-
-
Save gannino/2a5bf44fec722e1aa672a1444cf96022 to your computer and use it in GitHub Desktop.
Deploy Traefik as Frontend Proxy for Docker
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| DOCKER_BASE=/srv/docker | |
| mkdir -p ${DOCKER_BASE}/traefik/container.conf | |
| cat > ${DOCKER_BASE}/traefik/container.conf/docker-compose.yml <<EOF | |
| version: '3.7' | |
| services: | |
| traefik: | |
| image: traefik:1.7-alpine | |
| environment: | |
| - LC_ALL=C.UTF-8 | |
| - TZ=Europe/Berlin | |
| labels: | |
| - traefik.enable=true | |
| - traefik.backend=traefik | |
| - traefik.port=8080 | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| - "8080:8080" | |
| restart: always | |
| volumes: | |
| - "./config/:/etc/traefik/" | |
| - "/var/run/docker.sock:/var/run/docker.sock:ro" | |
| networks: | |
| traefik_default: | |
| external: true | |
| EOF | |
| ln -s container.conf/docker-compose.yml ${DOCKER_BASE}/traefik/ | |
| cat > ${DOCKER_BASE}/traefik/container.conf/production.yml <<EOF | |
| version: '3.7' | |
| services: | |
| traefik: | |
| labels: | |
| - traefik.frontend.rule=Host:host.test.org;PathPrefixStrip:/traefik | |
| - com.centurylinklabs.watchtower.enable=true | |
| EOF | |
| cat > ${DOCKER_BASE}/traefik/container.conf/traefik.service <<EOF | |
| [Unit] | |
| Description=Traefik Proxy Service | |
| After=network.target docker.service | |
| Requires=docker.service | |
| [Service] | |
| Type=oneshot | |
| RemainAfterExit=yes | |
| Environment="WORK_DIR=/srv/docker/traefik/" | |
| WorkingDirectory=/srv/docker/traefik/ | |
| ExecStartPre=-/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down | |
| ExecStart=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" up -d | |
| ExecStop=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down | |
| [Install] | |
| WantedBy=docker.service | |
| EOF | |
| ln -s ${DOCKER_BASE}/traefik/container.conf/traefik.service /etc/systemd/system/ | |
| mkdir -p ${DOCKER_BASE}/traefik/config | |
| cat > ${DOCKER_BASE}/traefik/config/traefik.toml <<EOF | |
| logLevel = "DEBUG" | |
| defaultEntryPoints = ["http", "https"] | |
| # WEB interface of Traefik - it will show web page with overview of frontend and backend configurations | |
| [web] | |
| address = ":8080" | |
| [web.auth.basic] | |
| users = ["admin:$apr1$AAbCdQpX$ajolS9mMfKRG.lqcY/uXU/"] | |
| # Connection to docker host system (docker.sock) | |
| [docker] | |
| domain = "test.org" | |
| watch = true | |
| # This will hide all docker containers that don't have explicitly | |
| # set label to "enable" | |
| exposedbydefault = false | |
| # Force HTTPS | |
| [entryPoints] | |
| [entryPoints.http] | |
| address = ":80" | |
| [entryPoints.http.redirect] | |
| entryPoint = "https" | |
| [entryPoints.https] | |
| address = ":443" | |
| [entryPoints.https.tls] | |
| # Let's encrypt configuration | |
| [acme] | |
| email="[email protected]" | |
| storage="/etc/traefik/acme.json" | |
| entryPoint="https" | |
| acmeLogging=true | |
| onDemand=false | |
| OnHostRule=true | |
| [acme.httpChallenge] | |
| entryPoint = "http" | |
| EOF | |
| systemctl daemon-reload && systemctl enable traefik && systemctl start traefik |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment