Docker - Traefik
Page content
Intro
Following a Working Example how to get Traefik and a few Dummy Containers running on Docker. If you wanna have a bit advanced Example and put some Variables in a “.env” File, you may wanna check this Post.
Requirements
Linux Host with Docker see here, Public IP Adress and rechable Port 80 & 443
two FQDN pointing to your IP:
- traefik.yourdomain.de
- whoami.yourdomain.de
Docker Traefik Example
cat << EOF > docker-compose.yml
version: "3.3"
services:
traefik:
image: "traefik:v2.9"
container_name: "traefik"
command:
# Traefik Log
- "--log.level=DEBUG"
- "--log.filePath=/logs/traefik.log"
- "--api.insecure=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
# Access Log
- "--accesslog=true"
- "--accesslog.filePath=/logs/access.log"
# Prometheus metrics
## Enable prometheus metrics
- "--metrics.prometheus=true"
## Create a manual router instead of the default one.
- "--metrics.prometheus.manualrouting=true"
- "--metrics.prometheus.addrouterslabels=true"
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./logs/:/logs/"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`traefik.yourdomain.de`)"
- "traefik.http.routers.dashboard.entrypoints=web"
- "traefik.http.routers.dashboard.service=api@internal"
# Auth: dasboard/XXXXXXXX
- "traefik.http.routers.dashboard.middlewares=dashboard_auth"
- "traefik.http.middlewares.dashboard_auth.basicauth.users=dashboard:$$XXXXXXXXXXXXXXXXXXXX"
whoami:
image: "traefik/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.yourdomain.de`)"
- "traefik.http.routers.whoami.entrypoints=web"
EOF
Up
docker compose up -d
Redirect HTTP to HTTPS
replace [email protected], traefik.yourdomain.de and whoami.yourdomain.de with the appropriate Values …
cat << EOF > docker-compose.yml
version: "3.3"
services:
traefik:
image: "traefik:v2.9"
container_name: "traefik"
restart: always
command:
# Traefik Log
- "--log.level=DEBUG"
- "--log.filePath=/logs/traefik.log"
# Misc
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "[email protected]"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
# Access Log
- "--accesslog=true"
- "--accesslog.filePath=/logs/access.log"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
- "./logs/:/logs/"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik_https.rule=Host(`traefik.yourdomain.de`)"
- "traefik.http.routers.traefik_https.entrypoints=websecure"
- "traefik.http.routers.traefik_https.tls=true"
- "traefik.http.routers.traefik_https.tls.certResolver=myresolver"
- "traefik.http.routers.traefik_https.service=api@internal"
# Add Basic Auth: dashboard/XXXXXXXXX
- "traefik.http.routers.traefik_https.middlewares=dashboard_auth"
- "traefik.http.middlewares.dashboard_auth.basicauth.users=dashboard:$$XXXXXXXXXXXXXXXXXXXX"
whoami:
image: "traefik/whoami"
restart: always
deploy:
mode: replicated
replicas: 5
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.yourdomain.de`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
- "traefik.http.routers.whoami.middlewares=whoami-https"
- "traefik.http.middlewares.whoami-https.redirectscheme.scheme=https"
EOF
Scale Up
docker compose up -d --scale whoami=10
Scale Up Large
if you have enough RAM … you can go up to 256, or even 512 Instances (~6 GB RAM) …
docker compose up -d --scale whoami=512
Any Comments ?
sha256: feb2e9a539cd9af1675d4868b8bb2b704d3a1cd241170e9e6ee5510216876667