Last active
April 16, 2022 14:58
-
-
Save scodx/bf4c3c1bcb7551b16bef89b19e5e3653 to your computer and use it in GitHub Desktop.
traefik example with letsencrypt and docker and external services
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # place this file in the `config` folder | |
| http: | |
| services: | |
| # the urls must be accesible from the traefik installation, either native or as a container | |
| rundeck: | |
| loadBalancer: | |
| servers: | |
| - url: http://172.17.0.1:4440 | |
| php-tt: | |
| loadBalancer: | |
| servers: | |
| - url: http://172.17.0.1:2211 | |
| http: | |
| routers: | |
| rundeck: | |
| entryPoints: | |
| - websecure | |
| rule: "Host(`rundeck.domain`)" | |
| service: rundeck | |
| tls: | |
| certResolver: leresolver | |
| php-tt: | |
| entryPoints: | |
| # - web | |
| - websecure | |
| rule: "Host(`php-tt.domain.com`)" | |
| service: php-tt | |
| tls: | |
| certResolver: leresolver | |
| # middlewares: | |
| # php-tt: | |
| # headers: | |
| # sslRedirect: true | |
| # stsSeconds: 315360000 | |
| # browserXssFilter: true | |
| # contentTypeNosniff: true | |
| # forceSTSHeader: true | |
| # sslHost: domain.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3" | |
| services: | |
| traefik: | |
| image: "traefik:v2.1" | |
| command: | |
| # Enable this for.... debugging. | |
| #- --log.level=DEBUG | |
| - --entrypoints.web.address=:80 | |
| - --entrypoints.websecure.address=:443 | |
| - --providers.docker | |
| - --api | |
| - --certificatesresolvers.leresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory | |
| - [email protected] | |
| - --certificatesresolvers.leresolver.acme.storage=/acme.json | |
| - --certificatesresolvers.leresolver.acme.tlschallenge=true | |
| # this is to load a dynamic config file | |
| - --providers.file.directory=/config | |
| - --providers.file.filename=config.yml | |
| - --providers.file.watch=true | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| volumes: | |
| - "/var/run/docker.sock:/var/run/docker.sock:ro" | |
| - "./acme.json:/acme.json" | |
| - "./config/:/config/" | |
| labels: | |
| # Dashboard | |
| - "traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)" | |
| - "traefik.http.routers.traefik.service=api@internal" | |
| - "traefik.http.routers.traefik.tls.certresolver=leresolver" | |
| - "traefik.http.routers.traefik.entrypoints=websecure" | |
| - "traefik.http.routers.traefik.middlewares=authtraefik" | |
| # passwords here must be double escaped: `$$` | |
| - "traefik.http.middlewares.authtraefik.basicauth.users=scodx:$$apr1$$vYd29dR4$$OMbGnCugIN/MIXawbcND91" # user/password | |
| # - "traefik.http.middlewares.authtraefik.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/" # user/password | |
| # global redirect to https | |
| - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" | |
| - "traefik.http.routers.http-catchall.entrypoints=web" | |
| - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" | |
| # middleware redirect | |
| - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" | |
| n8n: | |
| image: n8nio/n8n | |
| ports: | |
| - "5678:5678" | |
| labels: | |
| - "traefik.http.routers.n8n.rule=Host(`n8n.domain.com`)" | |
| - "traefik.http.routers.n8n.entrypoints=websecure" | |
| - "traefik.http.routers.n8n.tls=true" | |
| - "traefik.http.routers.n8n.tls.certresolver=leresolver" | |
| - traefik.http.middlewares.n8n.headers.SSLRedirect=true | |
| - traefik.http.middlewares.n8n.headers.STSSeconds=315360000 | |
| - traefik.http.middlewares.n8n.headers.browserXSSFilter=true | |
| - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true | |
| - traefik.http.middlewares.n8n.headers.forceSTSHeader=true | |
| - traefik.http.middlewares.n8n.headers.SSLHost=domain.com | |
| - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true | |
| - traefik.http.middlewares.n8n.headers.STSPreload=true | |
| environment: | |
| - N8N_BASIC_AUTH_ACTIVE=true | |
| - N8N_BASIC_AUTH_USER=user | |
| - N8N_BASIC_AUTH_PASSWORD=password | |
| - N8N_HOST=n8n.domain.com | |
| - N8N_PORT=5678 | |
| - N8N_PROTOCOL=https | |
| - NODE_ENV=production | |
| - WEBHOOK_TUNNEL_URL=https://n8n.domain.com/ | |
| - VUE_APP_URL_BASE_API=https://n8n.domain.com/ | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - /.n8n:/root/.n8n | |
| whoami: | |
| image: containous/whoami:v1.3.0 | |
| labels: | |
| - "traefik.http.routers.whoami.rule=Host(`whoami.domain.com`)" | |
| - "traefik.http.routers.whoami.entrypoints=websecure" | |
| - "traefik.http.routers.whoami.tls=true" | |
| - "traefik.http.routers.whoami.tls.certresolver=leresolver" | |
| #- "traefik.http.routers.my-app.middlewares=auth" | |
| # - "traefik.http.middlewares.auth.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/" # user/password | |
| # Dashboard (https://localhost:8080) | |
| # Route | |
| # Basic auth (login: user | password: password) | |
| # Let's Encrypt (https://whoami.docker.localhost/) | |
| # Global HTTP to HTTPS redirection (http://whoami.docker.localhost/) | |
| # Dashboard [api@internal] | |
| # Dashboard [api@internal] + Basic auth (login: user | password: password) | |
| # Dashboard [api@internal] + TLS (https://traefik.docker.localhost/) | |
| # touch acme.json; chmod 600 acme.json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment