WordPress With HTTPS Example

wordpress-traefik-compose.yml

version: '3'

networks:
  reverse-proxy: {}
  wp-test: {}

volumes:
  wp-test-db: {}

services:
  reverse-proxy:
    image: traefik:v2.0
    restart: always
    ports:
      - "8080:8080"
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./certs:/certs # directory to store letsEncrypt certs
    networks:
      - reverse-proxy
    command:
      # API SETTINGS
      - --api.insecure=true # enable the (insecure) API
      - --api.dashboard=true # enable the dashboard
      # LOG SETTINGS
      - --log.level=DEBUG # most extensive logging
      # PROVIDER SETTINGS
      - --providers.docker # use docker (as opposed to kubernetes, etc.)
      - --providers.docker.exposedByDefault=false # ignore containers unless they're specially labled
      - --providers.docker.network=reverse-proxy # docker network to look for containers in
      # ENTRYPOINTS
      - --entrypoints.insecure.address=:80 # listen on port 80
      - --entrypoints.secure.address=:443 # listen on port 443
      # AUTOMAGICALLY GENERATE LETSENCRYPT CERTIFICATES
      # WARNING: LETS ENCRYPT CAN ONLY VALIDATE ICANN TLDS, THUS *.test WILL ERROR & BE INVALID
      # - [email protected]
      # - --certificatesResolvers.le.acme.storage=/certs/acme.json
      # - --certificatesResolvers.le.acme.httpChallenge.entryPoint=insecure
    labels:
      # PRETTY URL FOR TRAEFIK DASHBOARD
      - "traefik.enable=true" # enable host routing for dashboard
      - "traefik.http.routers.traefik.rule=Host(\"traefik.test\")" # set url for dashboard
      - "traefik.http.routers.traefik.service=api@internal" # point the router at the dashboard backend, not frontend
      # HTTP > HTTPS REDIRECT MIDDLEWARE
      - "traefik.http.middlewares.secure-redirect.redirectscheme.scheme=https"
      # PROVIDED OWN CERTIFICATES
      # - "traefik.https.routers.secure.tls.certificates.certFile=\"/certs/test.crt\"" # specify own cert
      # - "traefik.https.routers.secure.tls.certificates.keyFile=\"/certs/test.key\"" #specify own key
  wp-test:
    image: wordpress:latest
    restart: always
    depends_on:
      - wp-test-db
    volumes:
      - ./src:/var/www/html
    networks:
      - reverse-proxy # traefik needs to be able to send requests to this container
      - wp-test # this container, but not traefik, needs to be able to talk to the db
    environment:
      WORDPRESS_DB_HOST: wp-test-db
      WORDPRESS_DB_USER: wp-test-user
      WORDPRESS_DB_PASSWORD: wp-test-pass
      WORDPRESS_DB_NAME: wp-test-db
    labels:
      - "traefik.enable=true" # traefik should handle this container
      - "traefik.http.routers.insecure.rule=Host(\"wp.test\", \"www.wp.test\")" # traefik should handle this container
      - "traefik.http.routers.insecure.entrypoints=insecure" # listen for HTTP
      - "traefik.http.routers.insecure.middlewares=secure-redirect" # redirect to https
      - "traefik.https.routers.secure.rule=Host(\"wp.test\", \"www.wp.test\")" # traefik should handle this container
      - "traefik.https.routers.secure.entrypoints=secure" # listen for HTTPS
      # - "traefik.https.routers.secure.tls.certResolver=le" # use letsEncrypt to certify
  wp-test-db:
    image: mysql:5.7
    restart: always
    networks:
      - wp-test # this container can talk to the wp-test container, but is secure from traefik traffic
    volumes:
      - wp-test-db:/var/lib/mysql
    environment:
      MYSQL_DATABASE: wp-test-db
      MYSQL_USER: wp-test-user
      MYSQL_PASSWORD: wp-test-pass
      MYSQL_ROOT_PASSWORD: root