Skip to content

dudegladiator/traefik-reverse-proxy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Traefik Reverse Proxy Setup

This repository demonstrates a practical implementation of Traefik as a reverse proxy with Docker, featuring automatic SSL certificate management through Let's Encrypt and Cloudflare integration.

Overview

Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. This setup includes:

  • Automatic SSL certificate generation and renewal
  • Docker integration
  • Cloudflare DNS integration
  • Secure headers configuration
  • HTTP to HTTPS redirection

Prerequisites

  • Docker and Docker Compose installed
  • A domain name configured with Cloudflare
  • Cloudflare API credentials

Directory Structure

traefik-reverse-proxy/
├── traefik-config/
│   ├── config/
│   │   ├── traefik.yml
│   │   ├── config.yml
│   │   └── acme.json
│   └── docker-compose.yml
└── docker-compose.yml

Setup Instructions

  1. First, create the required network for Docker:

    docker network create backend
  2. Set up the ACME (Let's Encrypt) configuration:

    touch traefik-config/config/acme.json
    chmod 600 traefik-config/config/acme.json
  3. Configure Cloudflare credentials:

    • Open traefik-config/docker-compose.yml
    • Update the following environment variables:
      CF_API_EMAIL: [email protected]
      CF_API_KEY: your_api_key  # or
      CF_DNS_API_TOKEN: your_dns_api_token
  4. Start the Traefik reverse proxy:

    docker compose -f traefik-config/docker-compose.yml up -d
    docker compose -f traefik-config/docker-compose.yml logs -f
  5. Deploy your application:

    docker compose up -d
    docker compose logs -f

Configuration Details

Main Application (docker-compose.yml)

The main application is configured with Traefik labels for:

  • Automatic HTTPS redirection
  • SSL certificate management
  • Secure headers
  • Load balancing

Traefik Configuration (traefik-config/docker-compose.yml)

The Traefik service is configured with:

  • Port mappings (80, 443)
  • Docker socket access
  • SSL certificate management
  • Cloudflare integration

Configuration Notes

  • Important: Before using this setup, make sure to change the email address in traefik-config/config/traefik.yml to your own email address. This email is used for Let's Encrypt SSL certificate notifications.

Why Traefik over Nginx?

Traefik offers several advantages over Nginx:

  1. Automatic Service Discovery: Traefik automatically detects new services and creates routes without manual configuration.
  2. Dynamic Configuration: No need to reload the proxy when configuration changes.
  3. Modern Dashboard: Built-in web UI for monitoring and management.
  4. Docker-First: Native Docker integration with automatic container discovery.
  5. Let's Encrypt Integration: Built-in automatic SSL certificate management.
  6. Middleware Support: Easy to add headers, authentication, and other middleware.
  7. Real-Time Configuration: Changes take effect immediately without service interruption.

Security Considerations

  • The acme.json file permissions are set to 600 to ensure only the owner can read/write
  • Secure headers are enabled by default
  • HTTP to HTTPS redirection is enforced
  • No new privileges are allowed for the container

Customization

To add more services, follow the pattern in the main docker-compose.yml:

  1. Add your service configuration
  2. Configure appropriate Traefik labels
  3. Connect to the backend network

Troubleshooting

  1. Check Traefik logs:

    docker logs traefik
  2. Verify network connectivity:

    docker network inspect backend
  3. Ensure all containers are running:

    docker ps

Contributing

Feel free to submit issues and enhancement requests!

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published