Docker - Traefik Advanced
Page content
Intro
After a Basic Setup with fix Configuration, here an example where we put some Variables in a “.env” File.
Requirements:
Linux Host with Docker see here, Public IP Adress and rechable Port 80 & 443
two FQDN pointing to your IP:
- traefik.yourdomain.de
- whoami.yourdomain.de
Env Vars
let’s run the following Commands which generates a “.env” File. It will also create a User “dashboard” and ask you twice for the Password
echo 'domain="your.domain.de"' > .env
echo 'traefik="traefik.${domain}"' >> .env
echo 'whoami="whoami.${domain}"' >> .env
echo 'mail="name@${domain}"' >> .env
echo -n 'dashboardaccount="' >> .env; echo -n $(htpasswd -nB dashboard) |sed -e s/\\$/\\$\\$/g >> .env; echo '"' >> .env
.env
and here is the Content of my .env File.
domain="your.domain.de"
traefik="traefik.${domain}"
whoami="whoami.${domain}"
mail="name@${domain}"
dashboardaccount="dashboard:$$2y$$05$$nL3Vl5Ln8XCXZArq5oLbZeQ7ijrLf4k5Qlt9onLiOuteijdEcJ8qW"
Update docker-compose.yml
we can use this Variables in the Docker Compose File like this:
cat << 'EOF' > docker-compose.yml
version: "3.3"
services:
traefik:
image: "traefik:latest"
container_name: "traefik"
restart: always
command:
# Traefik Log
- "--log.level=DEBUG"
- "--log.filePath=/logs/traefik.log"
# Misc
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=${mail}"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
# Access Log
- "--accesslog=true"
- "--accesslog.filePath=/logs/access.log"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
- "./logs/:/logs/"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik_https.rule=Host(`${traefik}`)"
- "traefik.http.routers.traefik_https.entrypoints=websecure"
- "traefik.http.routers.traefik_https.tls=true"
- "traefik.http.routers.traefik_https.tls.certResolver=myresolver"
- "traefik.http.routers.traefik_https.service=api@internal"
# Add Basic Auth: dashboard/what-ever-you-entered
- "traefik.http.routers.traefik_https.middlewares=dashboard_auth"
- "traefik.http.middlewares.dashboard_auth.basicauth.users=${dashboardaccount}"
whoami:
image: "traefik/whoami"
restart: always
deploy:
mode: replicated
replicas: 5
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`${whoami}`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
- "traefik.http.routers.whoami.middlewares=whoami-https"
- "traefik.http.middlewares.whoami-https.redirectscheme.scheme=https"
EOF
Up
Fireup the Docker Containers and give a try.
docker compose up -d
URL’s
you should get two public Containers running:
- https://traefik.your.domain.de -> Login with dashboard/your-password
- https://whoami.your.domain.de
Scale up
you can also Scale the Docker Images
docker compose up -d --scale whoami=10
and you will see on the URL, to which Container you got redirected …
Happy Docker !
Any Comments ?
sha256: 2bfede2be9c201a8d0736f459f06c1db7b1334837f43266090424d3896322017