computer_science:docker:traefik_docker_https_ssl_for_containers

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Last revisionBoth sides next revision
computer_science:docker:traefik_docker_https_ssl_for_containers [2020/08/19 09:35] carlossousacomputer_science:docker:traefik_docker_https_ssl_for_containers [2020/08/19 09:46] carlossousa
Line 24: Line 24:
 chmod 600 "$STORAGE_PATH"/storage/traefik/data/acme.json chmod 600 "$STORAGE_PATH"/storage/traefik/data/acme.json
 touch "$STORAGE_PATH"/storage/traefik/data/traefik.yml touch "$STORAGE_PATH"/storage/traefik/data/traefik.yml
-docker volume create --driver local --opt type=none --opt device="$STORAGE_PATH"/storage/data --opt o=bind traefik 
  
  
Line 69: Line 68:
   * Change the "traefik.example.com" to your own "sub.domain.tld"   * Change the "traefik.example.com" to your own "sub.domain.tld"
   * Create a USER:PASSWORD combo for "[…]users=USER:PASSWORD" with   * Create a USER:PASSWORD combo for "[…]users=USER:PASSWORD" with
-      * 
  
 <code bash> <code bash>
Line 76: Line 74:
  
 </code> </code>
- 
-  * 
  
 <code bash> <code bash>
Line 97: Line 93:
       - /etc/localtime:/etc/localtime:ro       - /etc/localtime:/etc/localtime:ro
       - /var/run/docker.sock:/var/run/docker.sock:ro       - /var/run/docker.sock:/var/run/docker.sock:ro
-      - traefik_data/data/traefik.yml:/traefik.yml:ro +      - ./storage/traefik/data/traefik.yml:/traefik.yml:ro 
-      - traefik_data/data/acme.json:/acme.json+      - ./storage/traefik/data/acme.json:/acme.json
     labels:     labels:
       - "traefik.enable=true"       - "traefik.enable=true"
Line 116: Line 112:
   proxy:   proxy:
     external: true     external: true
 +"traefik.http.routers.traefik-secure.tls=true"
 +      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
 +      - "traefik.http.routers.traefik-secure.service=api@internal"
  
-volumes+networks
-  traefik_data:+  proxy:
     external: true     external: true
  
Line 133: Line 132:
  
 **Before** **Before**
 +
 +<code yaml>
 +version: '3'
 +
 +volumes:
 +    dokuwiki_data:
 +        external: true
 +    dokuwiki_conf:
 +        external: true
 +    dokuwiki_lib-plugins:
 +        external: true
 +    dokuwiki_lib-tpl:
 +        external: true
 +    dokuwiki_logs:
 +        external: true
 +
 +services:
 +  dokuwiki:
 +    image: 'mprasil/dokuwiki'
 +    container_name: 'dokuwiki_zebra'
 +    ports:
 +      - '80:80'
 +    volumes:
 +        - dokuwiki_data:/dokuwiki/data
 +        - dokuwiki_conf:/dokuwiki/conf
 +        - dokuwiki_lib-plugins:/dokuwiki/lib/plugins
 +        - dokuwiki_lib-tpl:/dokuwiki/lib/tpl
 +        - dokuwiki_logs:/var/log
 +
 +
 +</code>
  
 **After** **After**
 +
 +  * You can uncomment the "ports:" so, if you start just that container, it will be reachable over your domain.tld. Sometimes it is usefull for troubleshooting
 +  * Add the "labels". You have/should replace [...].dokuwiki.[...] with the name of the service, so it is easier to identify on the Traefik WebUI
 +  * Don't forget to change the "rule=Host" and "[...]-secure.rule=Host" to your "sub.domain.tld"
 +  * Don't forget to change the ".server.port" to the Port where the Service is listening
 +  * For complex services (for example Wordpress + MySQL), add an extra network, for eg. "wordpress_network" so the MySQL instant is only reachable via the Wordpress Service, and not over the Proxy configuration
 +
 +<code yaml>
 +version: '3'
 +
 +volumes:
 +    dokuwiki_data:
 +        external: true
 +    dokuwiki_conf:
 +        external: true
 +    dokuwiki_lib-plugins:
 +        external: true
 +    dokuwiki_lib-tpl:
 +        external: true
 +    dokuwiki_logs:
 +        external: true
 +
 +services:
 +  dokuwiki:
 +    image: 'mprasil/dokuwiki'
 +    container_name: 'dokuwiki'
 +    restart: unless-stopped
 +    networks:
 +        - proxy
 +    #ports:
 +    #  - '80:80'
 +    volumes:
 +        - dokuwiki_data:/dokuwiki/data
 +        - dokuwiki_conf:/dokuwiki/conf
 +        - dokuwiki_lib-plugins:/dokuwiki/lib/plugins
 +        - dokuwiki_lib-tpl:/dokuwiki/lib/tpl
 +        - dokuwiki_logs:/var/log
 +    labels:
 +      - "traefik.enable=true"
 +      - "traefik.http.routers.dokuwiki.entrypoints=http"
 +      - "traefik.http.routers.dokuwiki.rule=Host(`wiki.carlossousa.tech`)"
 +      - "traefik.http.middlewares.dokuwiki-https-redirect.redirectscheme.scheme=https"
 +      - "traefik.http.routers.dokuwiki.middlewares=dokuwiki-https-redirect"
 +      - "traefik.http.routers.dokuwiki-secure.entrypoints=https"
 +      - "traefik.http.routers.dokuwiki-secure.rule=Host(`wiki.carlossousa.tech`)"
 +      - "traefik.http.routers.dokuwiki-secure.tls=true"
 +      - "traefik.http.routers.dokuwiki-secure.tls.certresolver=http"
 +      - "traefik.http.routers.dokuwiki-secure.service=dokuwiki"
 +      - "traefik.http.services.dokuwiki.loadbalancer.server.port=80"
 +      - "traefik.docker.network=proxy"
 +
 +networks:
 +   proxy:
 +     external: true
 +
 +
 +</code>
 +
 +After starting the service, it should now be available.
  
  
  • computer_science/docker/traefik_docker_https_ssl_for_containers.txt
  • Last modified: 2023/12/01 12:07
  • by 127.0.0.1