Hi,
I've been trying to set up a dev/prod env on a bare metal hosted server, using Traefik as the reverse proxy in a Docker Swarm setup.
I've been able to set up the Traefik with Lets Encrypt SSL and I have been able to reach services/containers exposed to the internet using sub.domain.com:port, but I want to be able to route through my Traefik using service.sub.domain.com and reach different services. For example portainer.sub.domain.com. I've not yet managed to do this.
Preferably I would be able to do it using a wildcard cert for all current and incoming services in the swarm.
I've been scratching my head for some days now as I'm quite new to Docker Swarm and Traefik and this type of setup. Any help and or tips would be greatly appreciated!
The compose file thus far:
version: '3.9'
networks:
traefik-swarm:
external: true
services:
traefik:
image: "traefik:v2.6"
networks:
- traefik-swarm
# - proxy
command:
# - "--providers.docker.endpoint=tcp://socket-proxy:2375"
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedByDefault=false"
- "--providers.docker.network=traefik-swarm"
- "--log.level=INFO"
- "--api.insecure=true"
- "--api.dashboard=true"
# - "--log=true"
# - "--log.level=WARN" # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
# - "--accessLog=false"
# - "--accessLog.filePath=/traefik.log"
# - "--accessLog.bufferingSize=100" # Configuring a buffer of 100 lines
# - "--accessLog.filters.statusCodes=400-499"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
# - --entrypoints.websecure.http.tls.domains[0].main=sub.domain.com
# - --entrypoints.websecure.http.tls.domains[0].sans=*.sub.domain.com
- "--certificatesresolvers.le.acme.httpchallenge=true"
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.le.acme.email=email"
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
- "--certificatesResolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory"
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- target: 8080
published: 8080
protocol: tcp
mode: host
deploy:
update_config:
parallelism: 1
delay: 10s
mode: global
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`traefik.sub.domain.com`)"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
- "traefik.http.services.traefik.loadbalancer.server.port=80"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.tls.certresolver=le"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.entrypoints=websecure"
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
volumes:
# - "./certs/:/etc/ssl/:ro"
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
networks:
- traefik-swarm
image: "traefik/whoami"
command:
- "--port=82"
ports:
- "82:82"
deploy:
restart_policy:
condition: on-failure
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.sub.domain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami.tls.certresolver=le"
- "traefik.http.services.whoami.loadbalancer.server.port=82"```
Thanks!