Getting up and running with Traefik

 Links RSS
Author ArgentumCation Posts Notes
License CC-BY-NC-SA 4.0+ Updated 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

# Just setting some default values for my containers
x-service_defaults: &service_defaults
  env_file: .env
  restart: unless-stopped
  extra_hosts:
    - host.docker.internal:host-gateway
services:
  traefik:
    <<: *service_defaults
    container_name: traefik
    env_file:
      - .env
      # Cloudflare API token to add new paths
      - $ENV_DIR/traefik.secrets.env
    hostname: traefik
    image: traefik:latest
    labels:
      - traefik.http.services.traefik-docker.loadbalancer.server.port=8080
      # For the management interface
      - "8080:8080"
      # To let traefik receive incoming HTTP traffic
      - "80:80"
      # To let traefik receive incoming HTTPS traffic
      - "443:443"
    volumes:
      # This lets traefik see your docker services
      - $DOCKER_SOCK:/var/run/docker.sock:ro
      # Traefik Configs
      - $CONF_DIR/traefik/traefik.yml:/traefik.yml
      - $CONF_DIR/traefik/traefik_dynamic.yml:/etc/traefik/traefik_dynamic.yml
      # Let's Encrypt folder (for storing HTTPS cert related stuff)
      - $CONF_DIR/letsencrypt:/letsencrypt
  # Example container we're proxying with traefik
  lighttpd:
    <<: *service_defaults
    container_name: public_lighttpd
    image: sebp/lighttpd
    labels:
      # This is the hostname that traefik will proxy to this container
      - traefik.http.routers.lighttpd-docker.rule=Host(`blog.$PUBLIC`)
      # This is the port the container is listening on, often traefik can detect this
      # automatically, but we'll just be explicit here
      - traefik.http.services.lighttpd-docker.loadbalancer.server.port=80

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

# GENERAL
PUBLIC=argentumcation.com
TZ=America/New_York

#for container specific env vars
ENV_DIR=./env

CONF_DIR=./config

DOCKER_DIR=/home/mira/docker
DOCKER_SOCK=/var/run/docker.sock

# So my containers run as a non-root user
UID=1000
GID=1000
PUID=1000
PGID=1000
USER_UID=1000
USER_GID=1000

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

accessLog:
  filePath: ./traefik-access.log

api:
  dashboard: true
  debug: true
  insecure: true
certificatesResolvers:
  letsencrypt:
    acme:
      dnschallenge:
        provider: cloudflare #look, I know, don't judge me
      email: [redacted]
      storage: /letsencrypt/acme.json
entryPoints:
  web:
    address: ":80"
    forwardedHeaders:
      insecure: true
    http:
      middlewares:
        - https_redirect@file

  websecure:
    address: ":443"
    forwardedHeaders:
      insecure: true
    http:
      tls:
        certresolver: letsencrypt
        domains:
          - main: argentumcation.com
            sans:
              - "*.argentumcation.com"
log:
  level: INFO
providers:
  docker:
    # Routes will be set to [container-name].argentumcation.com by default
    defaultRule: Host(`{{ index .Labels "com.docker.compose.service" }}.argentumcation.com`)
    endpoint: unix:///var/run/docker.sock
    exposedByDefault: true # exposes auto-discovered containers by default, not secure but I'm lazy
    network: docker_default
    watch: true
  file:
    directory: /etc/traefik/
    watch: true

- `traefik-dynamic.yml`

1
2
3
4
5
6

http:
  middlewares: #This should redirect incoming http connections to https
    https_redirect:
      redirectscheme:
        scheme: https
        permanent: true