Initial commit docker-traefik-dashboard-letsencrypt

docker-traefik-dashboard-letsencrypt/README.md

@@ -0,0 +1,21 @@
+# docker-traefik-dashboard-letsencrypt
+
+Simple `docker-compose.yml` template to run Traefik and a whoami service with Docker.
+
+Features:
+
+- Traefik is listening on ports 80 (http) and 443 (https)
+- All http requests will be redirected to secure https requests
+- Docker services with label `traefik.enable=true` will automatically be discovered by Traefik
+- Letsencrypt will automatically generate TLS/SSL certificates for all domains in `Host()`
+- Traefik log (`level=INFO`) and access log are enabled to container stdout/stderr
+- Traefik dashboard is enabled at `https://traefik.example.com/dashboard/` with user/pass test/test
+- Example whoami router will automatically redirect from “www.whoami.example.com” to “whoami.example.com”
+
+Deployment:
+
+- Adapt all domain names in `Host()`
+- Adapt `acme.email`
+- Adapt dashboard username/password
+- For production: write logs files to mounted folder on host
+- Run `docker compose up -d`

docker-traefik-dashboard-letsencrypt/docker-compose.yml

@@ -0,0 +1,58 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:v3.0
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - letsencrypt:/letsencrypt
+      #- /var/log:/var/log
+    command:
+      - --api.dashboard=true
+      - --log.level=INFO
+      #- --log.filepath=/var/log/traefik.log
+      - --accesslog=true
+      #- --accesslog.filepath=/var/log/traefik-access.log
+      - --providers.docker.network=proxy
+      - --providers.docker.exposedByDefault=false
+      - --entrypoints.web.address=:80
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entryPoints.web.http.redirections.entrypoint.scheme=https
+      - --entrypoints.websecure.address=:443
+      - --entrypoints.websecure.asDefault=true
+      - --entrypoints.websecure.http.tls.certresolver=myresolver
+      - --certificatesresolvers.myresolver.acme.email=mail@example.com
+      - --certificatesresolvers.myresolver.acme.tlschallenge=true
+      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.mydashboard.rule=Host(`traefik.example.com`)
+      - traefik.http.routers.mydashboard.service=api@internal
+      - traefik.http.routers.mydashboard.middlewares=myauth
+      - traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/
+
+  whoami:
+    image: traefik/whoami:v1.8
+    networks:
+      - proxy
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.mywhoami.rule=Host(`whoami.example.com`) || Host(`www.whoami.example.com`)
+      - traefik.http.services.mywhoami.loadbalancer.server.port=80
+
+      - traefik.http.middlewares.mywwwredirect.redirectregex.regex=^https://www\.(.*)
+      - traefik.http.middlewares.mywwwredirect.redirectregex.replacement=https://$${1}
+      - traefik.http.routers.mywhoami.middlewares=mywwwredirect
+
+networks:
+  proxy:
+    name: proxy
+
+volumes:
+  letsencrypt:
+    name: letsencrypt