Skip to content
Snippets Groups Projects
Select Git revision
  • develop
  • main default protected
2 results
Compare
Olivier Benz's avatar
Update Træfik to v2.7
Olivier Benz authored 
- Update README
3d3d10f5
History
Olivier Benz's avatar 3d3d10f5
History
Name Last commit Last update
config
custom
references
.gitignore
LICENSE
README.md
sample..env
sample.docker-compose.yml
README.md

Donate with fosspay Donate using Liberapay

Træfik

This project serves as a template to run Træfik v2.7 in a docker container using docker-compose.

The goal is to set up a TLS termination proxy for all Docker containers providing web services on a single host.

Features

  • Automatic creation/renewal of Let's Encrypt certificates (HTTP challenge).
  • Provision of the following basic Middlewares:
    • RedirectScheme: Redirect from HTTP to HTTPS
    • RateLimit: Limit to a fair amount of requests
      • average: 100 requests per second
      • burst: 50 requests (per second)
    • Headers: HTTP Strict Transport Security with long duration
  • Provision of three configurations (modern, intermediate [default], old) for TLS.
    → See Mozilla SSL Configuration Generator for more information.
  • Use of an .env file for variable substitution in the Compose file.

About træfik

Prerequisites

For the HTTP challenge you will need:

  • A publicly accessible host allowing connections on port 80 & 443.
  • A DNS record for the domain you want to expose pointing to this host.

Docker

To install docker, follow the instructions for your platform:

Docker Compose

Setup

  1. Create an external docker network named "webproxy": 
    docker network create webproxy
  2. Make a copy of all sample. files: 
    for file in sample.*; do cp "$file" "${file#sample.}"; done;
  3. Update environment variables TF_ACME_EMAIL and TF_CERTRESOLVER_NAME1 in '.env':
    • Replace postmaster@mydomain.com with a valid email address of yours.
    • Replace mydomain-com with a suitable name to identify this certificate resolvers configuration.
      → Dots (.) in the name are not allowed!
  4. Start the container in detached mode: 
    docker-compose up -d

docker-compose commands must be run in the root directory of the project, i.e. where 'docker-compose.yml' is located!

Test

  1. Uncomment lines 43 to 55 in 'docker-compose.yml' to enable service "whoami" and configure as follows:
    • Replace whoami.mydomain.com with the intended domain from Prerequisites.
    • Replace mydomain-com with the value set for TF_CERTRESOLVER_NAME1 in '.env'.
  2. Start the container in detached mode: 
    docker-compose up -d
  3. Wait a bit and visit http://whoami.mydomain.com to confirm everything went fine.

Debugging

Use docker logs to see the output of the container:

docker logs webproxy_traefik_1