This is an old revision of the document!
Using "Traefik" for Reverse Proxy and "Let's Encrypt" for Automatic HTTPS certificates
Important Note :
This is an alternative method to Using Nginx as a Reverse Proxy.
Purpose:
The purpose of using Traefik are:
- Prevent having to restart the nginx Reverse-Proxy Container everytime we want to test a new / deploy a new service.
- Ease of Escalability - We will be able to scale our infrastructure faster, since we don't have to manage HTTPS Certificates for every subdomain
- Keep the services so that, they are individuals service, but working though a central distributor. This could also be done with a nginx Reverse-Proxy Container but since we will have an WebUI, it will be easier to troubleshoot instead of having to SSH into the Host.
Create the Folder and Config Files
Change the Path under “STORAGE_PATH” to match your environment.
#!/bin/bash STORAGE_PATH="/home/docker-user/traefik" mkdir -p "$STORAGE_PATH"/storage/traefik/data touch "$STORAGE_PATH"/storage/traefik/data/acme.json chmod 600 "$STORAGE_PATH"/storage/traefik/data/acme.json touch "$STORAGE_PATH"/storage/traefik/data/traefik.yml docker volume create --driver local --opt type=none --opt device="$STORAGE_PATH"/storage/data --opt o=bind traefik
Deploy the Traefik configuration
Change “email: email@example.com” to your Email address.
nano traefik.yml
api: dashboard: true entryPoints: http: address: ":80" https: address: ":443" providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false certificatesResolvers: http: acme: email: email@example.com storage: acme.json httpChallenge: entryPoint: http
Create the traefik docker-compose.yml
- Change the “traefik.example.com” to your own “sub.domain.tld”
- Create a USER:PASSWORD combo for “[…]users=USER:PASSWORD” with
echo $(htpasswd -nb <USER> <PASSWORD>) | sed -e s/\\$/\\$\\$/g
version: '3' services: traefik: image: traefik:v2.0 container_name: traefik restart: unless-stopped security_opt: - no-new-privileges:true networks: - proxy ports: - 80:80 - 443:443 volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - traefik_data/data/traefik.yml:/traefik.yml:ro - traefik_data/data/acme.json:/acme.json labels: - "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=http" - "traefik.http.routers.traefik.rule=Host(`traefik.example.com`)" - "traefik.http.middlewares.traefik-auth.basicauth.users=USER:PASSWORD" - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - "traefik.http.routers.traefik-secure.entrypoints=https" - "traefik.http.routers.traefik-secure.rule=Host(`traefik.example.com`)" - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.tls.certresolver=http" - "traefik.http.routers.traefik-secure.service=api@internal" networks: proxy: external: true volumes: traefik_data: external: true
Adding Services to Traefik
Start the traefik container - docker-compose up -d
Change your docker-compose.yml from other services to be available via Traefik.
As example, here is my docker-compose.yml for DokuWiki before and after Traefik.
Before
After