victor_daletIn this short post, I show how to use the traefik image in docker compose to publish your site with your domain name and generate an ssl certificate.
I - Create the traefik.toml file
- Create the traefik.tom file
- Copy the following code into it
- Add your email address at the end of the file
[api]
dashboard = true
insecure = true
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
permanent = true
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "default"
[providers]
[providers.docker]
watch = true
exposedByDefault = false
network = "web"
[certificatesResolvers]
[certificatesResolvers.default]
[certificatesResolvers.default.acme]
email = ""
storage = "acme.json"
caServer = "https://acme-v02.api.letsencrypt.org/directory"
[certificatesResolvers.default.acme.tlsChallenge]
II - Create the acme.json file
This file is used to store https certificates.
You must assign the correct right as in the following example.
touch acme.json
chmod 600 acme.json
III - Create network
- Type the following command in your terminal
docker network create web
- Add this code to the end of your docker-compose file
networks:
web:
external: true
IV - Traefik docker image
Here's the docker-compose block to call traefik, share the http and https ports and the many configuration files.
D'ont fortget to add the network we've just created inside.
Port 8080 is the traefik interface, so you don't have to add it.
The different labels are used to accept www subdomains.
reverse-proxy:
image: traefik:v2.4
container_name: traefik
ports:
- "80:80"
- "8080:8080"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- traefik.toml:/etc/traefik/traefik.toml
- acme.json:/acme.json
labels:
- "traefik.http.middlewares.strip-www.redirectregex.regex=^https?://(www\\.)(.+)"
- "traefik.http.middlewares.strip-www.redirectregex.replacement=https://$${2}"
- "traefik.http.middlewares.strip-www.redirectregex.permanent=true"
restart: always
networks:
- web
V - Configure traefik for your docker compose service
In your other block, you need to add the network and the various labels.
The first label is to activate traefik, the second to add your domain or sub-domain (don't forget to change the name of your router --> in this example it's api and front), the last is to redirect to https.
api:
build: api/
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`api.monsite.fr`)"
- "traefik.http.routers.api.entrypoints=websecure"
networks:
- web
restart: always
front:
build:
context: front/
dockerfile: Dockerfile.prod
labels:
- "traefik.enable=true"
- "traefik.http.routers.front.rule=Host(`monsite.fr`)"
- "traefik.http.routers.front.entrypoints=websecure"
networks:
- web
