Traefik with docker compose

victor_dalet - Aug 25 - - Dev Community

In this short post, I show how to use the traefik image in docker compose to publish your site with your domain name and generate an ssl certificate.


I - Create the traefik.toml file

  • Create the traefik.tom file
  • Copy the following code into it
  • Add your email address at the end of the file
[api]
  dashboard = true
  insecure = true

[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http]
      [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
          to = "websecure"
          scheme = "https"
          permanent = true

  [entryPoints.websecure]
    address = ":443"
      [entryPoints.websecure.http.tls]
        certResolver = "default"

[providers]
  [providers.docker]
    watch = true
    exposedByDefault = false
    network = "web"

[certificatesResolvers]
  [certificatesResolvers.default]
    [certificatesResolvers.default.acme]
      email = ""
      storage = "acme.json"
      caServer = "https://acme-v02.api.letsencrypt.org/directory"
    [certificatesResolvers.default.acme.tlsChallenge]
Enter fullscreen mode Exit fullscreen mode

II - Create the acme.json file

This file is used to store https certificates.
You must assign the correct right as in the following example.

touch acme.json
chmod 600 acme.json
Enter fullscreen mode Exit fullscreen mode

III - Create network

  • Type the following command in your terminal
docker network create web
Enter fullscreen mode Exit fullscreen mode
  • Add this code to the end of your docker-compose file
networks:
  web:
    external: true
Enter fullscreen mode Exit fullscreen mode

IV - Traefik docker image

Here's the docker-compose block to call traefik, share the http and https ports and the many configuration files.
D'ont fortget to add the network we've just created inside.
Port 8080 is the traefik interface, so you don't have to add it.
The different labels are used to accept www subdomains.

  reverse-proxy:
    image: traefik:v2.4
    container_name: traefik
    ports:
      - "80:80"
      - "8080:8080"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - traefik.toml:/etc/traefik/traefik.toml
      - acme.json:/acme.json
    labels:
      - "traefik.http.middlewares.strip-www.redirectregex.regex=^https?://(www\\.)(.+)"
      - "traefik.http.middlewares.strip-www.redirectregex.replacement=https://$${2}"
      - "traefik.http.middlewares.strip-www.redirectregex.permanent=true"
    restart: always
    networks:
      - web
Enter fullscreen mode Exit fullscreen mode

V - Configure traefik for your docker compose service

In your other block, you need to add the network and the various labels.
The first label is to activate traefik, the second to add your domain or sub-domain (don't forget to change the name of your router --> in this example it's api and front), the last is to redirect to https.

  api:
    build: api/
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`api.monsite.fr`)"
      - "traefik.http.routers.api.entrypoints=websecure"
    networks:
      - web
    restart: always

  front:
    build:
      context: front/
      dockerfile: Dockerfile.prod
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.front.rule=Host(`monsite.fr`)"
      - "traefik.http.routers.front.entrypoints=websecure"
    networks:
      - web
Enter fullscreen mode Exit fullscreen mode
. . . . . . . . . . . .