mirror of
https://github.com/bluepuma77/traefik-best-practice.git
synced 2025-12-24 14:31:49 +01:00
28 lines
1.4 KiB
Markdown
28 lines
1.4 KiB
Markdown
# docker-swarm-traefik
|
|
|
|
Simple `docker-compose.yml` template to run Traefik and a whoami service with Docker Swarm.
|
|
|
|
## Features:
|
|
|
|
- Traefik will be deployed to all manager nodes (to have access to Swarm docker.sock)
|
|
- Traefik is listening on ports 80 (http) and 443 (https) on the node itself
|
|
- All http requests will be redirected to secure https requests
|
|
- Docker services with label `traefik.enable=true` will automatically be discovered by Traefik
|
|
- Letsencrypt will automatically generate TLS/SSL certificates for all domains in `Host()`
|
|
- Traefik log (`level=INFO`) and access log are enabled to container stdout/stderr
|
|
- Traefik dashboard is enabled at `https://traefik.example.com/dashboard/` with user/pass test/test
|
|
- Traefik `whoami` will be deployed to all Swarm nodes, available at `https://whoami.example.com`
|
|
|
|
## Deployment:
|
|
|
|
- Adapt all domain names in `Host()`
|
|
- Adapt `acme.email`
|
|
- Adapt dashboard username/password
|
|
- For production: write logs files to mounted folder on host
|
|
- Run `docker stack deploy -c docker-compose.yml proxy`
|
|
|
|
## Challenges:
|
|
|
|
- Only a single Traefik instance should be run for `httpChallenge` or `tlsChallenge` to work, as Traefik CE (community edition) is not cluster-enabled. If you need clustered LetsEncrypt TLS, use `dnsChallenge` or a different method to generate the certs.
|
|
- Make sure to persist the LetsEncrypt TLS certs, as LetsEncrypt has strict limits. Note that the content of volumes is not shared across nodes.
|