Docker - Traefik Advanced

2023-02-27 (Last Modified: 2023-02-27)

Linux

Page content

Intro

After a Basic Setup with fix Configuration, here an example where we put some Variables in a “.env” File.

Requirements:

Linux Host with Docker see here, Public IP Adress and rechable Port 80 & 443

two FQDN pointing to your IP:

traefik.yourdomain.de
whoami.yourdomain.de

Env Vars

let’s run the following Commands which generates a “.env” File. It will also create a User “dashboard” and ask you twice for the Password

echo 'domain="your.domain.de"'      > .env
echo 'traefik="traefik.${domain}"'  >> .env
echo 'whoami="whoami.${domain}"'    >> .env
echo 'mail="name@${domain}"'        >> .env
echo -n 'dashboardaccount="' >> .env; echo -n $(htpasswd -nB dashboard) |sed -e s/\\$/\\$\\$/g >> .env; echo '"' >> .env

.env

and here is the Content of my .env File.

domain="your.domain.de"
traefik="traefik.${domain}"
whoami="whoami.${domain}"
mail="name@${domain}"
dashboardaccount="dashboard:$$2y$$05$$nL3Vl5Ln8XCXZArq5oLbZeQ7ijrLf4k5Qlt9onLiOuteijdEcJ8qW"

Update docker-compose.yml

we can use this Variables in the Docker Compose File like this:

cat << 'EOF' > docker-compose.yml
version: "3.3"

services:
  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    restart: always
    command:
      # Traefik Log
      - "--log.level=DEBUG"
      - "--log.filePath=/logs/traefik.log"
      # Misc
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=${mail}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      # Access Log
      - "--accesslog=true"
      - "--accesslog.filePath=/logs/access.log"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./letsencrypt:/letsencrypt"
      - "./logs/:/logs/"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik_https.rule=Host(`${traefik}`)"
      - "traefik.http.routers.traefik_https.entrypoints=websecure"
      - "traefik.http.routers.traefik_https.tls=true"
      - "traefik.http.routers.traefik_https.tls.certResolver=myresolver"
      - "traefik.http.routers.traefik_https.service=api@internal"
      # Add Basic Auth: dashboard/what-ever-you-entered
      - "traefik.http.routers.traefik_https.middlewares=dashboard_auth"
      - "traefik.http.middlewares.dashboard_auth.basicauth.users=${dashboardaccount}"

  whoami:
    image: "traefik/whoami"
    restart: always
    deploy:
      mode: replicated
      replicas: 5
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`${whoami}`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
      - "traefik.http.routers.whoami.middlewares=whoami-https"
      - "traefik.http.middlewares.whoami-https.redirectscheme.scheme=https"
EOF

Up

Fireup the Docker Containers and give a try.

docker compose up -d

URL’s

you should get two public Containers running:

https://traefik.your.domain.de -> Login with dashboard/your-password
https://whoami.your.domain.de

Scale up

you can also Scale the Docker Images

docker compose up -d --scale whoami=10

and you will see on the URL, to which Container you got redirected …

Happy Docker !

Any Comments ?

sha256: 2bfede2be9c201a8d0736f459f06c1db7b1334837f43266090424d3896322017