tech:traefik_-_un_reverse_proxy_pour_docker
Traefik - un reverse proxy pour Docker
Voir aussi :
traefik.yml
entryPoints: web: address: ":80" websecure: address: ":443" serversTransport: insecureSkipVerify: true # rootCAs: # - certs/inter-chain.pem providers: file: filename: dynamic_conf.yml watch: true docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false log: #level: DEBUG level: INFO api: dashboard: true #debug: true #insecure: true
dynamic_conf.yml
tls: certificates: - certFile: certs/registry.docker.local.crt keyFile: certs/registry.docker.local.key - certFile: certs/wildcard.docker.local.crt keyFile: certs/wildcard.docker.local.key stores: - default stores: default: defaultCertificate: certFile: certs/wildcard.docker.local.crt keyFile: certs/wildcard.docker.local.key options: default: minVersion: VersionTLS12 sniStrict: true
docker-compose.yml
version: '3.7' services: traefik: image: traefik #restart: unless-stopped ports: - "80:80" - "443:443" volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock - $PWD/traefik.yml:/traefik.yml:ro - $PWD/dynamic_conf.yml:/dynamic_conf.yml:ro - $PWD/certs:/certs:ro # environment: # PUID: ${PUID} # PGID: ${PGID} # TZ: ${TZ} labels: - traefik.enable=true - traefik.http.routers.dashboard.entrypoints=web - traefik.http.routers.dashboard.rule=Host(`traefik.docker.local`) #- traefik.http.services.s-dashboard.loadbalancer.server.port=8080 - traefik.port=8080 - traefik.http.routers.s-dashboard.entrypoints=websecure - traefik.http.routers.s-dashboard.rule=Host(`traefik.docker.local`) - traefik.http.routers.s-dashboard.service=api@internal - traefik.http.routers.s-dashboard.middlewares=auth@docker # mkpasswd -m md5 |sed -e 's/\$/$$/g' - traefik.http.middlewares.auth.basicauth.users=jean:$$1$$qvbVKuOn$$qKZpjcMQuMFWNgC9vtycL1 - traefik.http.routers.s-dashboard.tls=true - traefik.http.routers.dashboard.middlewares=https-redirect@docker - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true # hello: # image: osones/helloworld # labels: # - traefik.enable=true # - traefik.http.routers.hw.entrypoints=web # - traefik.http.routers.hw.rule=Host(`hw.docker.local`) # - traefik.http.routers.s-hw.entrypoints=websecure # - traefik.http.routers.s-hw.rule=Host(`hw.docker.local`) # - traefik.http.routers.s-hw.tls=true # - traefik.http.routers.hw.middlewares=https-redirect@docker # - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https # - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true # #- "traefik.port=80" # #- "traefik.backend=hello" redis: image: redis #restart: unless-stopped restart: always registry: image: registry:2 depends_on: - redis environment: environment: - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/data - REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=redis - REGISTRY_REDIS_ADDR=redis:6379 volumes: - $PWD/data:/data labels: - traefik.enable=true - traefik.port=5000 - traefik.http.routers.s-registry.rule=Host(`registry.docker.local`) - traefik.http.routers.s-registry.entrypoints=websecure - traefik.http.routers.s-registry.tls=true registry-ui: image: konradkleine/docker-registry-frontend:v2 #restart: unless-stopped depends_on: - registry environment: ENV_DOCKER_REGISTRY_HOST: 'registry' ENV_DOCKER_REGISTRY_PORT: 5000 #ENV_DOCKER_REGISTRY_USE_SSL: 1 ENV_DEFAULT_REPOSITORIES_PER_PAGE: 50 labels: - traefik.enable=true - traefik.port=80 - traefik.http.routers.s-registry-ui.rule=Host(`registry-ui.docker.local`) - traefik.http.routers.s-registry-ui.entrypoints=websecure - traefik.http.routers.s-registry-ui.tls=true - traefik.http.routers.s-registry-ui.middlewares=auth@docker - traefik.http.middlewares.auth.basicauth.users=jean:$$1$$qvbVKuOn$$qKZpjcMQuMFWNgC9vtycL1
Exemple de génération de certificats. Notez que Traefik est capable d'utiliser Let's Encrypt
mkdir certs openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/wildcard.docker.local.key -x509 -days 365 -out certs/wildcard.docker.local.crt
docker-compose up -d
tech/traefik_-_un_reverse_proxy_pour_docker.txt · Dernière modification : de Jean-Baptiste