Differences

This shows you the differences between two versions of the page.

--- computer_science:docker:traefik_docker_https_ssl_for_containers [2020/08/19 09:35] – carlossousa
+++ computer_science:docker:traefik_docker_https_ssl_for_containers [2020/08/19 09:46] – carlossousa
@@ Line 1: / Line 1: @@
 ====== Using "Traefik" for Reverse Proxy and "Let's Encrypt" for Automatic HTTPS certificates ======
-=====   Important Note  : =====
+===== Important Note : =====
 This is an alternative method to [[:computer_science:docker:docker_nginx_reverse_proxy|Using Nginx as a Reverse Proxy]].
@@ Line 15: / Line 15: @@
 ===== Create the Folder and Config Files =====
-Change the Path under "STORAGE_PATH" to match your environment.
+  * Change the Path under "STORAGE_PATH" to match your environment.
 <code bash>
@@ Line 24: / Line 24: @@
 chmod 600 "$STORAGE_PATH"/storage/traefik/data/acme.json
 touch "$STORAGE_PATH"/storage/traefik/data/traefik.yml
-docker volume create --driver local --opt type=none --opt device="$STORAGE_PATH"/storage/data --opt o=bind traefik
 </code>
@@ Line 30: / Line 30: @@
 ===== Deploy the Traefik configuration =====
-Change "email: email@example.com" to your Email address.
+  * Change "email: email@example.com" to your Email address.
 <code bash>
 nano traefik.yml
 </code>
@@ Line 59: / Line 60: @@
       httpChallenge:
         entryPoint: http
 </code>
 ===== Create the traefik docker-compose.yml =====
   * Change the "traefik.example.com" to your own "sub.domain.tld"
-  * Create a USER:PASSWORD combo for "[...]users=USER:PASSWORD" with
+  * Create a USER:PASSWORD combo for "[…]users=USER:PASSWORD" with
-      *
 <code bash>
 echo $(htpasswd -nb <USER> <PASSWORD>) | sed -e s/\\$/\\$\\$/g
 </code>
-  *
 <code bash>
@@ Line 90: / Line 93: @@
       - /etc/localtime:/etc/localtime:ro
       - /var/run/docker.sock:/var/run/docker.sock:ro
-      - traefik_data/data/traefik.yml:/traefik.yml:ro
+      - ./storage/traefik/data/traefik.yml:/traefik.yml:ro
-      - traefik_data/data/acme.json:/acme.json
+      - ./storage/traefik/data/acme.json:/acme.json
     labels:
       - "traefik.enable=true"
@@ Line 109: / Line 112: @@
   proxy:
     external: true
+"traefik.http.routers.traefik-secure.tls=true"
+      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
+      - "traefik.http.routers.traefik-secure.service=api@internal"
-volumes:
+networks:
-  traefik_data:
+  proxy:
     external: true
 </code>
@@ Line 118: / Line 125: @@
 ===== Adding Services to Traefik =====
-Start the traefik container -  docker-compose up -d
+Start the traefik container - docker-compose up -d
 Change your docker-compose.yml from other services to be available via Traefik.
@@ Line 125: / Line 132: @@
 **Before**
+<code yaml>
+version: '3'
+volumes:
+    dokuwiki_data:
+        external: true
+    dokuwiki_conf:
+        external: true
+    dokuwiki_lib-plugins:
+        external: true
+    dokuwiki_lib-tpl:
+        external: true
+    dokuwiki_logs:
+        external: true
+services:
+  dokuwiki:
+    image: 'mprasil/dokuwiki'
+    container_name: 'dokuwiki_zebra'
+    ports:
+      - '80:80'
+    volumes:
+        - dokuwiki_data:/dokuwiki/data
+        - dokuwiki_conf:/dokuwiki/conf
+        - dokuwiki_lib-plugins:/dokuwiki/lib/plugins
+        - dokuwiki_lib-tpl:/dokuwiki/lib/tpl
+        - dokuwiki_logs:/var/log
+</code>
 **After**
+  * You can uncomment the "ports:" so, if you start just that container, it will be reachable over your domain.tld. Sometimes it is usefull for troubleshooting
+  * Add the "labels". You have/should replace [...].dokuwiki.[...] with the name of the service, so it is easier to identify on the Traefik WebUI
+  * Don't forget to change the "rule=Host" and "[...]-secure.rule=Host" to your "sub.domain.tld"
+  * Don't forget to change the ".server.port" to the Port where the Service is listening
+  * For complex services (for example Wordpress + MySQL), add an extra network, for eg. "wordpress_network" so the MySQL instant is only reachable via the Wordpress Service, and not over the Proxy configuration
+<code yaml>
+version: '3'
+volumes:
+    dokuwiki_data:
+        external: true
+    dokuwiki_conf:
+        external: true
+    dokuwiki_lib-plugins:
+        external: true
+    dokuwiki_lib-tpl:
+        external: true
+    dokuwiki_logs:
+        external: true
+services:
+  dokuwiki:
+    image: 'mprasil/dokuwiki'
+    container_name: 'dokuwiki'
+    restart: unless-stopped
+    networks:
+        - proxy
+    #ports:
+    #  - '80:80'
+    volumes:
+        - dokuwiki_data:/dokuwiki/data
+        - dokuwiki_conf:/dokuwiki/conf
+        - dokuwiki_lib-plugins:/dokuwiki/lib/plugins
+        - dokuwiki_lib-tpl:/dokuwiki/lib/tpl
+        - dokuwiki_logs:/var/log
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dokuwiki.entrypoints=http"
+      - "traefik.http.routers.dokuwiki.rule=Host(`wiki.carlossousa.tech`)"
+      - "traefik.http.middlewares.dokuwiki-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.dokuwiki.middlewares=dokuwiki-https-redirect"
+      - "traefik.http.routers.dokuwiki-secure.entrypoints=https"
+      - "traefik.http.routers.dokuwiki-secure.rule=Host(`wiki.carlossousa.tech`)"
+      - "traefik.http.routers.dokuwiki-secure.tls=true"
+      - "traefik.http.routers.dokuwiki-secure.tls.certresolver=http"
+      - "traefik.http.routers.dokuwiki-secure.service=dokuwiki"
+      - "traefik.http.services.dokuwiki.loadbalancer.server.port=80"
+      - "traefik.docker.network=proxy"
+networks:
+   proxy:
+     external: true
+</code>
+After starting the service, it should now be available.