Created
July 1, 2024 20:40
-
-
Save rehmatworks/7428cab3fc13f5adf3412795aaa995e7 to your computer and use it in GitHub Desktop.
Depoloy portainer with Traefik over HTTPs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.2' | |
| services: | |
| traefik: | |
| image: traefik:v2.6 | |
| ports: | |
| - target: 80 | |
| published: 80 | |
| protocol: tcp | |
| mode: host | |
| - target: 443 | |
| published: 443 | |
| protocol: tcp | |
| mode: host | |
| - target: 8080 | |
| published: 8080 | |
| protocol: tcp | |
| mode: host | |
| command: | |
| - "--api.insecure=true" | |
| - "--providers.docker=true" | |
| - "--entrypoints.web.address=:80" | |
| - "--entrypoints.web.http.redirections.entryPoint.to=websecure" | |
| - "--entrypoints.web.http.redirections.entryPoint.scheme=https" | |
| - "--entrypoints.web.http.redirections.entrypoint.permanent=true" | |
| - "--providers.file.directory=/etc/traefik/dynamic" | |
| - "--providers.docker.exposedbydefault=false" | |
| - "--entryPoints.websecure.address=:443" | |
| - "--certificatesresolvers.acmeresolv.acme.httpchallenge=true" | |
| - "--certificatesresolvers.acmeresolv.acme.httpchallenge.entrypoint=web" | |
| - "[email protected]" | |
| - "--certificatesresolvers.acmeresolv.acme.storage=/letsencrypt/acme.json" | |
| volumes: | |
| - "/var/run/docker.sock:/var/run/docker.sock:ro" | |
| - "./letsencrypt:/letsencrypt" | |
| networks: | |
| - agent_network | |
| - default | |
| agent: | |
| image: portainer/agent:2.19.5 | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - /var/lib/docker/volumes:/var/lib/docker/volumes | |
| networks: | |
| - agent_network | |
| deploy: | |
| mode: global | |
| placement: | |
| constraints: [node.platform.os == linux] | |
| portainer: | |
| image: portainer/portainer-ce:2.19.5 | |
| command: -H tcp://tasks.agent:9001 --tlsskipverify --http-enabled | |
| volumes: | |
| - portainer_data:/data | |
| networks: | |
| - agent_network | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.portainer.service=svc_portainer" | |
| - "traefik.docker.network=agent_network" | |
| - "traefik.http.services.svc_portainer.loadbalancer.server.port=9000" | |
| - "traefik.http.routers.portainer.entrypoints=websecure" | |
| - "traefik.http.routers.portainer.tls=true" | |
| - "traefik.http.routers.portainer.rule=Host(`portainer.example.com`)" | |
| - "traefik.http.routers.portainer.tls.certresolver=acmeresolv" | |
| deploy: | |
| mode: replicated | |
| replicas: 1 | |
| placement: | |
| constraints: [node.role == manager] | |
| networks: | |
| agent_network: | |
| driver: overlay | |
| attachable: true | |
| volumes: | |
| portainer_data: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Before creating the docker services, create the letsencrypt directory in the same directory where the compose file is present and adjust permissions:
mkdir letsencrypt && chmod 755 letsencryptAnd then run
docker compose upOr, if you prefer the swarm mode and the swarm mode is enabled:
Once the services are deployed, visit https://example.com to set the admin password. Be sure to update the DNS before creating the docker services so that Traefik will get valid SSL certificates from Let's Encrypt.