Add SSL version

README.md

@@ -23,3 +23,15 @@ docker-compose -f docker-compose.traefik.yml up
 ```
 
 You will then be able to access whoami from http://localhost/whoami and the Traefik dashboard from http://localhost:8080.
+
+### Secure version
+
+You need to replace `youremailhere` in `traefik.toml` and `yourdomain.com` in `traefik_dynamic.toml` for this to work.
+
+```
+docker-compose -f docker-compose.traefik-ssl.yml up
+```
+
+You will then be able to access whoami from https://localhost/whoami and the Traefik dashboard from https://localhost/dashboard.
+
+The username is `admin` and the password is `admin`. Read my blog post on how to set this up, [Traefik vs Nginx for Reverse Proxy with Docker on a Raspberry Pi](https://www.alexhyett.com/traefik-vs-nginx-docker-raspberry-pi)

docker-compose.traefik-ssl.yml

@@ -0,0 +1,31 @@
+version: '3.4'
+services:
+  traefik:
+    image: 'traefik:2.3'
+    container_name: 'traefik'
+    restart: 'unless-stopped'
+    ports:
+      - '80:80'
+      - '443:443'
+    volumes:
+      - '/var/run/docker.sock:/var/run/docker.sock:ro'
+      - './traefik-ssl/traefik.toml:/traefik.toml'
+      - './traefik-ssl/traefik_dynamic.toml:/traefik_dynamic.toml'
+      - './traefik-ssl/acme.json:/acme.json'
+    networks:
+      - pi
+
+  whoami:
+    image: 'traefik/whoami'
+    restart: 'unless-stopped'
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.whoami.rule=PathPrefix(`/whoami{regex:$$|/.*}`)'
+      - 'traefik.http.services.whoami.loadbalancer.server.port=80'
+      - 'traefik.http.routers.whoami.middlewares=simpleAuth@file'
+    networks:
+      - pi
+
+networks:
+  pi:
+    external: true

traefik-ssl/traefik.toml

@@ -0,0 +1,28 @@
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+    [entryPoints.web.http.redirections.entryPoint]
+      to = "websecure"
+      scheme = "https"
+
+  [entryPoints.websecure]
+    address = ":443"
+
+    [entryPoints.websecure.http.tls]
+      certResolver = "lets-encrypt"
+
+[api]
+  dashboard = true
+
+[certificatesResolvers.lets-encrypt.acme]
+  email = "youremailhere"
+  storage = "acme.json"
+  [certificatesResolvers.lets-encrypt.acme.tlsChallenge]
+
+[providers.docker]
+  watch = true
+  network = "web"
+  exposedByDefault = false
+
+[providers.file]
+  filename = "traefik_dynamic.toml"

traefik-ssl/traefik_dynamic.toml

@@ -0,0 +1,12 @@
+[http.middlewares.simpleAuth.basicAuth]
+  users = [
+    "admin:$apr1$86fC1Dr4$tDIyf.Zhg4z.NSf3uHY./."
+  ]
+
+[http.routers.api]
+  rule = "Host(`yourdomain.com`)"
+  entrypoints = ["web","websecure"]
+  middlewares = ["simpleAuth"]
+  service = "api@internal"
+  [http.routers.api.tls]
+    certResolver = "lets-encrypt"