├── .gitignore
├── README.md
├── config
    └── traefik.example.yml
├── docker-compose.yml
├── letsencrypt
    └── .gitkeep
└── override.example.yml


/.gitignore:
--------------------------------------------------------------------------------
1 | config/
2 | !config/traefik.example.yml
3 | letsencrypt/
4 | !letsencrypt/.gitkeep
5 | docker-compose.override.yml
6 | 
7 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Traefik Dockerized
  2 | 
  3 | - [Traefik Dockerized](#traefik-dockerized)
  4 |   - [Overview](#overview)
  5 |   - [Requirements](#requirements)
  6 |   - [Installation](#installation)
  7 |     - [Traefik Dashboard](#traefik-dashboard)
  8 |     - [Entry Points](#entry-points)
  9 |     - [Docker Network](#docker-network)
 10 |     - [Let's Encrypt](#lets-encrypt)
 11 |     - [acme.json](#acmejson)
 12 |     - [Dashboard Routing](#dashboard-routing)
 13 |   - [Usage](#usage)
 14 |     - [Update Traefik](#update-traefik)
 15 |   - [Resources](#resources)
 16 | 
 17 | ---
 18 | 
 19 | ## Overview
 20 | 
 21 | This repository contains a template to deploy [Traefik 2](https://containo.us/traefik/) using [Docker Compose](https://docs.docker.com/compose/) on a single machine running [Docker](https://www.docker.com/).
 22 | 
 23 | ## Requirements
 24 | 
 25 | - [Docker](https://www.docker.com/)
 26 | - [Docker Compose](https://docs.docker.com/compose/)
 27 | - [Git](https://git-scm.com/)
 28 | - Text editor of your choice (e.g. [Vim](https://www.vim.org/))
 29 | 
 30 | ## Installation
 31 | 
 32 | Clone the repository:
 33 | 
 34 | ```sh
 35 | $ git clone https://github.com/cedrichopf/traefik-dockerized.git
 36 | Cloning into 'traefik-dockerized'...
 37 | ```
 38 | 
 39 | Create a copy of the example configuration files:
 40 | 
 41 | ```sh
 42 | # Traefik Configuration
 43 | $ cp config/traefik.example.yml config/traefik.yml
 44 | # Custom Docker Compose Configuration
 45 | $ cp override.example.yml docker-compose.override.yml
 46 | ```
 47 | 
 48 | ### Traefik Dashboard
 49 | 
 50 | To disable the _Traefik_ Dashboard, change the following configuration value to `false`:
 51 | 
 52 | ```yaml
 53 | api:
 54 |   dashboard: false
 55 | ```
 56 | 
 57 | ### Entry Points
 58 | 
 59 | Per default, this Traefik deployment listens on port `80` (HTTP) and `443` (HTTPS). This can be changed by adapting the `address` field of the Entry Points:
 60 | 
 61 | ```yaml
 62 | entryPoints:
 63 |   http:
 64 |     address: ":80"
 65 |   https:
 66 |     address: ":443"
 67 | ```
 68 | 
 69 | ### Docker Network
 70 | 
 71 | To let _Traefik_ auto-discover the applications running as a Docker container on the machine, create a Docker network and add it to the configuration. In this example, the Docker network is called `proxy`.
 72 | 
 73 | 1. Create a Docker network:
 74 | 
 75 | ```sh
 76 | $ docker network create proxy
 77 | ca0a9fe39b34b9f17d5c5e938e82ce67b4423e151ae5000eee7754e89116cac1
 78 | ```
 79 | 
 80 | 1. Add the network to the configuration:
 81 | 
 82 | ```yaml
 83 | providers:
 84 |   docker:
 85 |     network: proxy
 86 | ```
 87 | 
 88 | ### Let's Encrypt
 89 | 
 90 | To use the built-in Let's Encrypt support, add a Certificate Resolver to the configuration:
 91 | 
 92 | ```yaml
 93 | certificatesResolvers:
 94 |   letsencrypt:
 95 |     acme:
 96 |       email: admin@example.com
 97 |       storage: acme.json
 98 |       httpChallenge:
 99 |         entryPoint: http
100 | ```
101 | 
102 | ### acme.json
103 | 
104 | The file `acme.json` will be mounted inside the _Traefik_ container and is used to store the certificates received from Let's Encrypt. Create this file and change the file permissions to `600`:
105 | 
106 | ```sh
107 | $ touch letsencrypt/acme.json
108 | $ chmod 600 letsencrypt/acme.json
109 | ```
110 | 
111 | ### Dashboard Routing
112 | 
113 | If the _Traefik_ Dashboard is enabled, configure the router in the `docker-compose.override.yml` file to make the dashboard available:
114 | 
115 | ```yaml
116 | labels:
117 |   - traefik.http.routers.traefik-http.rule=Host(`traefik.example.com`)
118 |   - traefik.http.routers.traefik-http.entrypoints=http
119 |   - traefik.http.routers.traefik-http.middlewares=redirect
120 |   - traefik.http.routers.traefik-https.rule=Host(`traefik.example.com`)
121 |   - traefik.http.routers.traefik-https.entrypoints=https
122 |   - traefik.http.routers.traefik-https.tls=true
123 |   - traefik.http.routers.traefik-http.service=api@internal
124 |   - traefik.http.routers.traefik-https.service=api@internal
125 |   - traefik.http.middlewares.redirect.redirectscheme.scheme=https
126 | ```
127 | 
128 | ## Usage
129 | 
130 | Once the configuration is completed, download the Docker images and start the services using docker-compose:
131 | 
132 | ```sh
133 | $ docker-compose pull
134 | $ docker-compose up -d
135 | ```
136 | 
137 | To stop the deployment, you can either run the `stop` or `down` command of docker-compose:
138 | 
139 | ```sh
140 | $ docker-compose stop
141 | Stopping traefik_traefik_1 ... done
142 | $ docker-compose down
143 | Stopping traefik_traefik_1 ... done
144 | Removing traefik_traefik_1 ... done
145 | ```
146 | 
147 | By using `docker-compose down` instead of `docker-compose stop`, the containers will be also removed.
148 | 
149 | ### Update Traefik
150 | 
151 | To update the _Traefik_ instance, download the latest Docker images and recreate the services:
152 | 
153 | ```sh
154 | $ docker-compose pull
155 | Pulling traefik ... done
156 | $ docker-compose up -d
157 | Recreating traefik_traefik_1 ... done
158 | ```
159 | 
160 | The command `docker-compose pull` will automatically fetch and download the latest version of _Traefik_ available on Docker Hub. Finally, the command `docker-compose up -d` will recreate the running _Traefik_ container with the latest version.
161 | 
162 | ## Resources
163 | 
164 | - [Traefik](https://containo.us/traefik/)
165 | - [Traefik Documentation](https://docs.traefik.io/)
166 | - [Docker](https://www.docker.com/)
167 | - [Docker Compose](https://docs.docker.com/compose/)
168 | 


