docker-swarm-traefik-dnschallenge

Simple docker-compose.yml template to run Traefik and a whoami service with Docker Swarm and LetsEncrypt dnsChallenge.

Features:

Traefik will be deployed to all manager nodes (to have access to Swarm docker.sock)
Traefik is listening on ports 80 (http) and 443 (https) on the node itself
All http requests will be redirected to secure https requests
Docker services with label traefik.enable=true will automatically be discovered by Traefik
Letsencrypt dnsChallenge will automatically generate TLS/SSL certificates for all domains in Host()
Optionally generate wildcard TLS certs. But main/sans can savely be removed
Traefik log (level=INFO) and access log are enabled to container stdout/stderr
Traefik dashboard is enabled at https://traefik.example.com/dashboard/ with user/pass test/test
Traefik whoami will be deployed to all Swarm nodes, available at https://whoami.example.com

Adapt all domain names in Host()
Adapt acme.email and dnschallenge.provider, also adapt required env variables
Adapt dashboard username/password
For production: write logs files to mounted folder on host
Run docker stack deploy -c docker-compose.yml myProxy

Traefik CE (community edition) is not LetsEncrypt cluster-enabled. If you have multiple Traefik instances, each will generate an indiviual TLS cert.
Make sure to persist the LetsEncrypt TLS certs, as LetsEncrypt has strict limits. Note that the content of volumes is not shared across nodes.