├── Dockerfile
├── LICENSE
├── README.md
├── docker-compose.yml
└── traefik.toml


/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM traefik:1.3.5
2 | ADD traefik.toml .
3 | EXPOSE 80
4 | EXPOSE 8080
5 | EXPOSE 443
6 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Public Domain (CC0)


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## Motivation
 2 | 
 3 | Docker-compose setup for starting  [Træfik](https://traefik.io/) as reverse-proxy, loadbalancer and SSL server with lets-encrypt certificates.
 4 | 
 5 | ## Usage
 6 | 
 7 | Clone this repository `reverse-proxy`, change mail-address and domain, 
 8 | and then run `docker-compose up -d` to startup the service.
 9 | 
10 | ```bash
11 | git clone https://github.com/docker-compose-examples/reverse-proxy
12 | cd reverse-proxy
13 | # Run `sed` or edit `traefik.toml` yourself
14 | sed -i 's/letsencrypt\@example\.com/mail@my-domain.com/g' traefik.toml
15 | sed -i 's/example\.com/my-domain.com/g' traefik.toml 
16 | # Start the reverse proxy
17 | docker-compose up -d
18 | ```
19 | 
20 | 
21 | After that, you can "up" `docker-compose.yml`-files like:
22 | 
23 | ```yaml
24 | version: '2'
25 | 
26 | services:
27 |   microbot:
28 |     image: dontrebootme/microbot
29 |     labels:
30 |     - "traefik.enable=true"
31 |     - "traefik.backend=microbot"
32 |     - "traefik.frontend.rule=Host:microbot.example.com"
33 |     - "traefik.docker.network=reverseproxy_default"
34 |     networks:
35 |     - "reverseproxy_default"
36 |     restart: always
37 | networks:
38 |   reverseproxy_default:
39 |     external:
40 |       name: reverseproxy_default
41 | ```
42 | and they will be served through the Træfik proxy. 
43 | 
44 | * Træfik will forward requests to `https://microbot.example.com` to the backend.
45 | * Træfik will order SSL certificates through [letsencrypt.org](https://letsencrypt.org/)
46 | * Træfik will balance the requests between multiple backends with the same name, which means
47 |   additional instance created by `docker-compose scale microbot=3` will automatically be used when
48 |   available. 
49 | * Requests to `http://microbot.example.com` will be redirected to **https**
50 | 
51 | # Some details
52 | 
53 | * The label `traefik.frontend.rule=Host:microbot.example.com` is used by Træfik to determine which container to use for which domain.
54 | * The option `exposedbydefault = false` tells Træfik to only include containers with the label `traefik.enable=true`.
55 | * Since the gist-files are inside the directory `reverse-proxy`, docker-compose will create a network `reverseproxy_default` for the container. The part
56 | 
57 | ```yaml
58 |   networks:
59 |     - "reverseproxy_default"
60 | ```
61 | 
62 | and
63 | 
64 | ```yaml
65 | networks:
66 |   reverseproxy_default:
67 |     external:
68 |       name: reverseproxy_default
69 | ```
70 | of the microbot-file make sure that microbot is in the same network as Træfik.
71 | 
72 | If microbot were present in two networks, the label `traefik.docker.network=reverseproxy_default` will tell Træfik which IP to use to connect to the service.
73 | 
74 | # LICENSING
75 | 
76 | All files are mostly derived from each sofware's documentation.
77 | Treat this example as public domain (CC0). It took a while to get it
78 | running, but the amount of work was not high enough to put it under any license.
79 | 
80 | # Contributing
81 | 
82 | If you want to help out in keeping this repository up-to-date, please contact me or add a comment [here](https://github.com/containerize-my-server/reverse-proxy/issues/8)
83 | 


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '3'
 2 | 
 3 | services:
 4 |   traefik:
 5 |     build: .
 6 |     # command: --logLevel=DEBUG
 7 |     ports:
 8 |       - "80:80"
 9 |       - "443:443"
10 |       - "127.0.0.1:8080:8080"
11 |     restart: always
12 |     volumes:
13 |       - /var/run/docker.sock:/var/run/docker.sock
14 |     networks:
15 |       - default
16 |     cap_drop:
17 |       - all
18 |     cap_add:
19 |       - net_bind_service
20 | 


--------------------------------------------------------------------------------
/traefik.toml:
--------------------------------------------------------------------------------
 1 | # defaultEntryPoints must be at the top because it should not be in any table below
 2 | defaultEntryPoints = ["http", "https"]
 3 | 
 4 | [web]
 5 | # Port for the status page
 6 | address = ":8080"
 7 | 
 8 | # Entrypoints, http and https
 9 | [entryPoints]
10 | 
11 | # http should be redirected to https
12 | [entryPoints.http]
13 | address = ":80"
14 | [entryPoints.http.redirect]
15 | entryPoint = "https"
16 | 
17 | # https is the default
18 | [entryPoints.https]
19 | address = ":443"
20 | 
21 | [entryPoints.https.tls]
22 | 
23 | # Enable ACME (Let's Encrypt): automatic SSL
24 | [acme]
25 | # caServer = "https://acme-staging.api.letsencrypt.org/directory"
26 | email = "letsencrypt@example.com"
27 | storage = "acme.json" # or "traefik/acme/account" if using KV store
28 | entryPoint = "https"
29 | onDemand = false
30 | OnHostRule = true
31 | 
32 | 
33 | [docker]
34 | endpoint = "unix:///var/run/docker.sock"
35 | domain = "example.com"
36 | watch = true
37 | exposedbydefault = false


--------------------------------------------------------------------------------