If you have a valid acme.json
, you can copy it around and have Traefik use it. Be aware the LE certificates expire after around 90 days.
In general you can not use LetsEncrypt with localhost
. LE will try to verify your domain name and the IP, and of course it can't reach your localhost
to do that.
Here is a workin example docker-compose.yml
with Traefik, dashboard, LetsEncrypt, LE certs stored on host, http->https and www redirect - and a service:
#docker-compose.yml
version: '3.9'
services:
traefik:
image: traefik:v2.9
ports:
- published: 80
target: 80
protocol: tcp
mode: host
- published: 443
target: 443
protocol: tcp
mode: host
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /root/traefik-certificates:/traefik-certificates
command:
--providers.docker=true
--providers.docker.network=proxy
--providers.docker.exposedByDefault=false
--entryPoints.web.address=:80
--entryPoints.web.http.redirections.entryPoint.to=websecure
--entryPoints.web.http.redirections.entryPoint.scheme=https
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls=true
--api.debug=true
--api.dashboard=true
--log.level=DEBUG
--accesslog=true
--certificatesResolvers.myresolver.acme.email=mail@example.com
--certificatesResolvers.myresolver.acme.tlschallenge=true
--certificatesResolvers.myresolver.acme.storage=/traefik-certificates/acme.json
labels:
- traefik.enable=true
- traefik.http.routers.mydashboard.entrypoints=websecure
- traefik.http.routers.mydashboard.rule=Host(`traefik.example.com`) || Host(`www.traefik.example.com`)
- traefik.http.routers.mydashboard.tls.certresolver=myresolver
- traefik.http.routers.mydashboard.service=api@internal
- traefik.http.routers.mydashboard.middlewares=myauth,mywwwremove
- traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/
- traefik.http.middlewares.mywwwremove.redirectregex.regex=^https://www\.(.*)
- traefik.http.middlewares.mywwwremove.redirectregex.replacement=https://$${1}
- traefik.http.services.dummy-svc.loadbalancer.server.port=9999
whoami:
image: traefik/whoami:v1.8
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.mywhoami.entrypoints=websecure
- traefik.http.routers.mywhoami.rule=Host(`example.com`) || Host(`www.example.com`)
- traefik.http.routers.mywhoami.tls.certresolver=myresolver
- traefik.http.routers.mywhoami.middlewares=mywwwremove
- traefik.http.services.mywhoami.loadbalancer.server.port=80
networks:
proxy:
name: proxy
driver: overlay
attachable: true
- Note that the rule must include both host names (
example.com
,www.example.com
) - Not sure
docker compose
will automatically create the network if not in Swarm mode