Last fixes to traefik posts
This commit is contained in:
parent
1829f23a06
commit
0f770ea8fd
2 changed files with 45 additions and 19 deletions
|
|
@ -1,4 +1,4 @@
|
||||||
+++
|
+++
|
||||||
title = "How to expose Traefik 2.x dashboard securely on Docker Swarm"
|
title = "How to expose Traefik 2.x dashboard securely on Docker Swarm"
|
||||||
date = "2020-01-12"
|
date = "2020-01-12"
|
||||||
author = "Aloïs Micard"
|
author = "Aloïs Micard"
|
||||||
|
|
@ -38,18 +38,25 @@ version: '3'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
reverse-proxy:
|
reverse-proxy:
|
||||||
image: traefik:v2.0.2
|
image: traefik:v2.3.4
|
||||||
command:
|
command:
|
||||||
|
# Docker swarm configuration
|
||||||
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
||||||
- "--providers.docker.swarmMode=true"
|
- "--providers.docker.swarmMode=true"
|
||||||
- "--providers.docker.exposedbydefault=false"
|
- "--providers.docker.exposedbydefault=false"
|
||||||
- "--providers.docker.network=traefik-public"
|
- "--providers.docker.network=traefik-public"
|
||||||
|
# Configure entrypoint
|
||||||
- "--entrypoints.web.address=:80"
|
- "--entrypoints.web.address=:80"
|
||||||
- "--entrypoints.websecure.address=:443"
|
- "--entrypoints.websecure.address=:443"
|
||||||
|
# SSL configuration
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
|
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
|
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.email=user@domaine.com"
|
- "--certificatesresolvers.letsencryptresolver.acme.email=user@domaine.com"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
|
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
|
||||||
|
# Global HTTP -> HTTPS
|
||||||
|
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
||||||
|
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
|
||||||
|
# Enable dashboard
|
||||||
- "--api.dashboard=true"
|
- "--api.dashboard=true"
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80
|
||||||
|
|
@ -98,18 +105,25 @@ version: '3'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
reverse-proxy:
|
reverse-proxy:
|
||||||
image: traefik:v2.0.2
|
image: traefik:v2.3.4
|
||||||
command:
|
command:
|
||||||
|
# Docker swarm configuration
|
||||||
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
||||||
- "--providers.docker.swarmMode=true"
|
- "--providers.docker.swarmMode=true"
|
||||||
- "--providers.docker.exposedbydefault=false"
|
- "--providers.docker.exposedbydefault=false"
|
||||||
- "--providers.docker.network=traefik-public"
|
- "--providers.docker.network=traefik-public"
|
||||||
|
# Configure entrypoint
|
||||||
- "--entrypoints.web.address=:80"
|
- "--entrypoints.web.address=:80"
|
||||||
- "--entrypoints.websecure.address=:443"
|
- "--entrypoints.websecure.address=:443"
|
||||||
|
# SSL configuration
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
|
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
|
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.email=user@domaine.com"
|
- "--certificatesresolvers.letsencryptresolver.acme.email=user@domaine.com"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
|
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
|
||||||
|
# Global HTTP -> HTTPS
|
||||||
|
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
||||||
|
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
|
||||||
|
# Enable dashboard
|
||||||
- "--api.dashboard=true"
|
- "--api.dashboard=true"
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80
|
||||||
|
|
@ -169,18 +183,25 @@ version: '3'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
reverse-proxy:
|
reverse-proxy:
|
||||||
image: traefik:v2.0.2
|
image: traefik:v2.3.4
|
||||||
command:
|
command:
|
||||||
|
# Docker swarm configuration
|
||||||
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
||||||
- "--providers.docker.swarmMode=true"
|
- "--providers.docker.swarmMode=true"
|
||||||
- "--providers.docker.exposedbydefault=false"
|
- "--providers.docker.exposedbydefault=false"
|
||||||
- "--providers.docker.network=traefik-public"
|
- "--providers.docker.network=traefik-public"
|
||||||
|
# Configure entrypoint
|
||||||
- "--entrypoints.web.address=:80"
|
- "--entrypoints.web.address=:80"
|
||||||
- "--entrypoints.websecure.address=:443"
|
- "--entrypoints.websecure.address=:443"
|
||||||
|
# SSL configuration
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
|
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
|
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.email=user@domaine.com"
|
- "--certificatesresolvers.letsencryptresolver.acme.email=user@domaine.com"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
|
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
|
||||||
|
# Global HTTP -> HTTPS
|
||||||
|
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
||||||
|
