] | |
certResolver = "lets-encrypt" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.3" | |
# ตัวอย่างการใช้ CLI กับ docker ที่ต้องการให้ route ไปหา | |
services: | |
whoami: | |
image: "traefik/whoami" | |
container_name: "whoami" | |
labels: | |
- traefik.enable=true # เปิดใช้งาน | |
- traefik.http.routers.whoami.rule=Host(`whoami.abcd.com`) # กำหนดชื่อ domain | |
- traefik.http.routers.whoami.entrypoints=https # กำหนดให้ใช้ https entrypoints | |
- traefik.http.routers.whoami.tls=true | |
- traefik.http.routers.whoami.tls.certresolver=lets-encrypt # กรณีที่ขอเป็นรายโดนเมน ถ้าขอเป็น Wildcard SSL ก็ไม่ต้องขอเพิ่ม |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment