Skip to content
Snippets Groups Projects
Select Git revision
  • develop
  • main default protected
2 results
Compare
Olivier Benz's avatar
Merge branch 'develop'
Olivier Benz authored
9ec17ae1
History
Olivier Benz's avatar 9ec17ae1
History
Name Last commit Last update
.github
config
custom
references
.gitignore
LICENSE
README.md
sample..env
sample.docker-compose.yml
README.md

Donate using Liberapay Donate with fosspay

Træfik

This project serves as a template to run Træfik v2.8 in a docker container using docker compose.

The goal is to set up a TLS termination proxy for all Docker containers providing web services on a single host.

Features

  • Automatic creation/renewal of Let's Encrypt certificates (HTTP challenge).
  • Provision of the following basic Middlewares:
    • RedirectScheme: Redirect from HTTP to HTTPS
    • RateLimit: Limit to a fair amount of requests
      • average: 100 requests per second
      • burst: 50 requests (per second)
    • Headers: HTTP Strict Transport Security with long duration
  • Provision of three configurations (modern, intermediate [default], old) for TLS.
    → See Mozilla SSL Configuration Generator for more information.
  • Use of an .env file for variable substitution in the Compose file.

About træfik

Prerequisites

For the HTTP challenge you will need:

  • A publicly accessible host allowing connections on port 80 & 443.
  • A DNS record for the domain you want to expose pointing to this host.

Docker

To install docker and docker compose, follow the instructions for your platform:

Setup

  1. Create an external docker network named "webproxy": 
    docker network create webproxy
  2. Make a copy of all sample. files: 
    for file in sample.*; do cp "$file" "${file#sample.}"; done;
  3. Update environment variables TF_ACME_EMAIL and TF_CERTRESOLVER_NAME1 in '.env':
    • Replace postmaster@mydomain.com with a valid email address of yours.
    • Replace mydomain-com with a suitable name to identify this certificate resolvers configuration.
      → Dots (.) in the name are not allowed!
  4. Start the container in detached mode: 
    docker compose up -d

docker compose commands must be run in the root directory of the project, i.e. where 'docker-compose.yml' is located!

Test

  1. Uncomment lines 43 to 55 in 'docker-compose.yml' to enable service "whoami" and configure as follows:
    • Replace whoami.mydomain.com with the intended domain from Prerequisites.
    • Replace mydomain-com with the value set for TF_CERTRESOLVER_NAME1 in '.env'.
  2. Start the container in detached mode: 
    docker compose up -d
  3. Wait a bit and visit http://whoami.mydomain.com to confirm everything went fine.

Debugging

Use docker logs to see the output of the container:

docker logs webproxy-traefik-1