Simple example on how to enable automatic HTTPS with Traefik.
It should be used for the kickoff-docker-php.
Simple example on how to enable automatic HTTPS with Traefik.
It should be used for the kickoff-docker-php.
{{- $virtualhost := index (pick .Values.Project.virtualhost .EnvFiles.Config.ENV) .EnvFiles.Config.ENV -}} | |
version: '3.3' | |
services: | |
proxy: | |
# CAUTION: update the version of Traefik if needed! | |
image: traefik:1.5.1-alpine | |
container_name: kickoff-proxy | |
restart: {{ if and (ne "local" .EnvFiles.Config.ENV) (eq false .Values.Modules.graylog.enable) }}unless-stopped{{ else }}"no"{{ end }} | |
command: --docker --logLevel={{ .EnvFiles.Config.TRAEFIK_LOG_LEVEL }} | |
networks: | |
- proxy | |
ports: | |
- "80:80" | |
- "443:443" | |
labels: | |
- traefik.frontend.rule=Host:traefik.{{ $virtualhost }} | |
- traefik.port=8080 | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
- ./traefik.toml:/traefik.toml:ro | |
{{- if eq "local" .EnvFiles.Config.ENV }} | |
- ../toolbox/generated/traefik/certs:/certs:ro | |
{{- else if eq "production" .EnvFiles.Config.ENV }} | |
- ./acme.json:/acme.json:rw | |
- ../toolbox/generated/traefik/auth/:/auth/:ro | |
{{- else }} | |
- {{ .EnvFiles.Config.TRAEFIK_CERT_FILE_PATH }}:/certs/{{ $virtualhost }}.crt:ro | |
- {{ .EnvFiles.Config.TRAEFIK_KEY_FILE_PATH }}:/certs/{{ $virtualhost }}.key:ro | |
- ../toolbox/generated/traefik/auth/:/auth/:ro | |
{{ end }} | |
networks: | |
proxy: | |
driver: bridge |
{{- $virtualhost := index (pick .Values.Project.virtualhost .EnvFiles.Config.ENV) .EnvFiles.Config.ENV -}} | |
# Entry points definition | |
defaultEntryPoints = ["http", "https"] | |
[entryPoints] | |
[entryPoints.http] | |
address = ":80" | |
[entryPoints.http.redirect] | |
entryPoint = "https" | |
[entryPoints.https] | |
address = ":443" | |
[entryPoints.https.tls] | |
{{- if eq "production" .EnvFiles.Config.ENV }} | |
[acme] | |
email = "your-email@provider.com" | |
storage = "acme.json" | |
entryPoint = "https" | |
onDemand = true | |
onHostRule = true | |
# Uncomment the next line for your testing: | |
#caServer = "https://acme-staging.api.letsencrypt.org/directory" | |
[acme.httpChallenge] | |
entryPoint = "http" | |
{{- else }} | |
[[entryPoints.https.tls.certificates]] | |
certFile = "certs/{{ $virtualhost }}.crt" | |
keyFile = "certs/{{ $virtualhost }}.key" | |
{{- end }} | |
# API backend | |
[web] | |
address = ":8080" | |
{{- if ne "local" .EnvFiles.Config.ENV }} | |
[web.auth.digest] | |
usersFile = "auth/.htdigest" | |
{{- end }} |
Once you have updated the previous file in your kickoff stack, create a file acme.json
in modules/traefik
on your production server.
Also add it to your .gitignore
file.
You're now good to go :-)