From 9da2ccb0f76fceb9fee0bfc4c75e1bfbd312c342 Mon Sep 17 00:00:00 2001 From: Alex Hyett Date: Wed, 20 Jan 2021 12:34:15 +0000 Subject: [PATCH] Add SSL version --- README.md | 12 ++++++++++++ docker-compose.traefik-ssl.yml | 31 +++++++++++++++++++++++++++++++ traefik-ssl/acme.json | 0 traefik-ssl/traefik.toml | 28 ++++++++++++++++++++++++++++ traefik-ssl/traefik_dynamic.toml | 12 ++++++++++++ 5 files changed, 83 insertions(+) create mode 100644 docker-compose.traefik-ssl.yml create mode 100644 traefik-ssl/acme.json create mode 100644 traefik-ssl/traefik.toml create mode 100644 traefik-ssl/traefik_dynamic.toml diff --git a/README.md b/README.md index 29e5ea9..e652577 100644 --- a/README.md +++ b/README.md @@ -23,3 +23,15 @@ docker-compose -f docker-compose.traefik.yml up ``` You will then be able to access whoami from http://localhost/whoami and the Traefik dashboard from http://localhost:8080. + +### Secure version + +You need to replace `youremailhere` in `traefik.toml` and `yourdomain.com` in `traefik_dynamic.toml` for this to work. + +``` +docker-compose -f docker-compose.traefik-ssl.yml up +``` + +You will then be able to access whoami from https://localhost/whoami and the Traefik dashboard from https://localhost/dashboard. + +The username is `admin` and the password is `admin`. Read my blog post on how to set this up, [Traefik vs Nginx for Reverse Proxy with Docker on a Raspberry Pi](https://www.alexhyett.com/traefik-vs-nginx-docker-raspberry-pi) diff --git a/docker-compose.traefik-ssl.yml b/docker-compose.traefik-ssl.yml new file mode 100644 index 0000000..7e20d50 --- /dev/null +++ b/docker-compose.traefik-ssl.yml @@ -0,0 +1,31 @@ +version: '3.4' +services: + traefik: + image: 'traefik:2.3' + container_name: 'traefik' + restart: 'unless-stopped' + ports: + - '80:80' + - '443:443' + volumes: + - '/var/run/docker.sock:/var/run/docker.sock:ro' + - './traefik-ssl/traefik.toml:/traefik.toml' + - './traefik-ssl/traefik_dynamic.toml:/traefik_dynamic.toml' + - './traefik-ssl/acme.json:/acme.json' + networks: + - pi + + whoami: + image: 'traefik/whoami' + restart: 'unless-stopped' + labels: + - 'traefik.enable=true' + - 'traefik.http.routers.whoami.rule=PathPrefix(`/whoami{regex:$$|/.*}`)' + - 'traefik.http.services.whoami.loadbalancer.server.port=80' + - 'traefik.http.routers.whoami.middlewares=simpleAuth@file' + networks: + - pi + +networks: + pi: + external: true diff --git a/traefik-ssl/acme.json b/traefik-ssl/acme.json new file mode 100644 index 0000000..e69de29 diff --git a/traefik-ssl/traefik.toml b/traefik-ssl/traefik.toml new file mode 100644 index 0000000..39cdc68 --- /dev/null +++ b/traefik-ssl/traefik.toml @@ -0,0 +1,28 @@ +[entryPoints] + [entryPoints.web] + address = ":80" + [entryPoints.web.http.redirections.entryPoint] + to = "websecure" + scheme = "https" + + [entryPoints.websecure] + address = ":443" + + [entryPoints.websecure.http.tls] + certResolver = "lets-encrypt" + +[api] + dashboard = true + +[certificatesResolvers.lets-encrypt.acme] + email = "youremailhere" + storage = "acme.json" + [certificatesResolvers.lets-encrypt.acme.tlsChallenge] + +[providers.docker] + watch = true + network = "web" + exposedByDefault = false + +[providers.file] + filename = "traefik_dynamic.toml" \ No newline at end of file diff --git a/traefik-ssl/traefik_dynamic.toml b/traefik-ssl/traefik_dynamic.toml new file mode 100644 index 0000000..10d446e --- /dev/null +++ b/traefik-ssl/traefik_dynamic.toml @@ -0,0 +1,12 @@ +[http.middlewares.simpleAuth.basicAuth] + users = [ + "admin:$apr1$86fC1Dr4$tDIyf.Zhg4z.NSf3uHY./." + ] + +[http.routers.api] + rule = "Host(`yourdomain.com`)" + entrypoints = ["web","websecure"] + middlewares = ["simpleAuth"] + service = "api@internal" + [http.routers.api.tls] + certResolver = "lets-encrypt" \ No newline at end of file