I am using Traefik as a reverse proxy to publish and secure services that are running in a Docker container. This blog post will describe how to get started with Traefik 2 using docker-compose on a single host.
Since I am using many Traefik instances on different hosts, I've created a repository called traefik-dockerized to make the deployment easier.
First, clone the repository.
$ git clone https://github.com/cedrichopf/traefik-dockerized.git Cloning into 'traefik-dockerized'... $ cd traefik-dockerized
After you cloned the repository, create a copy of the example configuration.
$ cp config/traefik.example.yml config/traefik.yml
Open the configuration file. It should look like this:
api: dashboard: true entryPoints: http: address: ":80" https: address: ":443" providers: docker: network: proxy certificatesResolvers: letsencrypt: acme: email: firstname.lastname@example.org storage: acme.json httpChallenge: entryPoint: http
The configuration file is almost ready-to-use. To use the built-in LetsEncrypt support, adapt the certificate resolvers' email address.
Afterward, create the Docker network configured in the traefik.yml file.
$ docker network create proxy ca0a9fe39b34b9f17d5c5e938e82ce67b4423e151ae5000eee7754e89116cac1
Additionally, create a JSON file to store the certificate information received by the certificate resolver.
$ touch letsencrypt/acme.json $ chmod 600 letsencrypt/acme.json
The docker-compose.yml file is part of the repository and generic for all Traefik deployments. Create a docker-compose.override.yml file to apply custom configurations to the deployment.
$ cp override.example.yml docker-compose.override.yml
Finally, pull the Docker images and start the Traefik instance.
$ docker-compose pull Pulling traefik ... done $ docker-compose up -d Creating traefik_traefik_1 ... done
Now the Traefik setup can be tested by deploying a sample service using docker-compose. The following example deploys an Nginx container with a Traefik service configuration in the labels section.
Note: To use this example, you need to change the hostname
example.com to match your systems' environment. If you changed the docker network, which is used by Traefik to discover services, you also need to change the network.
version: "3.7" services: nginx: image: nginx:latest networks: - proxy labels: # Traefik configuration, Hostname needs to be changed - traefik.http.routers.nginx-http.rule=Host(`example.com`) - traefik.http.routers.nginx-http.entrypoints=http - traefik.http.routers.nginx-http.middlewares=redirect - traefik.http.routers.nginx-https.rule=Host(`example.com`) - traefik.http.routers.nginx-https.entrypoints=https - traefik.http.routers.nginx-https.tls=true - traefik.http.routers.nginx-https.tls.certresolver=letsencrypt - traefik.http.services.nginx.loadbalancer.server.port=80 - traefik.http.middlewares.redirect.redirectscheme.scheme=https networks: proxy: external: true
As seen in the manifest, Traefik will configure the access to the service with the properties defined in the labels section. In this example, it's creating 2 routers (http and https), forwarding requests to the Nginx service on port 80. Additionally, the http router is using the redirect middleware to redirect all requests from http to https. To secure the connection, it's using the letsencrypt certificate resolver to provide a certificate.
To deploy the example, run the following command:
$ docker-compose up -d Creating example-service_nginx_1 ... done