Skip to content
Snippets Groups Projects
Select Git revision
  • develop
  • main default protected
2 results
Compare
Olivier Benz's avatar
Merge branch 'develop'
Olivier Benz authored
12538057
History
Olivier Benz's avatar 12538057
History
Name Last commit Last update
.github
config
custom
references
.gitignore
CODE_OF_CONDUCT.md
LICENSE
README.md
sample..env
sample.docker-compose.yml
README.md

minimal-readme compliant Project Status: Active – The project has reached a stable, usable state and is being actively developed. Donate using Liberapay Donate with fosspay

Træfik

This project serves as a template to run Træfik v2.8 in a docker container using docker compose.

The goal is to set up a TLS termination proxy for all Docker containers providing web services on a single host.

Features

  • Automatic creation/renewal of Let's Encrypt certificates (HTTP challenge).
  • Provision of the following basic Middlewares:
    • RedirectScheme: Redirect from HTTP to HTTPS
    • RateLimit: Limit to a fair amount of requests
      • average: 100 requests per second
      • burst: 50 requests (per second)
    • Headers: HTTP Strict Transport Security with long duration
  • Provision of three configurations (modern, intermediate [default], old) for TLS.
    → See Mozilla SSL Configuration Generator for more information.
  • Use of an .env file for variable substitution in the Compose file.

About træfik

Table of Contents

Prerequisites

For the HTTP challenge you require:

  • A publicly accessible host allowing connections on port 80 & 443.
  • A DNS record for the domain you want to expose pointing to this host.

Install

To install docker and docker compose, follow the instructions for your platform:

Usage

  1. Create an external docker network named "webproxy": 
    docker network create webproxy
  2. Make a copy of all sample. files: 
    for file in sample.*; do cp "$file" "${file#sample.}"; done;
  3. Update environment variables TF_ACME_EMAIL and TF_CERTRESOLVER_NAME1 in '.env':
    • Replace postmaster@mydomain.com with a valid email address of yours.
    • Replace mydomain-com with a suitable name to identify this certificate resolvers configuration.
      → Dots (.) in the name are not allowed!
  4. Start the container in detached mode: 
    docker compose up -d

docker compose commands must be run in the root directory of the project, i.e. where 'docker-compose.yml' is located!

Test

  1. Uncomment lines 43 to 55 in 'docker-compose.yml' to enable service "whoami" and configure as follows:
    • Replace whoami.mydomain.com with the intended domain from Prerequisites.
    • Replace mydomain-com with the value set for TF_CERTRESOLVER_NAME1 in '.env'.
  2. Start the container in detached mode: 
    docker compose up -d
  3. Wait a bit and visit http://whoami.mydomain.com to confirm everything went fine.

Debugging

Use docker logs to see the output of the container:

docker logs webproxy-traefik-1

Contributing

PRs accepted.

This project follows the Contributor Covenant Code of Conduct.

License

MIT © 2019 b-data GmbH