Sign in Subscribe
Docker

Traefik Docker setup

Lau Chi Fung

2 min read
Traefik Docker setup

Dynamic Setup

http:
  routers:
    motioneye:
      entryPoints:
        - web
        - websecure
      service: motioneye
      rule: Host(`web.web.com`)
      tls:
        certResolver: production

  services:
    motioneye:
      loadBalancer:
        servers:
          - url: http://192.168.1.1/
        passHostHeader: true

Docker Setup 

    labels:
      - traefik.enable=true
      # Create a router called fung_ghost listening on the web and websecure entrypoint
      - traefik.http.routers.fung_ghost.entrypoints=web, websecure
      # Apply a host rule specifying the domain the service will respond to
      - traefik.http.routers.fung_ghost.rule=Host(`blog.lauchifung.com`)
      # Force TLS
      - traefik.http.routers.fung_ghost.tls=true
      - traefik.http.routers.fung_ghost.tls.certresolver=production

Traefik Docker Config Files

docker-compose.yml

version: '3'

services:
  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:latest
    # Enables the web UI and tells Traefik to listen to docker
    ports:
      # The HTTP port
      - "80:80"
      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
#      - ./data/log:/log
      - ./traefik_data:/etc/traefik
      - ./letsencrypt:/letsencrypt
      - ./dynamic/conf:/dynamic/conf
    restart: always
    networks:
      - outernetwork

networks:
  outernetwork:
    external: true

treafik.yml

global:
  checkNewVersion: true
  sendAnonymousUsage: false  # true by default

# (Optional) Log information
# ---
# log:
#  level: ERROR  # DEBUG, INFO, WARNING, ERROR, CRITICAL
#   format: common  # common, json, logfmt
#   filePath: /var/log/traefik/traefik.log

# (Optional) Accesslog
# ---
# accesslog:
  # format: common  # common, json, logfmt
  # filePath: /var/log/traefik/access.log

# (Optional) Enable API and Dashboard
# ---
api:
  dashboard: true  # true by default
  insecure: true  # Don't do this in production!

# Entry Points configuration
# ---
entryPoints:
  web:
    address: :80
    # (Optional) Redirect to HTTPS
    # ---
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: :443

# Configure your CertificateResolver here...
# ---
certificatesResolvers:
   staging:
     acme:
       email: tornadolau@gmail.com
       storage: /letsencrypt/acme.json
       caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
       httpChallenge:
         entryPoint: web

   production:
     acme:
       email: tornadolau@gmail.com
       storage: /letsencrypt/acme.json
       caServer: "https://acme-v02.api.letsencrypt.org/directory"
       httpChallenge:
         entryPoint: web

# (Optional) Overwrite Default Certificates
# tls:
#   stores:
#     default:
#       defaultCertificate:
#         certFile: /etc/traefik/certs/cert.pem
#         keyFile: /etc/traefik/certs/cert-key.pem
# (Optional) Disable TLS version 1.0 and 1.1
#   options:
#     default:
#       minVersion: VersionTLS12

providers:
  docker:
    exposedByDefault: false  # Default is true
#    exposedByDefault: true  # Default is true
    network: outernetwork
#    defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
    defaultRule: "Host(`{{ trimPrefix `/` .Name }}.docker.localhost`)"
  file:
    # watch for dynamic configuration changes
    directory: /etc/traefik
    watch: true