Traefik v2 Docker Swarm Stack

traefik.yml

---
version: "3.8"

services:
  traefik:
    image: traefik:latest
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    networks:
      - traefik
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - traefik:/data
    command:
      - --accesslog
      - --api
      - --certificatesResolvers.acme.acme.dnschallenge=true
      - --certificatesResolvers.acme.acme.dnschallenge.provider=cloudflare
      - --certificatesResolvers.acme.acme.email=$CLOUDFLARE_EMAIL_ADDRESS
      - --certificatesResolvers.acme.acme.storage=/data/acme.json
      - --entrypoints.http.address=:80
      - --entrypoints.http.http.redirections.entryPoint.to=https
      - --entrypoints.http.http.redirections.entryPoint.scheme=https
      - --entrypoints.https.address=:443
      - --entrypoints.https.http.tls=true
      - --entrypoints.https.http.tls.certresolver=acme
      - --entrypoints.https.http.tls.domains[0].main="*.$DOMAIN"
      - --entrypoints.https.http.tls.domains[0].sans="$DOMAIN"
      - --metrics.prometheus
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=traefik
      - --providers.docker.swarmmode=true
      - --providers.docker.watch=true
    environment:
      - CLOUDFLARE_EMAIL="$CLOUDFLARE_EMAIL"
      - CLOUDFLARE_API_KEY="$CLOUDFLARE_API_KEY"
    deploy:
      endpoint_mode: dnsrr
      placement:
        constraints:
          - "node.role == manager"
      replicas: 1

networks:
  traefik:
    external: true

volumes:
  traefik:
    driver: local

To use:

• Setup a Docker Swarm Cluster (not covered here)
• Export required environment variables:
  • DOMAIN
  • CLOUDFLARE_EMAIL_ADDRESS
  • CLOUDFLARE_API_KEY
• Run: docker swarm deploy -c traefik.yml traefik