If you haven’t set up Traefik yet, check my previous blog post about the base setup of Traefik v2. This blog post assumes you have this setup ready:
- HTTP to HTTPS redirect,
- automated Let’s encrypt certificates,
- Docker provider enabled.
We will create a simple Nginx container, connect it to Traefik and expose it on a domain proxy.mydomain.com
(mydomain.com
is a placeholder for your actual domain).
Create a docker-compose.yml
file for your proxy. Here is an example of a very basic proxy, that doesn’t do anything, except serve a default page (in reality you would of course mount a configuration file into the container):
version: "3.3"
services:
nginx:
image: nginx
container_name: test_proxy
labels:
- "traefik.enable=true" # enables the service
- "traefik.http.routers.nginx.rule=Host(`proxy.mydomain.com`)" # domain to expose on
- "traefik.http.routers.nginx.entrypoints=websecure" # if you named your 443 entrypoint differently than webscure, substitute it here!
- "traefik.http.routers.nginx.tls.certresolver=letsencrypt" # if you named your cert resolver differently than letsencrypt, substitute it here!
networks:
- traefik-global-proxy # Traefik network! If you named it differently, substitute it here and below.
networks:
traefik-global-proxy:
external: true
Note that we connect the proxy to external network, created by Traefik (we did that in the previous blog post). If you have multiple services in your docker compose file, you should only put containers, that need to be exposed through the proxy, in this network, and define another internal network for internal container communication.
As a side node, you need to name each of your routers differently. Here I named the router, associated with this container, “nginx” (denoted by traefik.http.routers.nginx
). If you have another container you wanted to connect (you probably do), you should name it something else to prevent conflicts with this container.
Make sure that proxy.mydomain.com
points to your server and run:
docker-compose up -d
In a few moments, proxy.mydomain.com
will be available. You can check logs of Traefik to see how Traefik detected the container automatically and generated a certificate for it. So, no restarts are needed!
More examples
Check out my other examples of Traefik usage, if you are interested:
- Full-stack Angular + Node.js + Postgres application example - connect a typical full-stack application to Traefik.
- Proxy to S3 bucket example - use Traefik as a reverse proxy to an S3 bucket (to serve a static site).
- IP whitelist example - allow only certain IP addresses to access selected Docker containers.
Resources
- Traefik docs: https://docs.traefik.io/
- Docker provider for Traefik: https://docs.traefik.io/providers/docker/