Traefik

Mise en place du container :

docker-compose.yaml

version: "3"

services:
  traefik:
    image: traefik:1.7
    container_name: traefik
    domainname: traefik.duckdns.org
    hostname: traefik
    restart: always
    ports:
      - "20080:80"
      - "20443:443"
      - "8080:8080"
    environment:
      - DUCKDNS_TOKEN=<YOUR_TOKEN>
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/home/gano/docker/traefik/traefik:/etc/traefik"
      - "/home/gano/docker/traefik/shared:/shared"
    networks:
      - default
      - traefik-network
    labels:
      - "traefik.enable=true"
      - "traefik.backend=traefik"
      - "traefik.frontend.rule=Host:traefik.duckdns.org"
      - "traefik.port=8080"
      - "traefik.docker.network=traefik-network"
      - "docker.network=traefik-network"
networks:
  traefik-network:
    external: true
  default:
    driver: bridge

servers.toml pour les backends non containerisés :


loglevel = "ERROR"

[frontends]
    [frontends.server1]
        backend = "server1"
        [frontends.server1.routes.domain]
            rule = "Host:server1.duckdns.org"
    [frontends.server2]
        backend = "server2"
        [frontends.server2.routes.domain]
            rule = "Host:server2.duckdns.org"

[backends]
    [backends.server1]
        [backends.server1.servers.server1]
            url = "https://192.168.3.211:5001"
    [backends.server2]
        [backends.server2.servers.server2]
            url = "http://192.168.3.24:32400"

fichier traefik.toml

debug = false

logLevel = "ERROR" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC
InsecureSkipVerify = true
defaultEntryPoints = ["https", "http"]

# WEB interface of Traefik - it will show web page with overview of frontend and backend configurations
[api]
  entryPoint = "traefik"
  dashboard = true
  address = ":8888"

# Force HTTPS
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

#[file]
#  watch = true
#  filename = "/etc/traefik/rules.toml"

# Let's encrypt configuration
[acme]
email = "your_email@gmail.com" #any email id will work
storage="/etc/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging=true
onDemand = false #create certificate when container is created

# Use this for subdomains
[acme.dnsChallenge]
  provider = "duckdns"
  delayBeforeCheck = 300
[[acme.domains]]
   main = "server1.duckdns.org"
[[acme.domains]]
   main = "*.server1.duckdns.org"
[[acme.domains]]
   main = "server2.duckdns.org"
[[acme.domains]]
   main = "*.server2.duckdns.org"
[[acme.domains]]
   main = "server3.duckdns.org"
[[acme.domains]]
   main = "*.server3.duckdns.org"


# Use this for subfolders
#onHostRule = true
#  # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
#  [acme.httpChallenge]
#  entryPoint = "http"

[file]
  watch = true
  filename = "/etc/traefik/servers.toml"

# Connection to docker host system (docker.sock)
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "traefik.duckdns.org"
watch = true
# This will hide all docker containers that don't have explicitly
# set label to "enable"
exposedbydefault = false

Ajout des labels pour le backend contenairisé server3.duckdns.org :

Dans le docker-compose.yaml on ajoute les labels de manière à se connecter à Traefik.
On oublie pas d'utiliser le meme reseau defini dans le docker-compose de traefik

version: '3.1'
services:
  ghost:
    image: ghost:latest
    restart: always
    ports:
      - 2368:2368
    environment:
      - url=https://server3.duckdns.org
      - GHOST_URL=https://server3.duckdns.org
      - NODE_ENV=production
    labels:
     - "traefik.enable=true"
     - "traefik.backend=Server3"
     - "traefik.frontend.rule=Host:server3.duckdns.org"
     - "traefik.port=2368"
     - "traefik.docker.network=traefik-network"
     - "traefik.frontend.headers.SSLRedirect=true"
     - "traefik.frontend.headers.STSSeconds=315360000"
     - "traefik.frontend.headers.browserXSSFilter=true"
     - "traefik.frontend.headers.contentTypeNosniff=true"
     - "traefik.frontend.headers.forceSTSHeader=true"
     - "traefik.frontend.headers.SSLHost=monsite.duckdns.org"
     - "traefik.frontend.headers.STSIncludeSubdomains=true"
     - "traefik.frontend.headers.STSPreload=true"
     - "traefik.frontend.headers.frameDeny=true"
    volumes:
      - /home/gano/docker/ghost_data:/var/lib/ghost/content:rw
    networks:
     - traefik-network
networks:
  traefik-network:
    external: true

"traefik.backend=Server3" : le nom du backend
"traefik.frontend.rule=Host:server3.duckdns.org" : le virualhost sur lequel va pointer le backend
"traefik.port=2368" : le port d'ecoute du backend

Traefik
Share this