Hi guys, I'm an nginx user for years and would want to try traefik but I cannot seems to get a single container proxied properly.
Basically, what I want to have dashboard.example.xyz to host the dashboard over HTTPS, protect it with basic auth.
Then admin.example.xyz to expose a node container which uses port 3000. This is Windows containers, but linux example might work for my case. TIA
version: '3.8'
services:
traefik:
image: traefik:windowsservercore-1809
deploy:
#placement:
# constraints:
# # Make the traefik service run only on the node with this label
# # as the node with it has the volume for the certificates
# - node.labels.traefik-public.traefik-public-certificates == true
labels:
# Enable Traefik for this service, to make it available in the public network
- traefik.enable=true
# Use the traefik-public network (declared below)
- traefik.docker.network=proxy
# Use the custom label "traefik.constraint-label=traefik-public"
# This public Traefik will only use services with this label
# That way you can add other internal Traefik instances per stack if needed
#- traefik.constraint-label=traefik-public
# admin-auth middleware with HTTP Basic auth
# Using the environment variables USERNAME and HASHED_PASSWORD
- traefik.http.middlewares.admin-auth.basicauth.users=admin:$password
# https-redirect middleware to redirect HTTP to HTTPS
# It can be re-used by other stacks in other Docker Compose files
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
# traefik-http set up only to use the middleware to redirect to https
# Uses the environment variable DOMAIN
- traefik.http.routers.website.rule=Host(`dashboard.example.xyz`)
- traefik.http.routers.website.entrypoints=http
- traefik.http.routers.website.middlewares=https-redirect
# traefik-https the actual router using HTTPS
# Uses the environment variable DOMAIN
- traefik.http.routers.traefik-public-https.rule=Host(`dashboard.example.xyz`)
- traefik.http.routers.traefik-public-https.entrypoints=https
- traefik.http.routers.traefik-public-https.tls=true
# Use the special Traefik service api@internal with the web UI/Dashboard
- traefik.http.routers.traefik-public-https.service=api@internal
# Use the "le" (Let's Encrypt) resolver created below
- traefik.http.routers.traefik-public-https.tls.certresolver=le
# Enable HTTP Basic auth, using the middleware created above
#- traefik.http.routers.traefik-public-https.middlewares=admin-auth
# Define the port inside of the Docker service to use
- traefik.http.services.traefik-public.loadbalancer.server.port=8080
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker
# Add a constraint to only use services with the label "traefik.constraint-label=traefik-public"
#- --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
# Do not expose all Docker services, only the ones explicitly exposed
#- --providers.docker.exposedbydefault=true
# Enable Docker Swarm mode
- --providers.docker.swarmmode
# Create an entrypoint "http" listening on port 80
- --entrypoints.http.address=:80
# Create an entrypoint "https" listening on port 443
- --entrypoints.https.address=:443
# Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL
- --certificatesresolvers.le.acme.email='example@gmail.com'#$EMAIL
# Store the Let's Encrypt certificates in the mounted volume
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
# Use the TLS Challenge for Let's Encrypt
- --certificatesresolvers.le.acme.tlschallenge=true
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Enable the Dashboard and API
- --api.insecure=true
# Docker engine
- --providers.docker.endpoint=npipe:////./pipe/docker_engine
ports:
- "8080:8080" # Please read: https://docs.traefik.io/configuration/api/#security 15
- "443:443"
- "80:80"
#isolation: process # workaround for https://github.com/containous/traefik/issues/4409 33
volumes:
- type: npipe
source: '\\.\pipe\docker_engine'
target: '\\.\pipe\docker_engine'
networks:
- proxy
admin:
image: bauson/com:win-node
deploy:
replicas: 1
networks:
- proxy
labels:
- "traefik.http.routers.admin.rule=Host(`admin.example.xyz`)"
- "traefik.enable=true"
- "traefik.http.routers.admin.entrypoints=admin"
- "traefik.http.routers.admin.rule=Method(`GET`,`POST`,`DELETE`)"
- "traefik.http.services.admin.loadBalancer.sticky.cookie=true"
- "traefik.http.services.admin.loadBalancer.sticky.cookie.name=sb_instance"
- "traefik.http.services.admin.loadbalancer.server.port=3000"
networks:
proxy:
external: true