I am using the below traefik docker compose for reverse proxy. I don't quite understand everything from it at the moment. Just came up with it from a bunch of tutorials. Just wanted to ensure that i am not using anything unwanted in my config or maybe something that could be further added to improve security/performance ?
traefik:
image: traefik:v3.0
container_name: traefik
restart: unless-stopped
command:
- --global.sendanonymoususage=false
- --api=true
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.asDefault=true
- --entrypoints.websecure.http.tls=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --providers.file.filename=/traefik/config.toml
- --log.level=DEBUG
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/letsencrypt:/etc/letsencrypt
- /opt/containers/traefik:/traefik
labels:
- traefik.enable=true
- traefik.http.routers.traefik.rule=Host(`traefik.xd003.site`)
- traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.middlewares=authtraefik
- traefik.http.middlewares.authtraefik.basicauth.users=user:pass
config.toml just contains the path to my certFile & keyFile generated by certbot
whichever docker container, i want to reverse proxy, i just add the following to the label section of docker compose for that particular container
- traefik.enable=true
- traefik.http.routers.container.rule=Host(`$subdomain.domain.com`)
- traefik.http.services.container.loadbalancer.server.port=port