DEV Community

loading...

Discussion on: Tying Let's Encrypt and Docker Swarm together

Collapse
cheeseweasel profile image
Sam Peacey

I've done something similar for my own sites - I also went with Swarm due to the simplicity. Paul's suggestion to go with separate hosts per app is probably better, but I liked the idea of building a swarm cluster at the time - it was more about learning the technologies than the perfect solution.

Anyway the reason I mention this is that I stumbled upon Traefik which does pretty much this - acts as a reverse proxy in front of a swarm cluster (amongst others), and handles SSL via Lets Encrypt. I had a few troubles setting it all up, and actually regretted not going for the more basic approach you document here, but now that I have figured it out, I quite like the setup.

The one advantage I can see over managing your own reverse proxy is that all the configuration for a service in traefik is managed via labels in the docker compose for that service. So adding a new stack into the swarm doesn't require any configuration outside of the app.

Anyway, I thought you might be interested - just another way to achieve the same thing outlined here. :)

Collapse
fdoxyz profile image
Fernando Author • Edited

Hi, thanks for the comment and I still agree with both of you (specially on the “getting to know the technology” for sure)

Yes, the reverse proxy config is probably the easiest to get wrong with this setup (how proficient you are with NGINX conf files will make a big difference). I can say running into gateway errors because of the reverse proxy at some point along the way is almost guaranteed. After a while it doesn’t hurt as much as the first few deploys.

I had read a little about traefik, it was a while ago though. I believe this was sometime around their 1.0-1.2 release, I don’t think swarm mode was even released yet. Maybe they’ve changed the setup since back then, maybe the docs are better now... I mostly went with what I was most comfortable and had better resources online.

Thanks for bringing this up because even then I had heard plenty of people happy with it, I can definitely see myself giving it another chance sometime soon :)