├── LICENSE
├── README.md
├── apps
    └── README.md
└── core
    ├── docker-compose.yml
    └── traefik-data
        ├── acme.json
        ├── configurations
            └── dynamic.yml
        └── traefik.yml


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2020 Raf Rasenberg
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Docker container management with Traefik v2 and Portainer
 2 | 
 3 | A configuration set-up for a Traefik v2 reverse proxy along with Portainer and Docker Compose.
 4 | 
 5 | This set-up makes container management & deployment a breeze and the reverse proxy allows for running multiple applications on one Docker host. Traefik will route all the incoming traffic to the appropriate docker containers and through the open-source app Portainer you can speed up software deployments, troubleshoot problems and simplify migrations.
 6 | 
 7 | Detailed explanation how to use this in my blog post:
 8 | [Docker container management with Traefik v2 and Portainer](https://rafrasenberg.com/docker-compose-traefik-v2/)
 9 | 
10 | ## Run it
11 | 
12 | ```
13 | git clone https://github.com/rafrasenberg/docker-traefik-portainer ./src
14 | cd src/core
15 | docker compose up -d
16 | ```
17 | 


--------------------------------------------------------------------------------
/apps/README.md:
--------------------------------------------------------------------------------
1 | # Apps
2 | 
3 | The folder for your apps
4 | 


--------------------------------------------------------------------------------
/core/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: "3.8"
 2 | 
 3 | services:
 4 |   traefik:
 5 |     image: "traefik:latest"
 6 |     container_name: traefik
 7 |     restart: unless-stopped
 8 |     security_opt:
 9 |       - "no-new-privileges:true"
10 |     networks:
11 |       - proxy
12 |     ports:
13 |       - "80:80"
14 |       - "443:443"
15 |     volumes:
16 |       - "/etc/localtime:/etc/localtime:ro"
17 |       - "/var/run/docker.sock:/var/run/docker.sock:ro"
18 |       - "./traefik-data/traefik.yml:/traefik.yml:ro"
19 |       - "./traefik-data/acme.json:/acme.json"
20 |       - "./traefik-data/configurations:/configurations"
21 |     labels:
22 |       - traefik.enable=true
23 |       - traefik.docker.network=proxy
24 |       - traefik.http.routers.traefik-secure.entrypoints=websecure
25 |       - traefik.http.routers.traefik-secure.rule=Host(`traefik.yourdomain.com`)
26 |       - traefik.http.routers.traefik-secure.service=api@internal
27 |       - traefik.http.routers.traefik-secure.middlewares=user-auth@file
28 | 
29 |   portainer:
30 |     image: "portainer/portainer-ce:latest"
31 |     container_name: portainer
32 |     restart: unless-stopped
33 |     security_opt:
34 |       - "no-new-privileges:true"
35 |     networks:
36 |       - proxy
37 |     volumes:
38 |       - "/etc/localtime:/etc/localtime:ro"
39 |       - "/var/run/docker.sock:/var/run/docker.sock:ro"
40 |       - "./portainer-data:/data"
41 |     labels:
42 |       - traefik.enable=true
43 |       - traefik.docker.network=proxy
44 |       - traefik.http.routers.portainer-secure.entrypoints=websecure
45 |       - traefik.http.routers.portainer-secure.rule=Host(`portainer.yourdomain.com`)
46 |       - traefik.http.routers.portainer-secure.service=portainer
47 |       - traefik.http.services.portainer.loadbalancer.server.port=9000
48 | 
49 | networks:
50 |   proxy:
51 |     external: true
52 | 


--------------------------------------------------------------------------------
/core/traefik-data/acme.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rafrasenberg/docker-traefik-portainer/78b278ad42e67d1fb5718612a21bbaa39a073dc0/core/traefik-data/acme.json


--------------------------------------------------------------------------------
/core/traefik-data/configurations/dynamic.yml:
--------------------------------------------------------------------------------
 1 | # Dynamic configuration
 2 | http:
 3 |   middlewares:
 4 |     secureHeaders:
 5 |       headers:
 6 |         sslRedirect: true
 7 |         forceSTSHeader: true
 8 |         stsIncludeSubdomains: true
 9 |         stsPreload: true
10 |         stsSeconds: 31536000
11 |     user-auth:
12 |       basicAuth:
13 |         users:
14 |           - "raf:$apr1$MTqfVwiE$FKkzT5ERGFqwH9f3uipxA1"
15 | 
16 | tls:
17 |   options:
18 |     default:
19 |       cipherSuites:
20 |         - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
21 |         - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
22 |         - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
23 |         - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
24 |         - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
25 |         - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
26 |       minVersion: VersionTLS12
27 | 


--------------------------------------------------------------------------------
/core/traefik-data/traefik.yml:
--------------------------------------------------------------------------------
 1 | api:
 2 |   dashboard: true
 3 | 
 4 | entryPoints:
 5 |   web:
 6 |     address: ":80"
 7 |     http:
 8 |       redirections:
 9 |         entryPoint:
10 |           to: websecure
11 | 
12 |   websecure:
13 |     address: ":443"
14 |     http:
15 |       middlewares:
16 |         - secureHeaders@file
17 |       tls:
18 |         certResolver: letsencrypt
19 | 
20 | providers:
21 |   docker:
22 |     endpoint: "unix:///var/run/docker.sock"
23 |     exposedByDefault: false
24 |   file:
25 |     filename: /configurations/dynamic.yml
26 | 
27 | certificatesResolvers:
28 |   letsencrypt:
29 |     acme:
30 |       email: raf@yourdomain.com
31 |       storage: acme.json
32 |       keyType: EC384
33 |       httpChallenge:
34 |         entryPoint: web
35 | 


--------------------------------------------------------------------------------