Hello guys, maybe it's a stupid question but I lost my head trying to figure how to run letsencrypt for singe domain, but with docker run command? When I run those double dash commands -- I'm getting unknown flag: --entryPoints.web.address . Should I run those as -e? Is it even possible to avoid dockerfile? Thank u
I hated compose files for a long time, too, but as soon as you have more services or complex parameters they do make sense 
Traefik works with CLI, share your full command.
To get started with compose, check simple Traefik example. The example also uses CLI commands inside compose file.
If you "just" want to create TLS certs, I would check out certbot.
If you want a most simple reverse proxy with LetsEncrypt, check nginx-proxy and companion. That’s what I started with, when still using docker run.
LOL same here, thanks for reaching out. Yesterday I decided to take a leap so I made (not dockerfile edited) compose file but still getting this error:
ERR Router uses a nonexistent certificate resolver certificateResolver=myresolver routerName=myapp@docker
Just to mention that I've created acme.json with touch command and gave it 600 permission. I read somewhere that this could be an issue, but if I don't create it, when I run compose file - folder acme.json is made instead.
Another thing is 'traefik.http.services.myapp.loadbalancer.server.port=8082' I'm not sure if this gonna work with letsencrypt.
HTTP routhing works without problem, 0 errors and everything is reachable, even with this file I don't have errors in traefik dashboard and green shield TLS icon next to my domain. Just cetrs are missing and acme.json is always empty
services:
traefik:
container_name: traefik
networks:
- mynet
command:
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=my@email.com"
- "--certificatesresolvers.myresolver.acme.storage=/home/user/letsencrypt/acme.json"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
ports:
- 443:443
- 80:80
- 8080:8080
volumes:
- /home/user/traefik.yml:/etc/traefik/traefik.yml:ro
- /var/run/docker.sock:/var/run/docker.sock
- /home/user/letsencrypt/acme.json:/acme.json
restart: always
image: traefik:latest
myapp:
networks:
- mynet
container_name: myapp
hostname: myapp
restart: unless-stopped
ports:
- 8082:8082
- 5000-5150:5000-5150
- 5000-5150:5000-5150/udp
volumes:
- /home/user/myapp/logs:/opt/myapp/logs:rw
- /home/user/myapp/myapp.xml:/opt/myapp/conf/myapp.xml:ro
- /home/user/myapp/data:/opt/myapp/data:rw
labels:
- 'traefik.http.routers.myapp.rule=Host(`sub.testdomain.com`)'
- 'traefik.http.services.myapp.loadbalancer.server.port=8082'
- 'traefik.http.routers.myapp.tls=true'
- 'traefik.http.routers.myapp.tls.certresolver=myresolver'
image: myapp:latest
networks:
mynet:
external: true
name: mynet
Yes I'm familiar, but decided to try traefik this time. I like it so far, just to figure HTTPS
This is a compose file for running Docker images. A Dockerfile is used to build images.
I personally prefer to assign the certResolver globally to entrypoint, saves a lot of labels. Compare to simple Traefik example.
Usually only Traefik uses ports:, as all other services should not open ports externally, potentially circumventing Traefik security middlewares.
1 Like
Great info, will work on this. Thanks a lot! 
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.