Created
August 13, 2020 18:45
-
-
Save BretFisher/ede260ba033fabb3993062ae6e766f58 to your computer and use it in GitHub Desktop.
docker compose with traefik and certs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| IFS=$'\n\t' | |
| DOMAIN_NAME=$1 | |
| openssl req \ | |
| -newkey rsa:2048 \ | |
| -x509 \ | |
| -nodes \ | |
| -keyout "$DOMAIN_NAME.key" \ | |
| -new \ | |
| -out "$DOMAIN_NAME.crt" \ | |
| -subj "/CN=*.$DOMAIN_NAME" \ | |
| -reqexts SAN \ | |
| -extensions SAN \ | |
| -config <(cat /etc/ssl/openssl.cnf \ | |
| <(printf "[SAN]\nsubjectAltName=DNS:*.%s, DNS:%s" "$DOMAIN_NAME" "$DOMAIN_NAME")) \ | |
| -sha256 \ | |
| -days 3650 | |
| cat "$DOMAIN_NAME.crt" "$DOMAIN_NAME.key" \ | |
| | tee "$DOMAIN_NAME.pem" | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "2.4" | |
| services: | |
| nginx: | |
| image: nginx | |
| labels: | |
| traefik.enable: true | |
| traefik.http.routers.nginx.rule: Host(`nginx.bret.lol`) | |
| traefik.http.routers.nginx.entrypoints: websecure | |
| traefik.http.routers.nginx.tls: true | |
| depends_on: | |
| traefik: | |
| condition: service_healthy | |
| traefik: | |
| image: "traefik:v2.2" | |
| healthcheck: | |
| test: | |
| - CMD | |
| - traefik | |
| - healthcheck | |
| interval: 10s | |
| timeout: 5s | |
| retries: 3 | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| - "8080:8080" | |
| volumes: | |
| - ./traefik.yaml:/etc/traefik/traefik.yaml | |
| - ~/.certs/:/certs/ | |
| - /var/run/docker.sock:/var/run/docker.sock |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## STATIC CONFIG (restart traefik to update) | |
| # shows you a log msg if a newer image tag can be used | |
| global: | |
| checkNewVersion: true | |
| # log default is ERROR, but WARN is more helpful | |
| log: | |
| level: WARN | |
| # level: INFO | |
| # enable dashboard on 8080 with auth | |
| api: | |
| insecure: true | |
| dashboard: true | |
| # enable ping so the `traefik healthcheck` works | |
| ping: {} | |
| # auto-proxy containers if they have proper labels | |
| # and also use this file for dynamic config (tls) | |
| providers: | |
| docker: | |
| exposedByDefault: false | |
| watch: true | |
| file: | |
| fileName: /etc/traefik/traefik.yaml | |
| watch: true | |
| # listen on 80/443, and redirect all 80 to 443 via 301 | |
| entryPoints: | |
| web: | |
| address: :80 | |
| http: | |
| redirections: | |
| entryPoint: | |
| to: websecure | |
| scheme: https | |
| permanent: true | |
| websecure: | |
| address: :443 | |
| ## DYNAMIC CONFIG | |
| tls: | |
| certificates: | |
| - certFile: /certs/bret.lol.crt | |
| keyFile: /certs/bret.lol.key | |
| # when testing certs, enable this so traefik doesn't use | |
| # it's own self signed. By default if it can't find a matching | |
| # cert, it'll just create it's own which will cause cert warnings | |
| # in browser | |
| # options: | |
| # default: | |
| # sniStrict: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment