I would like to use docker labels as much as possible without exposing private docker ports on explicitly enabled containers traefik.enable=true
..
Below, I'm just trying to get port 25 working before I expand to the other ports. I did include a port list hoping to prompt for feedback that would address the proper safe but minimal way to include those too.
So far, I have:
~/traefik$ docker-compose.yml
services:
traefik:
image: traefik:v2.3.5
#...
ports:
- 80:80
- 443:443
volumes:
# ...
- ./traefik-data/traefik.yml:/traefik.yml:ro
networks:
proxy:
external: true
~/traefik$ traefik-data/traefik.yml
api:
dashboard: true
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
websecure:
address: :443
http:
middlewares:
- secureHeaders@file
tls:
certResolver: letsencrypt
smtp:
address: :25 # Todo: 465, 587, 110, 995, 143, 993 ?
# ...
~/traefik$ traefik-data/configurations/dynamic.yml
# Dynamic configuration
http:
middlewares:
secureHeaders:
headers:
# ... works
user-auth:
# ... works
tls:
options:
default:
# ... works
# Is this needed?
#tcp:
# services:
# imap:
# loadBalancer:
# servers:
# - address: ":25"
~/iredmail$ docker-compose.yml
And finally my container:
version: '3'
services:
iredmail:
#...
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.http.routers.iredmail-secure.entrypoints=websecure
- traefik.http.routers.iredmail-secure.rule=Host(`mail.my-domain.org`)
- traefik.http.services.iredmail-web.loadbalancer.server.port=80
- traefik.tcp.routers.iredmail-smtp.entrypoints=smtp
- traefik.tcp.routers.iredmail-smtp.rule=HostSNI(`mail.my-domain.org`)
- traefik.tcp.services.iredmail-smtp.loadbalancer.server.port=25
- traefik.tcp.services.iredmail-smtps1.loadbalancer.server.port=465
- traefik.tcp.services.iredmail-smtps2.loadbalancer.server.port=587
- traefik.tcp.services.iredmail-pop1.loadbalancer.server.port=110
- traefik.tcp.services.iredmail-pop2.loadbalancer.server.port=995
- traefik.tcp.services.iredmail-imap1.loadbalancer.server.port=143
- traefik.tcp.services.iredmail-imap2.loadbalancer.server.port=993
networks:
- proxy
- default
I got this far thanks to https://dev.to/rafrasenberg/docker-container-management-with-traefik-v2-and-portainer-4in2 ..
I'm still pretty lost on how and were I need these ports and where I need to manually define the HTTP service when I add the TCP service.
Super cool project though, thank you. I can see it will all be worth it. Debugging tips are welcome.