ohnotnow/traefik-manual-ssl.yml

## traefik-manual-ssl.yml
version: "3.7"

services:
  traefik:
    image: traefik:v2.1.3
    restart: always
    container_name: traefik
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - "8080:8080" # traefik dashboard
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    command:
      - --api.insecure=false
      - --api.dashboard=true
      - --api.debug=false
      - --log.level=INFO
      - --providers.docker=true
      - --providers.docker.swarmMode=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=proxy
      - --providers.file.filename=/run/secrets/traefik-dynamic.yml
      - --entrypoints.web.address=:80
      - --entrypoints.web-secured.address=:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    secrets:
      - source: domain1-cert
        target: domain1.cert
      - source: domain1-key
        target: domain1.key
      - source: domain2-cert
        target: domain2.cert
      - source: domain2-key
        target: domain2.key
      - source: traefik-dynamic
        target: traefik-dynamic.yml
    networks:
      - proxy
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
        - "traefik.http.routers.api.service=api@internal" # Let the dashboard access the traefik api
        - "traefik.http.routers.api.middlewares=auth"
        # echo $(htpasswd -nb username password) | sed -e s/\\$/\\$\\$/g
        - "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$some-hash-or-other"
        - "traefik.http.services.dummy-svc.loadbalancer.server.port=9999"
      placement:
        constraints:
          - node.role == manager

networks:
  proxy:
    external: true

secrets:
  domain1-cert:
    external: true
    name: ${DOMAIN1_SSL_CERT}
  domain1-key:
    external: true
    name: ${DOMAIN1_SSL_KEY}
  domain2-cert:
    external: true
    name: ${DOMAIN2_SSL_CERT}
  domain2-key:
    external: true
    name: ${DOMAIN2_SSL_KEY}
  traefik-dynamic:
    external: true
    name: ${TRAEFIK_DYNAMIC_CONFIG}


# example traefik dynamic yaml config file referenced by the secret `traefik-dynamic`/`${TRAEFIK_DYNAMIC_CONFIG}`
tls:
  certificates:
    - certFile: /run/secrets/domain1.cert
      keyFile: /run/secrets/domain1.key
    - certFile: /run/secrets/domain2.cert
      keyFile: /run/secrets/domain2.key
	version: "3.7"

	services:
	traefik:
	image: traefik:v2.1.3
	restart: always
	container_name: traefik
	ports:
	- target: 80
	published: 80
	protocol: tcp
	mode: host
	- "8080:8080" # traefik dashboard
	- target: 443
	published: 443
	protocol: tcp
	mode: host
	command:
	- --api.insecure=false
	- --api.dashboard=true
	- --api.debug=false
	- --log.level=INFO
	- --providers.docker=true
	- --providers.docker.swarmMode=true
	- --providers.docker.exposedbydefault=false
	- --providers.docker.network=proxy
	- --providers.file.filename=/run/secrets/traefik-dynamic.yml
	- --entrypoints.web.address=:80
	- --entrypoints.web-secured.address=:443
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	secrets:
	- source: domain1-cert
	target: domain1.cert
	- source: domain1-key
	target: domain1.key
	- source: domain2-cert
	target: domain2.cert
	- source: domain2-key
	target: domain2.key
	- source: traefik-dynamic
	target: traefik-dynamic.yml
	networks:
	- proxy
	deploy:
	labels:
	- "traefik.enable=true"
	- "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
	- "traefik.http.routers.api.service=api@internal" # Let the dashboard access the traefik api
	- "traefik.http.routers.api.middlewares=auth"
	# echo $(htpasswd -nb username password) \| sed -e s/\\$/\\$\\$/g
	- "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$some-hash-or-other"
	- "traefik.http.services.dummy-svc.loadbalancer.server.port=9999"
	placement:
	constraints:
	- node.role == manager

	networks:
	proxy:
	external: true

	secrets:
	domain1-cert:
	external: true
	name: ${DOMAIN1_SSL_CERT}
	domain1-key:
	external: true
	name: ${DOMAIN1_SSL_KEY}
	domain2-cert:
	external: true
	name: ${DOMAIN2_SSL_CERT}
	domain2-key:
	external: true
	name: ${DOMAIN2_SSL_KEY}
	traefik-dynamic:
	external: true
	name: ${TRAEFIK_DYNAMIC_CONFIG}


	# example traefik dynamic yaml config file referenced by the secret `traefik-dynamic`/`${TRAEFIK_DYNAMIC_CONFIG}`
	tls:
	certificates:
	- certFile: /run/secrets/domain1.cert
	keyFile: /run/secrets/domain1.key
	- certFile: /run/secrets/domain2.cert
	keyFile: /run/secrets/domain2.key