-
-
Save cpxPratik/ec344474805970a59932cdc489c35c51 to your computer and use it in GitHub Desktop.
Docker + Traefik v1.7 and 2.0 + Let's Encrypt + Github Repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Docker + Traefik + Let's Encrypt + Github Repository | |
| Using: | |
| - Ubuntu 19.04 | |
| - Docker Engine 19.03 | |
| - Docker Compose 1.25.0-rc2 | |
| - Traefik v1.7.18 with dnsChallenge | |
| - Traefik v2.0.1 with httpChallenge | |
| -- | |
| - Github Registry | |
| - Let's Encrypt | |
| 1. Create a Ubuntu Droplet | |
| 1.1. You can create a Docker pre-installed Ubuntu too | |
| 2. Add domain to the Droplet -> yourdomain.com | |
| 2.1 Create A record for the Droplet -> @ for Droplet IP OR Change DNS on your domain provider | |
| 3. Connect to Ubuntu CLI | |
| 4. Install Docker | |
| 4.1. curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - | |
| 4.2. sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable edge" | |
| 4.3. sudo apt-get update | |
| 4.4 apt-cache policy docker-ce | |
| 4.5 sudo apt-get install -y docker-ce | |
| 4.6 sudo systemctl status docker | |
| 5. Run your first image -> docker run doxalabs/hello-world | |
| 6. Install docker-compose | |
| 6.1. sudo curl -L "https://github.com/docker/compose/releases/download/1.25.0-rc2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
| 6.2. sudo chmod +x /usr/local/bin/docker-compose | |
| 6.3. sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose | |
| 6.3. docker-compose --version | |
| 7. Go to /etc Folder | |
| 8. Create a folder -> mkdir traefik && cd traefik | |
| 9. Create traefik files | |
| 9.1. sudo touch /opt/traefik/docker-compose.yml | |
| 9.2. sudo touch /opt/traefik/acme.json | |
| 9.3. sudo chmod 600 /opt/traefik/acme.json | |
| 9.4. sudo touch /opt/traefik/traefik.toml | |
| 10. Update your docker-compose.yml file | |
| 10.1. nano docker-compose.yml | |
| 10.2. I am using dnsChallenge to create SSL. My domain provider is GoDaddy. Create a production API KEY and update environment parameters. | |
| 10.3 Update yourdomain.com on labes. | |
| [Traefik v1.7] - docker-compose.yml with dnsChallenge | |
| version: '3.7' | |
| services: | |
| reverse-proxy: | |
| image: traefik:v1.7 | |
| restart: always | |
| container_name: traefik | |
| ports: | |
| - 80:80 | |
| - 443:443 | |
| expose: | |
| - 8080 | |
| networks: | |
| - external | |
| - internal | |
| environment: | |
| - GODADDY_API_KEY=... | |
| - GODADDY_API_SECRET=... | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - /opt/traefik/traefik.toml:/traefik.toml | |
| - /opt/traefik/acme.json:/acme.json | |
| labels: | |
| - "traefik.backend=traefik" | |
| - "traefik.docker.network=external" | |
| - "traefik.enable=true" | |
| - "traefik.frontend.rule=Host:traefik.yourdomain.com" | |
| - "traefik.port=8080" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| networks: | |
| external: | |
| external: true | |
| internal: | |
| 11. Update traefik.toml file | |
| 11.1. Update users on entryPoints.traefik with -> echo $(htpasswd -nb username password) | sed -e s/\\$/\\$\\$/g | |
| 11.2. Update your-domain and your-email fields | |
| 11.3. Update your domain provider on acme.dnsChallenge | |
| [Traefik v1.7] - traefik.toml with dnsChallenge | |
| debug = false | |
| loglevel = "ERROR" | |
| defaultEntryPoints = ["https", "http"] | |
| [entryPoints] | |
| [entryPoints.http] | |
| address = ":80" | |
| [entryPoints.http.redirect] | |
| entryPoint = "https" | |
| [entryPoints.https] | |
| address = ":443" | |
| [entryPoints.https.tls] | |
| [entryPoints.traefik] | |
| address = ":8080" | |
| [entryPoints.traefik.auth.basic] | |
| users = ["username:hashed-password"] | |
| [api] | |
| entryPoint = "traefik" | |
| [retry] | |
| [docker] | |
| endpoint = "unix:///var/run/docker.sock" | |
| domain = "your-domain.com" | |
| watch = true | |
| exposedByDefault = false | |
| [acme] | |
| email = "your-email.com" | |
| storage = "acme.json" | |
| onHostRule = true | |
| entryPoint = "https" | |
| [acme.dnsChallenge] | |
| provider = "godaddy" | |
| delayBeforeCheck = 0 | |
| [[acme.domains]] | |
| main = "*.your-domain.com" | |
| sans = ["your-domain.com"] | |
| 12. Create a network -> docker network create external | |
| 13. Run traefik | |
| 13.1. docker-compose up -d | |
| 13.2. docker ps | |
| 13.3. If you don't see traefik running then chek the logs -> docker logs containerId | |
| 13.4. If it's running then create a CNAME for traefik -> @ then visit traefik.your-domain.com | |
| 13.5. Enter your username and non-hashed password to see the dashboard | |
| 14. Run your own image from Github Registry / Others | |
| 14.1. Create a folder -> mkdir opt/my-container | |
| 14.2 Create docker-compose -> nano docker-compose.yml | |
