I am using Traefik as a reverse proxy to publish and secure services that are running in a Docker container. This blog post will describe how to get started with Traefik 2 using docker-compose on a single host.
Since I am using many Traefik instances on different hosts, I've created a repository called traefik-dockerized to make the deployment easier.
First, clone the repository.
$ git clone https://github.com/cedrichopf/traefik-dockerized.git
Cloning into 'traefik-dockerized'...
$ cd traefik-dockerized
After you cloned the repository, create a copy of the example configuration.
$ cp config/traefik.example.yml config/traefik.yml
Open the configuration file. It should look like this:
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
network: proxy
certificatesResolvers:
letsencrypt:
acme:
email: admin@example.com
storage: acme.json
httpChallenge:
entryPoint: http
The configuration file is almost ready-to-use. To use the built-in LetsEncrypt support, adapt the certificate resolvers' email address.
Afterward, create the Docker network configured in the traefik.yml file.
$ docker network create proxy
ca0a9fe39b34b9f17d5c5e938e82ce67b4423e151ae5000eee7754e89116cac1
Additionally, create a JSON file to store the certificate information received by the certificate resolver.
$ touch letsencrypt/acme.json
$ chmod 600 letsencrypt/acme.json
The docker-compose.yml file is part of the repository and generic for all Traefik deployments. Create a docker-compose.override.yml file to apply custom configurations to the deployment.
$ cp override.example.yml docker-compose.override.yml
Finally, pull the Docker images and start the Traefik instance.
$ docker-compose pull
Pulling traefik ... done
$ docker-compose up -d
Creating traefik_traefik_1 ... done
Example Service
Now the Traefik setup can be tested by deploying a sample service using docker-compose. The following example deploys an Nginx container with a Traefik service configuration in the labels section.
Note: To use this example, you need to change the hostname example.com to match your systems' environment. If you changed the docker network, which is used by Traefik to discover services, you also need to change the network.
version: "3.7"
services:
nginx:
image: nginx:latest
networks:
- proxy
labels:
# Traefik configuration, Hostname needs to be changed
- traefik.http.routers.nginx-http.rule=Host(`example.com`)
- traefik.http.routers.nginx-http.entrypoints=http
- traefik.http.routers.nginx-http.middlewares=redirect
- traefik.http.routers.nginx-https.rule=Host(`example.com`)
- traefik.http.routers.nginx-https.entrypoints=https
- traefik.http.routers.nginx-https.tls=true
- traefik.http.routers.nginx-https.tls.certresolver=letsencrypt
- traefik.http.services.nginx.loadbalancer.server.port=80
- traefik.http.middlewares.redirect.redirectscheme.scheme=https
networks:
proxy:
external: true
As seen in the manifest, Traefik will configure the access to the service with the properties defined in the labels section. In this example, it's creating 2 routers (http and https), forwarding requests to the Nginx service on port 80. Additionally, the http router is using the redirect middleware to redirect all requests from http to https. To secure the connection, it's using the letsencrypt certificate resolver to provide a certificate.
To deploy the example, run the following command:
$ docker-compose up -d
Creating example-service_nginx_1 ... done
Finally, open your browser on the configured route and see the Nginx welcome page:
Top comments (4)
Thanks very much,
Do you know the difference between:
how do I add subdomains?
if I were to deploy the reversing proxy backing docker application as a service, what changes to the steps laid out above are requried? Thank you
Very clean and nice article, I am waiting for further.