This example shows a basic configuration of Traefik with a secure connection. I have added also examples for the needed configuration for some containers: grafana, Unifi controller, nodered and influxDB.
- A domain name, we assume for this example the domain
example.com
(access from internet and SSL certificate). - Cloudflare's account
- A working installation of
docker
anddocker-compose
- Port 80 and 443 are not used.
I suggest you migrate the domain to Cloudflare for the following reasons:
- hide your home IP address
- Dyndns provider (if your home IP change frequently)
- can provide an SSL certificate
If you chose Cloudflare or another DNS provider you need to add the follow CAA entry to DNS table
CAA example.com 0 issue letsencrypt.org
It defines that Let's Encrypt is allowed to generate a certificate for example.com
.
-
All the configurations are in the
docker-compose.yml
file. -
Copy from the root folder the
var.env
file and rename it in.env
. -
Change all the needed variables with the values of your case. The following list shows the needed for traefik and whoami test container:
DOMAIN #domain name
CLOUDFLARE_EMAIL #Cloudflare email account
CLOUDFLARE_API_KEY #Cloudflare API key
ACME_EMAIL #Reminder email for the generated certificate
- Create an empty
acme.json
file to store the certificates.
touch acme.json
chmod 600 acme.json
- Correct the directory where is the
acme.json
in thedocker-compose.yml
/volume1/docker/traefik/acme.json:/acme.json #change the /volume1/docker/traefik/ with your path
- Generate the traefik container with this command (maybe you need sudo).
docker-compose up -d reverse-proxy
- Generate the whoami container with this command (maybe you need sudo).
docker-compose up -d whoami
-
Try now to reach the whoami container
whoami.example.com
, you are prompted with a warning that the certificate is not valid. No problem! Check via the browser padlock if your certificate is issued by Let's Encrypt, if you have traefik than you have to wait (check the traefik log). Let's Encrypt has a staging server for test purposes that has fewer time limitations. -
If the certificate is from Let's Encrypt, you can now switch to the production server commenting the following line in the
docker-compose.yml
with the char#
.
- "--certificatesresolvers.certificato.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- Before launching the traefik container, delete e recreate the
acme.json
file
rm acme.json
touch acme.json
chmod 600 acme.json
- Relaunch the traefik with the command.
docker-compose up -d reverse-proxy
- Try now with different containers like
grafana
ornodered
.
docker-compose up -d xxx #change xx with grafana or nodered
If you find a problem in this guide or configurations files you can open an issue on GitHub. Thanks!