The docker-compose file is as follows:
Using traefik:latest
traefik compose file:
version: '3.5'
services:
traefik:
image: traefik:latest
container_name: traefik
networks:
- "traefikvnet"
command:
#- --api.insecure=true
- --api.dashboard=true
- --api.debug=true
- --providers.docker
# setup dynamic config directory as /config volume
- --providers.file.directory=/config
- --providers.file.watch=true
# setup http entrypoint on port 80
- --entrypoints.web.address=:80
# setup https entrypoint on port 9443
- --entrypoints.websecure.address=:443
#- --entrypoints.traefik.address=:8080
- --log.filePath=/logs/traefik.log
- --log.level=debug
- --log.format=json
- --accesslog=true
- --accesslog.filepath=/logs/access.log
- --accesslog.format=json
labels:
# catchall http -> https redirect
- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
- traefik.http.routers.http-catchall.entrypoints=web
- traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
- traefik.http.middlewares.redirect-to-https.redirectscheme.port=443
- traefik.http.routers.traefikapi.rule=Host(`traefik.local.net`)
- traefik.http.routers.traefikapi.service=api@internal
- traefik.http.routers.traefikapi.tls=true
#- traefik.http.routers.traefikapi.middlewares.auth.basicauth.users=test:mypasswordtoreplace
ports:
# http port
- "80:80"
# https port - backends to 443
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
# config volume from this repo as readonly
- ./config:/config:ro
# adding volume containing ssl certs
- ./certs:/certs:ro
# adding volume for log files
- ./logs:/logs
restart: always
networks:
traefikvnet:
external:
name: reverseproxyvnet
api-compose file
version: "3.5"
services:
myapi:
image: jaydevops/myapi:latest
env_file:
- "~/myapi/myenv.env"
networks:
- "traefikvnet"
labels:
- traefik.http.middlewares.myapistrip.stripprefix.prefixes=/myapi
- traefik.http.middlewares.myapistrip.stripprefix.forceslash=false
- traefik.enable=true
- traefik.http.routers.myapi.entrypoints=websecure
- traefik.http.routers.myapi.tls=true
- traefik.http.routers.myapi.rule=Host(`api.local.net`) && PathPrefix(`/myapi`)
- traefik.http.routers.myapi.middlewares=myapistrip
restart: always
networks:
traefikvnet:
external:
name: reverseproxyvnet
The examples works for subdomains that was built with no stripprfeix:
web. & logs.local.net
traefik.local.net/api/rawadata
traefik.local.net/dashboard/
I used the following example code to build the secured.
Using the same cert for all domains as found in the above example.
Ironically, the whoami example is displaying stripped path.
What would make nodejs application, php applications not work?
#StripPrefix #TLS