Traefik - amark/gun GitHub Wiki
CAUTION: The yaml on this page describes an existing system on docker-swarm, not docker-compose.
Running traefik:
version: '3.3'
services:
reverse-proxy:
image: traefik:v2.2
command:
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=traefik
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --certificatesresolvers.letsencryptresolver.acme.httpchallenge=true
- --certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.letsencryptresolver.acme.email=**EMAIL ADDRESS**
- --certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json
ports:
- 80:80
- 443:443
volumes:
- traefik-certificates:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- traefik
logging:
driver: json-file
deploy:
labels:
traefik.enable: 'true'
traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https
traefik.http.routers.http-catchall.entrypoints: web
traefik.http.routers.http-catchall.middlewares: redirect-to-https@docker
traefik.http.routers.http-catchall.rule: hostregexp(`{host:.+}`)
traefik.http.services.http-catchall.loadbalancer.server.port: '80'
placement:
constraints:
- node.role == manager
networks:
traefik:
external: true
volumes:
traefik-certificates:
driver: local
Then, add the following to the service you want the letsencrypt certificate on:
services:
NAME:
deploy:
labels:
traefik.enable: 'true'
traefik.http.routers.example-com.entrypoints: websecure
traefik.http.routers.example-com.rule: Host(`**DOMAIN**`,`**ANOTHER DOMAIN**`)
traefik.http.routers.example-com.tls.certresolver: letsencryptresolver
traefik.http.services.example-com.loadbalancer.server.port: '**CONTAINER LISTENING PORT**'