| [Traefik 1.7] - docker-compose.yml | |
| version: "3.7" | |
| services: | |
| your-container-name: | |
| image: docker.pkg.github.com/github-username/repo-name/tag-name:latest | |
| restart: always | |
| container_name: your-container-name | |
| networks: | |
| - web | |
| labels: | |
| - traefik.docker.network=external | |
| - traefik.backend=your-container-name | |
| - traefik.frontend.rule=Host:your-container-name.your-domain.com | |
| - traefik.enable=true | |
| - traefik.port=80 | |
| networks: | |
| web: | |
| name: external | |
| 15. Docker login. | |
| 15.1. If you are using Ubuntu 19 then run -> apt install pass | |
| 15.2. docker login docker.pkg.github.com --username "github-username" | |
| 15.3. Create a Github Access Token with repo, package write and read permission and enter this token as a password | |
| 16. Run your container | |
| 16.1. docker-compose up -d | |
| 16.2. docker ps | |
| 16.3. Create a CNAME for your-container-name -> @ then visit your-container-name.your-domain.com | |
| These are for traefik v2.0 | |
| [Traefik v2.0] - docker-compose.yml with httpChallenge | |
| version: '3.7' | |
| services: | |
| traefik: | |
| image: traefik:v2.0.1 | |
| container_name: traefik | |
| restart: unless-stopped | |
| security_opt: | |
| - no-new-privileges:true | |
| networks: | |
| - proxy | |
| ports: | |
| - 80:80 | |
| - 443:443 | |
| volumes: | |
| - /etc/localtime:/etc/localtime:ro | |
| - /var/run/docker.sock:/var/run/docker.sock:ro | |
| - ./traefik.yml:/traefik.yml:ro | |
| - ./acme.json:/acme.json | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.traefik.entrypoints=http" | |
| - "traefik.http.routers.traefik.rule=Host(`traefik.your-domain.com`)" | |
| - "traefik.http.middlewares.traefik-auth.basicauth.users=username:hashed-password" | |
| - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" | |
| - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" | |
| - "traefik.http.routers.traefik-secure.entrypoints=https" | |
| - "traefik.http.routers.traefik-secure.rule=Host(`traefik.your-domain.com`)" | |
| - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" | |
| - "traefik.http.routers.traefik-secure.tls=true" | |
| - "traefik.http.routers.traefik-secure.tls.certresolver=http" | |
| - "traefik.http.routers.traefik-secure.service=api@internal" | |
| - "traefik.http.services.traefik.loadbalancer.server.port=8080" | |
| networks: | |
| proxy: | |
| external: true | |
| [Traefik v2.0] - traefik.yml with httpChallenge | |
| api: | |
| dashboard: true | |
| # Writing Logs to a File, in JSON | |
| log: | |
| level: DEBUG | |
| filePath: "log-file.log" | |
| format: json | |
| # Configuring a buffer of 100 lines | |
| accessLog: | |
| filePath: "log-access.log" | |
| bufferingSize: 100 | |
| entryPoints: | |
| http: | |
| address: ":80" | |
| https: | |
| address: ":443" | |
| providers: | |
| docker: | |
| endpoint: "unix:///var/run/docker.sock" | |
| exposedByDefault: false | |
| certificatesResolvers: | |
| http: | |
| acme: | |
| email: your-email.com | |
| storage: acme.json | |
| httpChallenge: | |
| entryPoint: http | |
| [Traefik v2.0] - your-container docker-compose.yml | |
| version: '3.7' | |
| services: | |
| your-container-name: | |
| image: docker.pkg.github.com/username/repo-name/image-name:latest | |
| container_name: your-container-name | |
| restart: unless-stopped | |
| security_opt: | |
| - no-new-privileges:true | |
| networks: | |
| - proxy | |
| volumes: | |
| - /etc/localtime:/etc/localtime:ro | |
| - /var/run/docker.sock:/var/run/docker.sock:ro | |
| - ./data:/data | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.your-container-name.entrypoints=http" | |
| - "traefik.http.routers.your-container-name.rule=Host(`your-container-name.your-domain.com`, `www.your-container-name.your-domain.com`)" | |
| - "traefik.http.middlewares.your-container-name-https-redirect.redirectscheme.scheme=https" | |
| - "traefik.http.routers.your-container-name.middlewares=your-container-name-https-redirect" | |
| - "traefik.http.routers.your-container-name-secure.entrypoints=https" | |
| - "traefik.http.routers.your-container-name-secure.rule=Host(`your-container-name.your-domain.com`, `www.your-container-name.your-domain.com`)" | |
| - "traefik.http.routers.your-container-name-secure.tls=true" | |
| - "traefik.http.routers.your-container-name-secure.tls.certresolver=http" | |
| - "traefik.http.routers.your-container-name-secure.service=your-container-name" | |
| - "traefik.http.services.your-container-name.loadbalancer.server.port=80" | |
| - "traefik.docker.network=proxy" | |
| networks: | |
| proxy: | |
| external: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment