Skip to content

ronaldb/traefik-letsencrypt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
traefik.toml
traefik.toml
 
 

Repository files navigation

Traefik with Let's Encrypt

Traefik is a nice little product that makes it easy to deploy a reverse proxy for Docker containers. This document describes how to set up a Digital Ocean node, install Docker on it, run Traefik, and configure it to use Let's Encrypt for wildcard certificates.

Digital Ocean node

Installing Docker on node

Run Traefik

Now that we have Docker running on the node, we need to run Traefik. This is probably the simplest step of all. But since we're running on the Internet, we can't just fire up Traefik - you'd want to protect at least the monitoring port.

Prepare for Traefik setup

We'll assume that all apps will be located under the ${USERDIR}/docker/ in their own folder.

Create username and password for HTTP authentication

To protect the Traefik monitoring UI, we'll use HTTP authentication.

  1. Create a file .htpasswd in ${USERDIR}/docker/shared

  2. Create a strong username/password combo. You can use HTPASSWD Generator, or LastPass, or similar

  3. Add the combo to .htpasswd as follows:

    username:password

    where username is your chosen username, and password is the strong password generated by your utility of choice.

  4. Save the file and exit

Update environmental variables

TZ="America/New_York"
USERDIR="/home/USER"
HTTP_USERNAME=username
HTTP_PASSWORD=password
DOMAINNAME=example.com
  1. TZ is the timezone for your machine. Find your correct timezone in the timezone database
  2. USERDIR is the path to the homefolder of the current user. Replace USER with your user ID.
  3. username is the username you created for the HTTP authentication
  4. password is the strong password you created for the HTTP authentication

Prepare the Traefik folders and files

Create folders for Traefik and ACME. With the ${USERDIR} environment variable set as above, run the following commands: mkdir ${USERDIR}/docker/traefik mkdir ${USERDIR}/docker/traefik/acme

Create an empty acme.json file for Traefik to use: touch ${USERDIR}/docker/traefik/acme/acme.json chmod 500 ${USERDIR}/docker/traefik/acme/acme.json

Configure Traefik to use Let's Encrypt

We'll set up Traefik to use subdomains for the different apps that we want to run. Create ${USERDIR}/docker/traefik/traefik.toml with the contents of the following file:

traefik.toml

Replace the following:

  1. email@domain.com with your email address
  2. EXAMPLE.COM with your domain name
  3. You may have to enable the InsecureSkipVerify line to allow some apps access through Traefik
  4. exposedbydefault = false forces you to use traefik.enable=true in docker compose to put apps behind traefik. If you would like to do this for all apps, change it to exposedbydefault to true.

Run Traefik

Create a docker-compose.yml with the following content:

docker-compose.yml

About

Setting up a Traefik Reverse Proxy with Let's Encrypt

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published