TCP and HTTP/s docker example

slim2k · December 17, 2020, 10:52am

I would like to use docker labels as much as possible without exposing private docker ports on explicitly enabled containers traefik.enable=true ..

Below, I'm just trying to get port 25 working before I expand to the other ports. I did include a port list hoping to prompt for feedback that would address the proper safe but minimal way to include those too.

So far, I have:

~/traefik$ docker-compose.yml

services:
  traefik:
    image: traefik:v2.3.5
    #...
    ports:
      - 80:80
      - 443:443
    volumes:
     # ...
      - ./traefik-data/traefik.yml:/traefik.yml:ro
networks:
  proxy:
    external: true

~/traefik$ traefik-data/traefik.yml

api:
  dashboard: true

entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure

  websecure:
    address: :443
    http:
      middlewares:
        - secureHeaders@file
      tls:
        certResolver: letsencrypt

  smtp:
    address: :25 # Todo: 465, 587, 110, 995, 143, 993 ?
# ...

~/traefik$ traefik-data/configurations/dynamic.yml

# Dynamic configuration
http:
  middlewares:
    secureHeaders:
      headers:
        # ... works

    user-auth:
      # ... works

tls:
  options:
    default:
      # ... works

# Is this needed?
#tcp:
#  services:
#    imap:
#      loadBalancer:
#        servers:
#        - address: ":25"

~/iredmail$ docker-compose.yml

And finally my container:

version: '3'
  
services:
  iredmail:
    #...
    labels:
      - traefik.enable=true
      - traefik.docker.network=proxy
      - traefik.http.routers.iredmail-secure.entrypoints=websecure
      - traefik.http.routers.iredmail-secure.rule=Host(`mail.my-domain.org`)
      - traefik.http.services.iredmail-web.loadbalancer.server.port=80

      - traefik.tcp.routers.iredmail-smtp.entrypoints=smtp
      - traefik.tcp.routers.iredmail-smtp.rule=HostSNI(`mail.my-domain.org`)
      - traefik.tcp.services.iredmail-smtp.loadbalancer.server.port=25

      - traefik.tcp.services.iredmail-smtps1.loadbalancer.server.port=465
      - traefik.tcp.services.iredmail-smtps2.loadbalancer.server.port=587
      - traefik.tcp.services.iredmail-pop1.loadbalancer.server.port=110
      - traefik.tcp.services.iredmail-pop2.loadbalancer.server.port=995
      - traefik.tcp.services.iredmail-imap1.loadbalancer.server.port=143
      - traefik.tcp.services.iredmail-imap2.loadbalancer.server.port=993
    networks:
      - proxy
      - default

I got this far thanks to https://dev.to/rafrasenberg/docker-container-management-with-traefik-v2-and-portainer-4in2 ..

I'm still pretty lost on how and were I need these ports and where I need to manually define the HTTP service when I add the TCP service.

Super cool project though, thank you. I can see it will all be worth it. Debugging tips are welcome.

Topic		Replies	Views
Info and installation improvement Traefik v2 (latest) docker , tcp	7	474	November 5, 2023
Traefik + Portainer Traefik v2 (latest) docker , tcp	3	1767	October 5, 2023
Traefik with TCP Routing for Postgres Docker Container Traefik v2 (latest) docker , file , tcp	0	419	May 2, 2022
Help wanted: HTTPS redirection with custom ports Traefik v2 (latest) docker , middleware	3	3985	February 1, 2021
Error while handling TCP connection Traefik v2 (latest) docker , metrics , tcp	7	1301	August 11, 2023

TCP and HTTP/s docker example

~/traefik$ docker-compose.yml

~/traefik$ traefik-data/traefik.yml

~/traefik$ traefik-data/configurations/dynamic.yml

~/iredmail$ docker-compose.yml

Related Topics