Created
October 30, 2016 20:15
-
-
Save nknapp/20c7cd89f1f128b8425dd89cbad0b802 to your computer and use it in GitHub Desktop.
Traefik setup as reverse-proxy with docker and letsencrypt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '2' | |
| services: | |
| traefik: | |
| build: . | |
| # command: --logLevel=DEBUG | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| - "127.0.0.1:8080:8080" | |
| restart: always | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| networks: | |
| - default | |
| cap_drop: | |
| - all | |
| cap_add: | |
| - net_bind_service |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM traefik:camembert | |
| ADD traefik.toml . | |
| EXPOSE 80 | |
| EXPOSE 8080 | |
| EXPOSE 443 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # defaultEntryPoints must be at the top because it should not be in any table below | |
| defaultEntryPoints = ["http", "https"] | |
| [web] | |
| # Port for the status page | |
| address = ":8080" | |
| # Entrypoints, http and https | |
| [entryPoints] | |
| # http should be redirected to https | |
| [entryPoints.http] | |
| address = ":80" | |
| [entryPoints.http.redirect] | |
| entryPoint = "https" | |
| # https is the default | |
| [entryPoints.https] | |
| address = ":443" | |
| [entryPoints.https.tls] | |
| # Enable ACME (Let's Encrypt): automatic SSL | |
| [acme] | |
| # caServer = "https://acme-staging.api.letsencrypt.org/directory" | |
| email = "[email protected]" | |
| storage = "acme.json" # or "traefik/acme/account" if using KV store | |
| entryPoint = "https" | |
| onDemand = false | |
| OnHostRule = true | |
| [docker] | |
| endpoint = "unix:///var/run/docker.sock" | |
| domain = "example.com" | |
| watch = true | |
| exposedbydefault = false | |
for some this is not working for me. I am using swarm mode (so i used swarm mode settings). It redirects from http to https but after that i get Secure Connection Failed. I think it does not generate any certificate (ACME certs == []). Note I have set onDemand = true.
root@swarm-02:/config# cat /config/acme/acme.json
{
"Email": "[email protected]",
"Registration": {
"body": {
"resource": "reg",
"id": 1788893,
"key": {
"kty": "RSA",
"n": "46uBWGY49i0ziDHLVdAWg1cDzdJlJADcjs9WH2Djo4kI4ZByJBZodj9Jc63rprm8jBhbryqOgnAi-XnOxE15uhyqOFCQIAcS8ikmZYZK5xM16m3WG6ZYTLsg6DagSSaI1R5fnP6I2kZoaDhyv46V3PNUmD4Ir3eVuiFQWpRFtEZRSyESQh-6V2Ki-1co-bgDylEO4rz6QRRHqlduiGfZ-CZG5TfcdivtOMBSjNyY4GcBnFyQH_qY09A49CDdyxweNT5QzTLo58aCvqCL2rbkP-VAub1MvZLRmqXhNbddgmEg0LZkCBE1qjViq8_siBpxCDj9l_qPEKIoiTnGZi20h_l6esIwFUHzJ-Wqlyx1OoNQ5dJFU9PDwsG4jBDdsdHI0p43FrqtWIBs5iBUjNttlOsNPS2RmGSSm9mvOgecPiiypUNJP6knwqHFAU97GUu_45y2ne8p7Sibxgwy_P3d98Bwv3AFdt2q5xYhdmUXH6ayfgr-GRvbAytG-nbSG33PZqmWk",
"e": "AQAB"
},
"contact": [
"mailto:[email protected]"
],
"agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
},
"uri": "https://acme-staging.api.letsencrypt.org/acme/reg/1788893",
"new_authzr_uri": "https://acme-staging.api.letsencrypt.org/acme/new-authz",
