General way to get https

Traefik Traefik v2 (latest)
,
1

When I first set traefik up it was awesomely simple on docker swarm. Two labels on a service that wanted routing and all was good in the world.

But, and I don't know if Ive not read the docs properly, and/or these problems are solved and I'm just doing something wrong:-

  1. I thought there would be some way to turn https on generally so that just the two labels can be used for most configurations. But no, now every service needs to explicitly have configuration settings for two entry-points.

  2. I keep on having services in different stacks with identical traefik.http.router/service names interfere with each other. Its super annoying because its shared infrastructure and some team can now roll something out that effects another teams productivity unexpectedly.

  3. There seems no way to inhibit the error spam generated from having non traefik enabled services around, even if they are attached to different networks and have no traefik labels at all. exposedByDefault = false must be set, but then an extra label to enable traefik must be added to everything.

Is this as short as I can get the per service dynamic config:

    deploy:
      labels:
        traefik.enabled: "true"
        traefik.http.routers.cocos_cocos.rule: Host("creator.example.net")
        traefik.http.routers.cocos_cocos.entrypoints: web
        traefik.http.routers.cocos_cocos-tls.rule: Host("creator.example.net")
        traefik.http.routers.cocos_cocos-tls.entrypoints: websecure
        traefik.http.routers.cocos_cocos-tls.tls: "true"
        traefik.http.services.cocos_cocos.loadbalancer.server.port: 80
2

Hello,

You can use HTTP options to simplify your configuration:

version: '3.7'

services:

  traefik:
    image: traefik:v2.3.1
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    command:
      - --log.level=INFO
      - --api

      - --providers.docker.exposedbydefault=false
      
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https

      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
    labels:
      traefik.enable: 'true'

      # Dashboard
      traefik.http.routers.traefik.rule: Host(`traefik.localhost`)
      traefik.http.routers.traefik.service: api@internal

  # just to have xyz.localhost
  whoami:
    image: containous/whoami:v1.5.0
    labels:
      traefik.enable: 'true'

      traefik.http.routers.whoami.rule: Host(`xyz.localhost`)

version: '3.7'

services:

  traefik:
    image: traefik:v2.3.1
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    command:
      - --log.level=INFO
      - --api

      - --providers.docker.exposedbydefault=false
      
      - --entrypoints.web.address=:80

      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
    labels:
      traefik.enable: 'true'

      # Dashboard
      traefik.http.routers.traefik.rule: Host(`traefik.localhost`)
      traefik.http.routers.traefik.service: api@internal

  whoami:
    image: containous/whoami:v1.5.0
    labels:
      traefik.enable: 'true'

      traefik.http.routers.whoami.rule: Host(`xyz.localhost`)
1 Like
3

Oh. This is so much simpler. A one line move of tls=true to static config and suddenly I need to specify Hosts= only once.

4

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.