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
|
||||||
|
# Enable dashboard
|
||||||
- "--api.dashboard=true"
|
- "--api.dashboard=true"
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
+++
|
+++
|
||||||
title = "How to install Traefik 2.x on a Docker Swarm"
|
title = "How to install Traefik 2.x on a Docker Swarm"
|
||||||
date = "2019-10-21"
|
date = "2019-10-21"
|
||||||
author = "Aloïs Micard"
|
author = "Aloïs Micard"
|
||||||
|
|
@ -42,7 +42,7 @@ version: '3'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
reverse-proxy:
|
reverse-proxy:
|
||||||
image: traefik:v2.0.2
|
image: traefik:v2.3.4
|
||||||
command:
|
command:
|
||||||
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
||||||
- "--providers.docker.swarmMode=true"
|
- "--providers.docker.swarmMode=true"
|
||||||
|
|
@ -188,14 +188,17 @@ version: '3'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
reverse-proxy:
|
reverse-proxy:
|
||||||
image: traefik:v2.0.2
|
image: traefik:v2.3.4
|
||||||
command:
|
command:
|
||||||
|
# Docker swarm configuration
|
||||||
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
||||||
- "--providers.docker.swarmMode=true"
|
- "--providers.docker.swarmMode=true"
|
||||||
- "--providers.docker.exposedbydefault=false"
|
- "--providers.docker.exposedbydefault=false"
|
||||||
- "--providers.docker.network=traefik-public"
|
- "--providers.docker.network=traefik-public"
|
||||||
|
# Configure entrypoint
|
||||||
- "--entrypoints.web.address=:80"
|
- "--entrypoints.web.address=:80"
|
||||||
- "--entrypoints.websecure.address=:443"
|
- "--entrypoints.websecure.address=:443"
|
||||||
|
# SSL configuration
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
|
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
|
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.email=user@domaine.com"
|
- "--certificatesresolvers.letsencryptresolver.acme.email=user@domaine.com"
|
||||||
|
|
@ -307,21 +310,17 @@ reserved TLD used for local area network)
|
||||||
|
|
||||||
## Bonus: Create an automatic HTTPS redirect
|
## Bonus: Create an automatic HTTPS redirect
|
||||||
|
|
||||||
If you want to redirect all HTTP traffic to HTTPS it can be done by easily by using a Middleware. Just add the following
|
If you want to redirect all HTTP traffic to HTTPS it can be done by easily:
|
||||||
labels to to the Traefik configuration file.
|
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
labels:
|
command:
|
||||||
- "traefik.enable=true"
|
...
|
||||||
- "traefik.http.services.traefik.loadbalancer.server.port=888" # required by swarm but not used.
|
# Global HTTP -> HTTPS
|
||||||
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
|
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
||||||
- "traefik.http.routers.http-catchall.entrypoints=web"
|
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
|
||||||
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
|
|
||||||
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
|
||||||
```
|
```
|
||||||
|
|
||||||
It will create a router named *http-catchall* that will intercept all HTTP request (using the hostregexp) and will
|
It will create a global redirection from all HTTP traffic to HTTPS.
|
||||||
forward it to the router named redirect-to-https. This router will perform a redirection to the HTTPS scheme.
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
@ -332,18 +331,24 @@ version: '3'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
reverse-proxy:
|
reverse-proxy:
|
||||||
image: traefik:v2.0.2
|
image: traefik:v2.3.4
|
||||||
command:
|
command:
|
||||||
|
# Docker swarm configuration
|
||||||
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
||||||
- "--providers.docker.swarmMode=true"
|
- "--providers.docker.swarmMode=true"
|
||||||
- "--providers.docker.exposedbydefault=false"
|
- "--providers.docker.exposedbydefault=false"
|
||||||
- "--providers.docker.network=traefik-public"
|
- "--providers.docker.network=traefik-public"
|
||||||
|
# Configure entrypoint
|
||||||
- "--entrypoints.web.address=:80"
|
- "--entrypoints.web.address=:80"
|
||||||
- "--entrypoints.websecure.address=:443"
|
- "--entrypoints.websecure.address=:443"
|
||||||
|
# SSL configuration
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
|
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
|
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.email=user@domaine.com"
|
- "--certificatesresolvers.letsencryptresolver.acme.email=user@domaine.com"
|
||||||
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
|
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
|
||||||
|
# Global HTTP -> HTTPS
|
||||||
|
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
||||||
|
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80
|
||||||
- 443:443
|
- 443:443
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue