Skip to content

Latest commit

 

History

History
 
 

example_basic

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

Basic configuration of Traefik

This example shows a basic configuration of Traefik with a secure connection. I have added also examples for the needed configuration for some containers: grafana, Unifi controller, nodered and influxDB.

Getting Started

Prerequisites

  1. A domain name, we assume for this example the domain example.com (access from internet and SSL certificate).
  2. Cloudflare's account
  3. A working installation of docker and docker-compose
  4. Port 80 and 443 are not used.

Why Cloudflare

I suggest you migrate the domain to Cloudflare for the following reasons:

  • hide your home IP address
  • Dyndns provider (if your home IP change frequently)
  • can provide an SSL certificate

If you chose Cloudflare or another DNS provider you need to add the follow CAA entry to DNS table

CAA example.com   0 issue letsencrypt.org

It defines that Let's Encrypt is allowed to generate a certificate for example.com.

Installing

  1. All the configurations are in the docker-compose.yml file.

  2. Copy from the root folder the var.env file and rename it in .env.

  3. Change all the needed variables with the values of your case. The following list shows the needed for traefik and whoami test container:

DOMAIN              #domain name
CLOUDFLARE_EMAIL    #Cloudflare email account
CLOUDFLARE_API_KEY  #Cloudflare API key
ACME_EMAIL          #Reminder email for the generated certificate
  1. Create an empty acme.json file to store the certificates.
touch acme.json
chmod 600 acme.json
  1. Correct the directory where is the acme.json in the docker-compose.yml
/volume1/docker/traefik/acme.json:/acme.json  #change the /volume1/docker/traefik/ with your path
  1. Generate the traefik container with this command (maybe you need sudo).
docker-compose up -d reverse-proxy
  1. Generate the whoami container with this command (maybe you need sudo).
docker-compose up -d whoami
  1. Try now to reach the whoami container whoami.example.com, you are prompted with a warning that the certificate is not valid. No problem! Check via the browser padlock if your certificate is issued by Let's Encrypt, if you have traefik than you have to wait (check the traefik log). Let's Encrypt has a staging server for test purposes that has fewer time limitations.

  2. If the certificate is from Let's Encrypt, you can now switch to the production server commenting the following line in the docker-compose.yml with the char #.

- "--certificatesresolvers.certificato.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
  1. Before launching the traefik container, delete e recreate the acme.json file
rm acme.json
touch acme.json
chmod 600 acme.json
  1. Relaunch the traefik with the command.
docker-compose up -d reverse-proxy
  1. Try now with different containers like grafana or nodered.
docker-compose up -d xxx  #change xx with grafana or nodered

If you find a problem in this guide or configurations files you can open an issue on GitHub. Thanks!