"terms_of_service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
},
"PrivateKey": "MIIJKQIBAAKCAgEA46uBWGY49i0ziDHLVdAWg1cDzdJlJADcjs9WH2Djo4kI4ZByJBZodj9Jc63rprm8jBhbryqOgnAi+XnOxE15uhyqOFCQIAcS8ikmZYZK5xM16m3WG6ZYTlaBj6aEUP7IwORcUCq/xfrCEg0LZkCBE1qjViq8/siBpxCDj9l/qPEKIoiTnGZi20h/l6esIwFUHzJ+Wqlyx1OoNQ5dJFU9PDwsG4jBDdsdHI0p43FrqtWIBs5iBUjNttlOsNPS2RmGSSm9mvOgecPiiypUNJP6knwqHFAU97GUu/45y2ne8p7Sibxgwy/P3d98Bwv3AFdt2q5xYhdmUXH6ayfgr+GRvbAytG+nbSG33PZqmWkCAwEAAQKCAgEAvCPombKv88/au/vaOqnhUNxBin8Jkb0chu+UDg41T9lYe36wtF3IKZ+XBX9+M6Ndyq/+ZDzY07XzURJ16gbURxaVHECHOdBeubuDvXZCw74+WeI2g1bttUsWoI8z2f98KBIXlVdKpIZ2lVnAicg81ABJsh3hc49xLgWFr7TD/Xv2hg1oVzh89uXOJcIbXHHSwAhIMttUOx+VMZFbCGI54DVRdO66wvT97l4QWdOaiibVT++2MpcWYEO8LRJT9xrfY8SBZXFiwtZrCTkHGdD1wk+jM1rZ5fdEO3ZFK+zB25sHlU0zXcvFPqx4oGyEmAzXWGgnTz1rLobLKZnyF3JAgy80xM8MVP20O33h3k5oLfQ+fPoiQIiZw8/hQ9h1Q6JCHHJluDekVWNQfUEoYRRfz36AexJ/wdcfWaSGYYxfz3qMKN1NBTixdOsvzvjOxkgjrKl164DH5TexspVM3brI1cwc4Yodd4JFkrLi+CZHdN90fS/h6sVdznoC40SU+k97vXzAR6z1ckSFsCiGJEnLcRUFtCWtavY5whJpvkWIqBBoCJ7Iy0sajIwl+R1JPTKu7AKvzgxwSM08LUvgHPUqbudEb2gzorSPcUZmW+9BhRbRpnqc1g2WSz85kIihfP9dXdQPQESCufFa9RbDeZEWzgfBokSBXrfQo4fM++nhF+ECggEBAPaFzVkCCzeGnSJZJx4jYe6c2gbu0uY9Tmp8XpxSAHGzDnmRnmUxIf8LysFwVRnhfB2AipzEJermKS+/Rx4lc4X1CklljAKcKFyJMN7wzL/EC06cPyKDdqLEp6FJ00o8Nb7t1D/rd9MbFqFH4/ZEcQIPL9eTtZoFJrH6hNIxkg/3rJ08rHK9Z1xV11sDoBXgE5nOTv21zo9RrW5vVjJjriZ/bEWJqhhPbmkL79qITDUz4qiJKCGBT9VzK0O9etESZ0kl0qlmXaKAD6wFUQ90l6S5jxlkPh5CU42YejE2I9rID6UmPY1ICUDb6ajNjQSWcNGvsTU7t7CFsb6hE7G2qD0CggEBAOxsKR1fRSX8Ri3H48vDneg5aLjn5PKmO8U3FtAGBrbHsVl8GiE8hFnQ+1iknZg4iex8JEAyiHEkv7tAWIz3n6+5v2ta7tWmX2/SKcZOuw9RTxbgndKB7mqmnnaDssU8feZs4nFZKXRDURkQvLJGesQlqXQ5N+ilJlJks5DcASqA7NN8r+s5/ca1Uf82PhchMGGgtHx2WrjOKzBzC2FeXotLHjn+tinrpCmu8Hj+BsgHMnwDR62g55JIv6JZ+383jbxWNOy9IeBFuM9h0gJv1SUsqXzZmkClt18b++B7bRwgw2fmxG4hO8bQj2OjeUqRouRImB8+2+EouxxfO3Al3J0CggEAT2B55EUCM5jGk769F7kw2VHr6fuQMM5gp2zwUckdl36eFIrMw6x0U9kKKgrve+vcuOsgtqV5yA7gCB3A2nYYonNqIoPt9xEs9c6+y6ohY0XOljs9IPHPi01i5E4PGIIWlCmkBAjfhjvcp4WsYylacd1N/E31VWh/MyOFDOElNLr8+4wDwtY1p8eEFiwuqZyC8y04xfx6TC9ydnKnAIaUFpVE2YcgG7/Hv082pdjpIOBaBQZUw6UNfZ8duSwTlaolU6o4EI+DasVtRmhX13AlO8b7yqM6VSfqG1eTULEsDlAIqZaMjyc4w4eLzuyQkX+XSA0YNBnMZaxGtSjMXJaByQKCAQEAibUyeY5Ne6OmyPG+SKinaGVQDyvbWk7jT6sX2ZE5Bevo7ENyANv8B0jHrkksFkcQZzOj9dS5TpXmK85+BZYSaEucKI7twHpI6pwSgxTGtlRY6e1pXYZFdOE9KQn6jpbtWu0yyA4NaNm3+Rt+EjpU36ukk3AtocVLQHsv2rGMlK1e9vX6xnnKX27pBCSoW7t5Hpm399APJrQKCAQALwLCdZaUNNHCDfm6cvNgU+d+6uAvDgpJeQVvXlmpBgLruoO6zOUIgTAK84TPHE22W3ctDYsYJ69kWiNgp6F7c0YqcRMH1T+8m2xH86I0U8RhvZjKxLVn0uqq5/qkol/1piNs49U5zudGXC03D1A+m9GJBzIxTsoljBFigSEIbc9kD0SoRQEgUQJi55h2/JiXqSEj2f3TNQmDtB6YRE4HeuKDYYP25rf6qtNa65U7F5EHDSgc8yhhsQyXrNBJiU5gYbD5iUake3Jmk+VX0Ayrbw",
"DomainsCertificate": {
"Certs": []
},
"ChallengeCerts": {}
Any idea?
@dcrystalj, hope those are not your real PK's....
SUPER HELPFUL. Thank you!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have moved this example into a real repository