Traefik for Docker Containers on Ubuntu

- Advertisement -

This post is about Traefik for Docker Containers.

Configuration Introduction

How the Magic Happens

Traefik for Docker Containers

If you don’t have docker installed yet, you can find instructions for Ubuntu or Debian. This Guide uses docker-compose to run Traefik, therefore its necessary to also install docker-compose. The two linked guides will help you to setup docker-compose on your own host.

Let’s get started by setting up Traefik.

First, create a few files and folder directory for our containers:

mkdir -p /opt/containers/traefik
mkdir /opt/containers/traefik/data
touch /opt/containers/traefik/data/traefik.yml
touch /opt/containers/traefik/data/acme.json
chmod 600 /opt/containers/traefik/data/acme.json

Generate secure password

Create a configuration files and set up an encrypted password to access the traefik dashboard. You can use htpasswd utility to create the encrypted password. To use htpasswd utility, install the utility with the following command

$ sudo apt-get install -y apache2-utils

Then run the following command to generate the secure password

$sudo htpasswd -nb unixcop unixcop@123
- Advertisement -
unixcop:$$apr1$$zUb/YuK2$$57psQ0U71DlfdHPr0yoHe/

 I have used “unixcop@123” to encrypt. You can have your own assumptions. User is taken as “unixcop” you can replace it with your own username.

Copy auto generated output and save it somewhere as we need to use this encrypted password in Traefik configuration file to setup basic authentication for Traefik dashboard

traefik.yml

Next we open our newly created traefik config file with an editor of your choice.

vim /opt/containers/traefik/data/traefik.yml
api:
  dashboard: true
entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
certificatesResolvers:
  http:
    acme:
      email: info@unixcop.local   # CHANGE HERE
      storage: acme.json
      httpChallenge:
        entryPoint: http

Create a docker-compose.yml file where you will define a reverse-proxy service that uses the official Traefik image:

docker-compose.yml

version: '3'
services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.tld`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=unixcop:$$apr1$$zUb/YuK2$$57psQ0U71DlfdHPr0yoHe"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.domain.tld`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"
networks:
  proxy:
    external: true

With our docker-compose.yml we are defining the Traefik docker container with all the settings and config files. To get Traefik up and running you only need to adjust some settings:

  • replace both traefik.domain.tld with your own domain name. This domain should be a subdomain like traefik.ae3.ch for example. Later you will be able access Traefik Dasboard with this (sub)domain.

Create Docker Network for Traefik

It’s a good idea to setup a separate docker network that is used by Traefik and all other docker containers you would like to make available by Traefik.

To create this docker network, all you need to do is paste the following command into your CLI:

docker network create proxy

Run Traefik

docker-compose up -d

After a few seconds you can check and access your Traefik Dashboard at your custom Domain you entered in your docker-compose.yml 

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest articles

Join us on Facebook

x