DEV Community

Cover image for Traefik using owned SSL certificate
fajar sp
fajar sp

Posted on

Traefik using owned SSL certificate

This Original Post is here

Example docker-compose.yml Configuration for Traefik with SSL Certificate
Below is an example of a docker-compose.yml configuration for Traefik that uses your existing SSL certificate. In this example, we will utilize pre-existing certificate and private key files.

Create the docker-compose.yml File

version: '3.8'

services:
  traefik:
    image: traefik:v2.9
    container_name: traefik
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./certs:/certs
      - /var/run/docker.sock:/var/run/docker.sock
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker=true
      - --providers.docker.network=web
      - --api.dashboard=true
      - --log.level=INFO
      - --certificatesresolvers.myresolver.acme.tlschallenge=true
      - --certificatesresolvers.myresolver.acme.email=your-email@example.com
      - --certificatesresolvers.myresolver.acme.storage=/acme.json
      - --tls.certificates.0.certfile=/certs/your-certificate.crt
      - --tls.certificates.0.keyfile=/certs/your-private-key.key
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`traefik.yourdomain.com`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.tls=true"
      - "traefik.http.routers.api.tls.certresolver=myresolver"
    networks:
      - web

networks:
  web:
    external: false
Enter fullscreen mode Exit fullscreen mode

Explanation

  1. command:
  • --entrypoints.web.address=:80: Defines the HTTP entrypoint on port 80.
  • --entrypoints.websecure.address=:443: Defines the HTTPS entrypoint on port 443.
  • --providers.docker=true: Enables Docker as the service provider.
  • --providers.docker.network=web: Uses the web network for Docker services.
  • --api.dashboard=true: Enables the Traefik dashboard.
  • --log.level=INFO: Sets the log level to INFO.
  • --certificatesresolvers.myresolver.acme.tlschallenge=true: Enables ACME with the TLS-ALPN-01 challenge (optional, can be commented out if not used).
  • --certificatesresolvers.myresolver.acme.email=your-email@example.com: Email for ACME (optional, can be commented out if not used).
  • --certificatesresolvers.myresolver.acme.storage=/acme.json: Specifies the ACME storage location (optional, can be commented out if not used).
  • --tls.certificates.0.certfile=/certs/your-certificate.crt: Path to your certificate file.
  • --tls.certificates.0.keyfile=/certs/your-private-key.key: Path to your private key file.
  1. labels:
  • traefik.enable=true: Enables Traefik for this service.
  • traefik.http.routers.api.rule=Host(traefik.yourdomain.com): Defines a rule for the API router.
  • traefik.http.routers.api.service=api@internal: Directs the API router to Traefik's internal service.
  • traefik.http.routers.api.tls=true: Enables TLS for the API router.
  • traefik.http.routers.api.tls.certresolver=myresolver: Uses the defined certificate resolver.

Ensure Your Folder Structure is as Follows:

.
├── docker-compose.yml
└── certs
    ├── your-certificate.crt
    └── your-private-key.key
Enter fullscreen mode Exit fullscreen mode

Start Traefik
Once you have all the required files, start Traefik using the following command:

docker-compose up -d
Enter fullscreen mode Exit fullscreen mode

Traefik will now run and use your SSL certificate with the configuration provided through the command and labels.

Canonical URL
For more detailed information, visit the original post on my blog.

Image of Datadog

The Essential Toolkit for Front-end Developers

Take a user-centric approach to front-end monitoring that evolves alongside increasingly complex frameworks and single-page applications.

Get The Kit

Top comments (0)

The best way to debug slow web pages cover image

The best way to debug slow web pages

Tools like Page Speed Insights and Google Lighthouse are great for providing advice for front end performance issues. But what these tools can’t do, is evaluate performance across your entire stack of distributed services and applications.

Watch video

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay