Scp/ssh with Traefik?

I want to copy some files to the host with scp.

Is this possible with Traefik and if so how do I do it?

endpoint ???

version: "3.3"

services:
  traefik:
    image: "traefik:v2.10"
    container_name: "traefik"

    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.auth.basicauth.users=user1:$$.......,user2:$$......."
      - "traefik.http.routers.traefik.rule=Host(`traefik.mrifx.com`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.middlewares=auth"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver"

    command:
      - "--api.dashboard=true"
      - "--log.level=DEBUG"
      #- "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"

      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"

      ### Force http to https redirect
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.permanent=true

      ### LE SSL Certs
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=postmaster@MyDomain.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"

    environment:
      - CLOUDFLARE_EMAIL=MyEmail@gmail.com
      - CLOUDFLARE_DNS_API_TOKEN=.......
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
  nginx:
    image: nginx:latest
    container_name: web-serv
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.web.rule=Host(`web.MyDomain.com`)"
      - "traefik.http.routers.web.entrypoints=websecure"
      - "traefik.http.routers.web.tls.certresolver=myresolver"
    # ports:
    #   - 80:80
    #   - 443:443
    volumes:
      - ./wordpress:/var/www/wordpress
      - ./websites:/var/www/websites
      - ./conf.d:/etc/nginx/conf.d
  mysql:
    image: mysql:latest
    container_name: db-serv
    environment:
      MYSQL_DATABASE: wpdb
      MYSQL_USER: wpuser
      MYSQL_PASSWORD: secret
      MYSQL_ROOT_PASSWORD: secret
    volumes:
      - ./dbdata:/var/lib/mysql
  php-fpm:
    image: bitnami/php-fpm:latest
    container_name: php-fpm
    volumes:
      - ./wordpress:/var/www/wordpress
  ssh-serv:
    image: debian:bookworm-slim
    container_name: ssh-serv
    tty: true # keep container running
    ports:
      - 2222:22
    volumes:
      - ./wordpress:/var/www/wordpress
volumes:
  dbdata:
  wordpress:
  websites:
  conf.d:
 

I don’t think Traefik includes a SSH server. But you can reverse proxy a SSH connection through Traefik to another target service/container like debian.

1 Like