create the network
docker network create --driver=overlay --subnet=10.0.1.0/24 traefik-public
create the file: traefik-stack.yaml, with content:
version: '3.3'
services:
proxy:
image: traefik:v2.4.11
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro #listen Docker events
- /containers/traefik/configuration/:/configuration/ #dynamic configuration
- /containers-certs/:/certs #data persistent
networks:
- traefik-network
ports:
- 80:80
- 443:443
command:
- --providers.docker
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.swarmmode=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=traefik-network
- --providers.file.directory=/configuration/
- --providers.file.watch=true
- --log
- --accesslog
- --api
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
deploy:
placement:
constraints:
- node.role == manager
labels:
# Enable Traefik for this service, to make it available in the network network
- traefik.enable=true
# Use the traefik-network network (declared below)
- traefik.docker.network=traefik-network
# Use the custom label "traefik.constraint-label=traefik-network"
# This network Traefik will only use services with this label
# That way you can add other internal Traefik instances per stack if needed
- traefik.constraint-label=traefik-network
# admin-auth middleware with HTTP Basic auth
# Using the environment variables USERNAME and HASHED_PASSWORD
#- traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
# https-redirect middleware to redirect HTTP to HTTPS
# It can be re-used by other stacks in other Docker Compose files
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
# traefik-http set up only to use the middleware to redirect to https
# Uses the environment variable DOMAIN
- traefik.http.routers.traefik-network-http.rule=Host(`traefik.krolaki.eu`)
- traefik.http.routers.traefik-network-http.entrypoints=http
- traefik.http.routers.traefik-network-http.middlewares=https-redirect
# traefik-https the actual router using HTTPS
# Uses the environment variable DOMAIN
- traefik.http.routers.traefik-network-https.rule=Host(`traefik.krolaki.eu`)
- traefik.http.routers.traefik-network-https.entrypoints=https
- traefik.http.routers.traefik-network-https.tls=true
# Use the special Traefik service api@internal with the web UI/Dashboard
- traefik.http.routers.traefik-network-https.service=api@internal
# Use the "le" (Let's Encrypt) resolver created below
- traefik.http.routers.traefik-network-https.tls.certresolver=le
# Enable HTTP Basic auth, using the middleware created above
#- traefik.http.routers.traefik-network-https.middlewares=admin-auth
# Define the port inside of the Docker service to use
- traefik.http.services.traefik-network.loadbalancer.server.port=443
networks:
traefik-network:
external: true
and start the service:
docker stack deploy traefik -c /containers-cfg/trafik-stack.yaml