kasir-barati/traefik.yml

## traefik.yml
log:
  level: DEBUG
  filepath: "/etc/traefik/log/traefik.log"
api:
  dashboard: true
  insecure: false
  debug: true

# Define ports - UDP or TCP - which will recieve packets
entryPoints:
  # The "web" is a selected name by us.
  web:
    # This entrypoint listen the incoming requests on port 80
    # ":80" is the same as ":80/tcp". I mean tcp is the default one.
    # ":80" stands for [hostname]:port[tcp/udp]
    # IDK whether the former hostname is docker's hostname or not :confused: :sad:
    address: ":80"
    # Usually we need "X-Forwarded-*" headers. They contains lots of useful info like IP, host, CDN stuff, etc
    # So we can have them by trusting some specific IP
    forwarededHeaders:
      # This sections is the same as you pass "insecure: true"
      trsutedIPs:
        - "127.0.0.1/32"
        - "192.181.1.7"
    transport:
      # Here we suppose that the reading request, sending back a response, and keep-alive duration how much should take.
      respondingTimeouts:
        # This is in second
        idleTimeout: 42
  websecure:
    address: ":443"
    transport:
      respondingTimeouts:
        idleTimeout: 42
  streaming:
    address: ":1704/udp"
    udp:
      # Optional, Default=3s
      timeout: 10s

# Redirect HTTP to HTTPS. From port 80 to port 443 automatically, globally.
web:
  # Here "middleware" instruction specifies new middleware for the "web" entrypoint
  middlewares:
    redirectscheme:
      # redirectScheme help us to define redirecting configurations
      redirectScheme:
        scheme: websecure
        # IDK should I put this port here or not. figure it out yourself and tell me the result.
        port: ":443"
        permanent: true

providers:
  docker:
    exposedByDefault: false
    endpoint: "tcp://dockerproxy:2375"
    network: "traefik"
    defaultRule: "Host(`{{ trimPrefix `/` .Name }}.example.com`)"
  file:
    filename: "/etc/traefik/dynamic_config.yml"
    watch: true

# Retrieve certificates from a ACME server
# ACME stands for The Automated Certificate Management Environment. It is a communication protocol
# With this confinguration we are applying TLS globally for all the containers. This makes life a whole lot easier.
# Because we do not need to maintain many TLS as we used to be in Nginx world :smile:
certificatesResolvers:
  namecheap:
    acme:
      email: anyname@anymail.com
      storage: "/etc/traefik/acme/acme.json"
      # To have a functional cetificate resolver we need to define ACME challenge type
      tlsChallenge: {}
      dnsChallenge:
        provider: namecheap
        delayBeforeCheck: 120
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"


## traeik.yml
version: '3.7'

services:
  traefik:
  	image: traefik:v2.6
    networks:
      - traefik-global-proxy
    ports:
      - 443:443
      - 80:80
    volumes:
      # Traefik static conf
      - traefik.yml:/etc/traefik/traefik.yml
      # Map a directory to save SSL certificates
      - ./letsencrypt:/letsencrypt
      # Enable hot reload for traefik whenever we create new containers
      - /var/run/docker.sock:/var/run/docker.sock

# This network is the one that those containers which needed to be exposed have to join it.
networks:
  traefik-global-proxy:
    # name instruction prevent default naming for this network :smile:
    name: traefik-global-proxy

## whoami.yml
version: "3.7"

services:
  whoami:
    # A container that exposes an API to show its IP address
    image: traefik/whoami:v1.8.0
    labels:
      - "traefik.enable=true"
      # Traefik assign domain names by this "label". Now traefik can get a cert for it
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
      # The following label enable TLS
      - "traefik.http.routers.whoami.tls=true"
      # In this label we are gonna define ... (Actually IDK, not yet. if you know please drop a comment for me and tell me what does this label for us)
      - "traefik.http.routers.whoami.tls.certresolver=site-name-com-resolver"
    depends_on:
      - traefik
    scale: 1
	log:
	level: DEBUG
	filepath: "/etc/traefik/log/traefik.log"
	api:
	dashboard: true
	insecure: false
	debug: true

	# Define ports - UDP or TCP - which will recieve packets
	entryPoints:
	# The "web" is a selected name by us.
	web:
	# This entrypoint listen the incoming requests on port 80
	# ":80" is the same as ":80/tcp". I mean tcp is the default one.
	# ":80" stands for [hostname]:port[tcp/udp]
	# IDK whether the former hostname is docker's hostname or not :confused: :sad:
	address: ":80"
	# Usually we need "X-Forwarded-*" headers. They contains lots of useful info like IP, host, CDN stuff, etc
	# So we can have them by trusting some specific IP
	forwarededHeaders:
	# This sections is the same as you pass "insecure: true"
	trsutedIPs:
	- "127.0.0.1/32"
	- "192.181.1.7"
	transport:
	# Here we suppose that the reading request, sending back a response, and keep-alive duration how much should take.
	respondingTimeouts:
	# This is in second
	idleTimeout: 42
	websecure:
	address: ":443"
	transport:
	respondingTimeouts:
	idleTimeout: 42
	streaming:
	address: ":1704/udp"
	udp:
	# Optional, Default=3s
	timeout: 10s

	# Redirect HTTP to HTTPS. From port 80 to port 443 automatically, globally.
	web:
	# Here "middleware" instruction specifies new middleware for the "web" entrypoint
	middlewares:
	redirectscheme:
	# redirectScheme help us to define redirecting configurations
	redirectScheme:
	scheme: websecure
	# IDK should I put this port here or not. figure it out yourself and tell me the result.
	port: ":443"
	permanent: true

	providers:
	docker:
	exposedByDefault: false
	endpoint: "tcp://dockerproxy:2375"
	network: "traefik"
	defaultRule: "Host(`{{ trimPrefix `/` .Name }}.example.com`)"
	file:
	filename: "/etc/traefik/dynamic_config.yml"
	watch: true

	# Retrieve certificates from a ACME server
	# ACME stands for The Automated Certificate Management Environment. It is a communication protocol
	# With this confinguration we are applying TLS globally for all the containers. This makes life a whole lot easier.
	# Because we do not need to maintain many TLS as we used to be in Nginx world :smile:
	certificatesResolvers:
	namecheap:
	acme:
	email: anyname@anymail.com
	storage: "/etc/traefik/acme/acme.json"
	# To have a functional cetificate resolver we need to define ACME challenge type
	tlsChallenge: {}
	dnsChallenge:
	provider: namecheap
	delayBeforeCheck: 120
	resolvers:
	- "1.1.1.1:53"
	- "8.8.8.8:53"
	version: '3.7'

	services:
	traefik:
	image: traefik:v2.6
	networks:
	- traefik-global-proxy
	ports:
	- 443:443
	- 80:80
	volumes:
	# Traefik static conf
	- traefik.yml:/etc/traefik/traefik.yml
	# Map a directory to save SSL certificates
	- ./letsencrypt:/letsencrypt
	# Enable hot reload for traefik whenever we create new containers
	- /var/run/docker.sock:/var/run/docker.sock

	# This network is the one that those containers which needed to be exposed have to join it.
	networks:
	traefik-global-proxy:
	# name instruction prevent default naming for this network :smile:
	name: traefik-global-proxy
	version: "3.7"

	services:
	whoami:
	# A container that exposes an API to show its IP address
	image: traefik/whoami:v1.8.0
	labels:
	- "traefik.enable=true"
	# Traefik assign domain names by this "label". Now traefik can get a cert for it
	- "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
	# The following label enable TLS
	- "traefik.http.routers.whoami.tls=true"
	# In this label we are gonna define ... (Actually IDK, not yet. if you know please drop a comment for me and tell me what does this label for us)
	- "traefik.http.routers.whoami.tls.certresolver=site-name-com-resolver"
	depends_on:
	- traefik
	scale: 1