I wanted to post some success I had setting up Traefik v2 with Let's Encrypt with http --> https using Docker. Take a look. It works AWESOME!
1 Like
Hello,
thank you for sharing your positive feedback 
I would suggest some simplifications:
version: "3.4"
services:
traefik:
image: "traefik"
container_name: "traefik"
restart: unless-stopped
security_opt:
- no-new-privileges:true
command:
- "--api=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=true"
- "--metrics.prometheus=true"
- "--accesslog=true"
- "--accesslog.filepath=/opt/traefik/access.log"
- "--global.sendAnonymousUsage=true"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesResolvers.mytlschallenge.acme.httpChallenge=true"
- "--certificatesResolvers.mytlschallenge.acme.httpChallenge.entryPoint=web"
- "--certificatesresolvers.mytlschallenge.acme.email=XXXXXXXXX"
- "--certificatesresolvers.mytlschallenge.acme.storage=/opt/traefik/acme.json"
labels:
# Dashboard
- "traefik.http.routers.dashboard.rule=Host(`dashboard.andyc.info`)"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.servvice=api@internal"
- "traefik.http.routers.dashboard.tls.certresolver=mytlschallenge"
- "traefik.http.routers.dashboard.middlewares=https-auth"
# global redirect HTTPS
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{any:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
# middleware: Redirect HTTP->HTTPS
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
# middleware: Basic Auth
- "traefik.http.middlewares.https-auth.basicauth.users=admin:$$apr1$$XXXXXXXXXXXXXXXX"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/opt/traefik/:/opt/traefik/"
andyc:
image: nginx:alpine
container_name: "andyc"
restart: unless-stopped
security_opt:
- no-new-privileges:true
labels:
- "traefik.http.routers.andyc.rule=Host(`andyc.info`, `clemenko.net`, `clemenko.com`, `shirtmullet.com`)"
- "traefik.http.routers.andyc.entrypoints=websecure"
- "traefik.http.routers.andyc.tls.certresolver=mytlschallenge"
volumes:
- "/home/andyc/html/:/usr/share/nginx/html/:ro"
- "/home/andyc/default.conf:/etc/nginx/conf.d/default.conf:ro"
- "/home/andyc/logs/:/var/log/nginx/"
wavfd:
image: httpd:cgi
container_name: "wavfd"
restart: unless-stopped
security_opt:
- no-new-privileges:true
labels:
- "traefik.http.routers.wavfd.rule=Host(`wavfd.org`, `www.wavfd.org`)"
- "traefik.http.routers.wavfd.entrypoints=websecure"
- "traefik.http.routers.wavfd.tls.certresolver=mytlschallenge"
volumes:
- "/home/wavfd/html/:/usr/local/apache2/htdocs/:ro"
- "/home/wavfd/httpd.conf:/usr/local/apache2/conf/extra/httpd-vhosts.conf:ro"
kennyclamp:
image: httpd:cgi
container_name: "kennyclamp"
restart: unless-stopped
security_opt:
- no-new-privileges:true
labels:
- "traefik.http.routers.kenny.rule=Host(`kennyclamp.com`, `www.kennyclamp.com`)"
- "traefik.http.routers.kenny.entrypoints=websecure"
- "traefik.http.routers.kenny.tls.certresolver=mytlschallenge"
volumes:
- "/home/kennyclamp/html/:/usr/local/apache2/htdocs/:ro"
- "/home/kennyclamp/httpd.conf:/usr/local/apache2/conf/extra/httpd-vhosts.conf:ro"
That looks SO much better. Let me play with it!
FYI the new version works great!
1 Like