Created
April 5, 2022 03:22
-
-
Save funnylookinhat/0bfa726e26e6acbc5de9af761160b2f8 to your computer and use it in GitHub Desktop.
docker-compose reverse https proxy with traefik using self-signed certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This example demonstrates using Traefik as a quick HTTPS reverse proxy for local | |
| # docker-compose development. It's a common requirement to need to test with SSL | |
| # locally (simulating how load balancers are exposed in production), but most of the | |
| # examples out there require nginx (and a configuration file, and certificates, and | |
| # volumes mapping all of that). | |
| # | |
| # Traefik (and other tools like it: Caddy, Envoy, Istio) make configuration via | |
| # docker labels extremely easy. In this example, we use labels on the "app" | |
| # server to route all traffic from HTTPS (443) to an application exposed on | |
| # port 3000. | |
| # | |
| # By default, traefik will use a self-signed cert (generated on each startup) | |
| # if no other configuration is provided. If you're OK with needing to "Accept | |
| # the Risks" frequently with Chrome, that shouldn't be an issue. Should you | |
| # want to provide a cert that can be accepted once, generate a self-signed | |
| # cert and add it to the configuration. | |
| # See: https://doc.traefik.io/traefik/https/tls/ | |
| # | |
| # For more information on Traefik, read the docs here: | |
| # https://doc.traefik.io/traefik/ | |
| version: "3.3" | |
| services: | |
| traefik: | |
| image: "traefik:v2.6" | |
| command: | |
| # To access the API for Traefik, visit http://localhost:8080 | |
| - "--api.insecure=true" | |
| # Enable reading docker labels on containers for dynamic configuration | |
| - "--providers.docker=true" | |
| # The next three lines setup an HTTP listener that just redirects all | |
| # traffic to https | |
| - "--entrypoints.web.address=:80" | |
| - "--entryPoints.web.http.redirections.entryPoint.to=websecure" | |
| - "--entryPoints.web.http.redirections.entryPoint.scheme=https" | |
| # This sets up an https listener - by default, it uses a self-signed cert | |
| # if none is provided. | |
| - "--entryPoints.websecure.address=:443" | |
| ports: | |
| # Listen to redirect all http traffic. | |
| - "80:80" | |
| # Listen for all HTTPS traffic | |
| - "443:443" | |
| # Traefik API / Dashboard exposure. | |
| - "8080:8080" | |
| volumes: | |
| - "/var/run/docker.sock:/var/run/docker.sock:ro" | |
| whoami: | |
| image: "traefik/whoami" | |
| command: | |
| # Specifying a custom port here for an example below | |
| - "-port=3000" | |
| labels: | |
| # Route all traffic sent to traefik to this container | |
| - "traefik.http.routers.whoami.rule=PathPrefix(`/`)" | |
| # Listening on websecure (port 443) | |
| - "traefik.http.routers.whoami.entrypoints=websecure" | |
| # ...and enable TLS (required for 443 / HTTPS) | |
| - "traefik.http.routers.whoami.tls=true" | |
| # Define the custom port for the service | |
| - "traefik.http.services.app.loadbalancer.server.port=3000" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment