LinuxBlog.xyz

April 24, 2020 - Patrick Kerwood

Traefik v1.7 Configuration with Let's Encrypt

WARNING

Traefik v1 is deprecated. See this post instead.

A Docker Compose configuration example with Traefik v1.7 including Let's Encrypt HTTP/DNS validation.

This configuration redirects http to https and requests certificates from Let's Encrypt. Just change <your-email@goes-here.com> to your mail address, create the acme.json file and change the path to the acme.json file.

mkdir /home/traefik
touch /home/traefik/acme.json
chmod 600 /home/traefik/acme.json

# With Let's Encrypt HTTP validation





















 









 

version: "3.7"
networks:
  default:
    name: traefik-proxy

services:
  traefik:
    image: traefik:v1.7
    container_name: traefik
    restart: unless-stopped
    command: --api \
             --loglevel=info \
             --defaultentrypoints=http,https
             --entrypoints="Name:http Address::80 Redirect.EntryPoint:https" \
             --entrypoints="Name:https Address::443 TLS" \
             --docker \
             --docker.endpoint="unix:///var/run/docker.sock" \
             --docker.watch=true \
             --docker.exposedbydefault=false \
             --acme=true \
             --acme.email=<your-email@goes-here.com> \
             --acme.entrypoint=https
             --acme.storage=/acme.json \
             --acme.onhostrule=true \
             --acme.httpChallenge.entryPoint=http
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/traefik/acme.json:/acme.json

# With Let's Encrypt DNS validation

Below is the a Docker Compose example with Let's Encrypt DNS validation. Your domain name needs to be hosted by a supported DNS provider. You can get a list of supported providers here. (opens new window)

In the example below, I'm using Digital Ocean as DNS provider and in the list linked above, I can see that I need a DO_AUTH_TOKEN environment variable with a valid API token/key.





















 




 


 







version: "3.7"
networks:
  default:
    name: traefik-proxy

services:
  traefik:
    image: traefik:v1.7
    container_name: traefik
    restart: unless-stopped
    command: --api \
             --loglevel=info \
             --defaultentrypoints=http,https
             --entrypoints="Name:http Address::80 Redirect.EntryPoint:https" \
             --entrypoints="Name:https Address::443 TLS" \
             --docker \
             --docker.endpoint="unix:///var/run/docker.sock" \
             --docker.watch=true \
             --docker.exposedbydefault=false \
             --acme=true \
             --acme.email=<your-email@goes-here.com> \
             --acme.entrypoint=https
             --acme.storage=/acme.json \
             --acme.onhostrule=true \
             --acme.dnschallenge=true \
             --acme.dnschallenge.provider=digitalocean \
             --acme.dnschallenge.delaybeforecheck=10
    environment:
      - DO_AUTH_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxx
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/traefik/acme.json:/acme.json

# Label your containers

Add labels to your containers to make Traefik proxy traffic to them. Also they need to be in the traefik-proxy network.

labels:
  - traefik.enable=true
  - traefik.frontend.rule=Host:webapp.example.com
  - traefik.port=3000

Below is a Hello World example. As you can see, I expose port 3000. It dosen't really do anything, but I like that you can see the ports this container is listing on.

version: '3.7'

networks:
  default:
    name: traefik-proxy

services:
  hello-world:
    image: kerwood/hello-world
    container_name: hello-world
    expose:
      - 3000
    labels:
      - traefik.enable=true
      - traefik.frontend.rule=Host:webapp.example.com
      - traefik.port=3000
Found a bug? Help me improve this page!
Last Commit: 
Like my work? Buy me a beer 🍺