--------------------------------------------------------------------------------
/config/traefik.example.yml:
--------------------------------------------------------------------------------
 1 | api:
 2 |   dashboard: true
 3 | 
 4 | entryPoints:
 5 |   http:
 6 |     address: ":80"
 7 |   https:
 8 |     address: ":443"
 9 | 
10 | providers:
11 |   docker:
12 |     network: proxy
13 | 
14 | certificatesResolvers:
15 |   letsencrypt:
16 |     acme:
17 |       email: admin@example.com
18 |       storage: acme.json
19 |       httpChallenge:
20 |         entryPoint: http
21 | 


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '3.7'
 2 | 
 3 | services:
 4 |   traefik:
 5 |     image: traefik:2.9
 6 |     restart: unless-stopped
 7 |     ports:
 8 |       - "80:80"
 9 |       - "443:443"
10 |     volumes:
11 |       - ./config/traefik.yml:/traefik.yml
12 |       - ./letsencrypt/acme.json:/acme.json
13 |       - /var/run/docker.sock:/var/run/docker.sock
14 | 


--------------------------------------------------------------------------------
/letsencrypt/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cedrichopf/traefik-dockerized/7217773b7bb660e8acd2f73cc493a461d33a7eeb/letsencrypt/.gitkeep


--------------------------------------------------------------------------------
/override.example.yml:
--------------------------------------------------------------------------------
 1 | version: '3.7'
 2 | 
 3 | services:
 4 |   traefik:
 5 |     container_name: traefik # Remove if using multiple instances
 6 |     networks:
 7 |       - proxy # Change if you're using another network
 8 |     labels:
 9 |       # Traefik configuration for the dashboard
10 |       # Remove the labels section if the dashboard is disabled
11 |       - traefik.http.routers.traefik-http.rule=Host(`traefik.example.com`)
12 |       - traefik.http.routers.traefik-http.entrypoints=http
13 |       - traefik.http.routers.traefik-http.middlewares=redirect
14 |       - traefik.http.routers.traefik-https.rule=Host(`traefik.example.com`)
15 |       - traefik.http.routers.traefik-https.entrypoints=https
16 |       - traefik.http.routers.traefik-https.tls=true
17 |       - traefik.http.routers.traefik-http.service=api@internal
18 |       - traefik.http.routers.traefik-https.service=api@internal
19 |       - traefik.http.middlewares.redirect.redirectscheme.scheme=https
20 | 
21 | networks:
22 |   # Change if you're using another network
23 |   proxy:
24 |     external: true
25 | 


--------------------------------------------------------------------------------