This post is about Traefik for Docker Containers.
Configuration Introduction
How the Magic Happens
Traefik for Docker Containers
If you don’t have docker installed yet, you can find instructions for Ubuntu or Debian. This Guide uses docker-compose to run Traefik, therefore its necessary to also install docker-compose. The two linked guides will help you to setup docker-compose on your own host.
Let’s get started by setting up Traefik.
First, create a few files and folder directory for our containers:
mkdir -p /opt/containers/traefik
mkdir /opt/containers/traefik/data
touch /opt/containers/traefik/data/traefik.yml
touch /opt/containers/traefik/data/acme.json
chmod 600 /opt/containers/traefik/data/acme.jsonGenerate secure password
Create a configuration files and set up an encrypted password to access the traefik dashboard. You can use htpasswd utility to create the encrypted password. To use htpasswd utility, install the utility with the following command
$ sudo apt-get install -y apache2-utilsThen run the following command to generate the secure password
$sudo htpasswd -nb unixcop unixcop@123unixcop:$$apr1$$zUb/YuK2$$57psQ0U71DlfdHPr0yoHe/I have used “unixcop@123” to encrypt. You can have your own assumptions. User is taken as “unixcop” you can replace it with your own username.
Copy auto generated output and save it somewhere as we need to use this encrypted password in Traefik configuration file to setup basic authentication for Traefik dashboard
traefik.yml
Next we open our newly created traefik config file with an editor of your choice.
vim /opt/containers/traefik/data/traefik.ymlapi:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
http:
acme:
email: [email protected] # CHANGE HERE
storage: acme.json
httpChallenge:
entryPoint: httpCreate a docker-compose.yml file where you will define a reverse-proxy service that uses the official Traefik image:
docker-compose.yml
version: '3'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.domain.tld`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=unixcop:$$apr1$$zUb/YuK2$$57psQ0U71DlfdHPr0yoHe"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.domain.tld`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
proxy:
external: trueWith our docker-compose.yml we are defining the Traefik docker container with all the settings and config files. To get Traefik up and running you only need to adjust some settings:
- replace both
traefik.domain.tldwith your own domain name. This domain should be a subdomain like traefik.ae3.ch for example. Later you will be able access Traefik Dasboard with this (sub)domain.
Create Docker Network for Traefik
It’s a good idea to setup a separate docker network that is used by Traefik and all other docker containers you would like to make available by Traefik.
To create this docker network, all you need to do is paste the following command into your CLI:
docker network create proxyRun Traefik
docker-compose up -dAfter a few seconds you can check and access your Traefik Dashboard at your custom Domain you entered in your docker-compose.yml
