Traefik – reverse proxy

create the network

docker network create --driver=overlay --subnet=10.0.1.0/24 traefik-public

create the file: traefik-stack.yaml, with content:

version: '3.3'

services:
  proxy:
    image: traefik:v2.4.11
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro #listen Docker events
      - /containers/traefik/configuration/:/configuration/ #dynamic configuration   
      - /containers-certs/:/certs #data persistent
    networks:
      - traefik-network
    ports:
      - 80:80
      - 443:443
    command:
      - --providers.docker
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.swarmmode=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=traefik-network
      - --providers.file.directory=/configuration/
      - --providers.file.watch=true
      - --log
      - --accesslog
      - --api
      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
    deploy:    
      placement:
        constraints:
          - node.role == manager
      labels:
        # Enable Traefik for this service, to make it available in the network network
        - traefik.enable=true
        # Use the traefik-network network (declared below)
        - traefik.docker.network=traefik-network
        # Use the custom label "traefik.constraint-label=traefik-network"
        # This network Traefik will only use services with this label
        # That way you can add other internal Traefik instances per stack if needed
        - traefik.constraint-label=traefik-network
        # admin-auth middleware with HTTP Basic auth
        # Using the environment variables USERNAME and HASHED_PASSWORD
        #- traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
        # https-redirect middleware to redirect HTTP to HTTPS
        # It can be re-used by other stacks in other Docker Compose files
        - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
        - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
        # traefik-http set up only to use the middleware to redirect to https
        # Uses the environment variable DOMAIN
        - traefik.http.routers.traefik-network-http.rule=Host(`traefik.krolaki.eu`)
        - traefik.http.routers.traefik-network-http.entrypoints=http
        - traefik.http.routers.traefik-network-http.middlewares=https-redirect
        # traefik-https the actual router using HTTPS
        # Uses the environment variable DOMAIN
        - traefik.http.routers.traefik-network-https.rule=Host(`traefik.krolaki.eu`)
        - traefik.http.routers.traefik-network-https.entrypoints=https
        - traefik.http.routers.traefik-network-https.tls=true
        # Use the special Traefik service api@internal with the web UI/Dashboard
        - traefik.http.routers.traefik-network-https.service=api@internal
        # Use the "le" (Let's Encrypt) resolver created below
        - traefik.http.routers.traefik-network-https.tls.certresolver=le
        # Enable HTTP Basic auth, using the middleware created above
        #- traefik.http.routers.traefik-network-https.middlewares=admin-auth
        # Define the port inside of the Docker service to use
        - traefik.http.services.traefik-network.loadbalancer.server.port=443

networks:
  traefik-network:
    external: true

and start the service:

 docker stack deploy traefik -c /containers-cfg/trafik-stack.yaml

Leave a Reply

Your email address will not be published. Required fields are marked *