docker-compose.yml
version: '3.7'
services:
reverse-proxy:
image: traefik:v2.1.2
command:
--providers.docker
--providers.docker.exposedbydefault=false
--providers.docker.swarmmode=true
--entryPoints.http.address=:80
--entryPoints.https.address=:443
--entryPoints.mysql.address=:3306
--accesslog
--log.level=INFO
--api=true
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/cert:/certs/
- /var/config:/config/
deploy:
mode: global
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.routers.traefikRouter.rule=Host(`traefik.bpmspace.net`)
- traefik.http.routers.traefikRouter.tls=true
- traefik.http.routers.traefikRouter.service=api@internal
- traefik.http.routers.traefikRouter.entrypoints=https
- traefik.http.services.justAdummyService.loadbalancer.server.port=1337
networks:
- proxy-net
networks:
proxy-net:
external: true
The certificates definition:
/config/tls.yml
tls:
certificates:
- certFile: /certs/wildcard.bpmspace.net.certificate.crt
keyFile: /certs/wildcard.bpmspace.net.key
or
/config/tls.toml
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"