Skip to content

Instantly share code, notes, and snippets.

@davidmc971

davidmc971/config.yml

Created January 30, 2022 14:45
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save davidmc971/af9f883168447420318fa998f42a07a7 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save davidmc971/af9f883168447420318fa998f42a07a7 to your computer and use it in GitHub Desktop.
Download ZIP
My Trafik 2 Setup using Let's Encrypt Wildcard Certificates with Cloudflare
Raw
config.yml
# config.yml in traefik directory
# Dynamic Configuration for Dashboard
http:
routers:
dashboard:
# Your domain here
rule: Host(`traefik-dashboard.example.com`)
service: api@internal
middlewares:
- auth
middlewares:
auth:
basicAuth:
users:
# You can use the output of 'htpasswd -n username' here, replacing your preffered name
- "username:encryptedpassword"
Raw
docker-compose.example-web-app.yml
# docker-compose.yml in a different directory
# Example usage of traefik and the automatic certificates
version: "3"
services:
example-web-app:
image: node:16-alpine
volumes:
- ./app:/app
entrypoint: ["npx", "serve", "-s", "/app"]
labels:
- "traefik.enable=true"
- "traefik.http.routers.example-web-app.rule=Host(`example.com`)"
- "traefik.http.services.example-web-app.loadbalancer.server.port=5000"
- "traefik.http.routers.example-web-app.entrypoints=https"
- "traefik.docker.network=proxy"
networks:
- proxy
networks:
proxy:
external: true
Raw
docker-compose.yml
# docker-compose.yml in traefik directory
version: '3'
secrets:
cloudflare-api-email:
file: ./cloudflare-api-email.txt
cloudflare-dns-api-token:
file: ./cloudflare-dns-api-token.txt
cloudflare-zone-api-token:
file: ./cloudflare-zone-api-token.txt
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
secrets:
- cloudflare-api-email
- cloudflare-dns-api-token
- cloudflare-zone-api-token
environment:
- CF_API_EMAIL_FILE=/run/secrets/cloudflare-api-email
- CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare-dns-api-token
- CF_ZONE_API_TOKEN_FILE=/run/secrets/cloudflare-zone-api-token
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/traefik.yml:ro
- ./acme.json:/acme.json
- ./config.yml:/config.yml:ro
networks:
proxy:
external: true
Raw
traefik.yml
# traefik.yml in traefik directory
api:
dashboard: true
debug: false
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
http:
tls:
certResolver: letsencrypt
# Edit domains according to your needs!
domains:
- main: "example.com"
sans:
- "*.example.com"
- main: "example-two.io"
sans:
- "*.example-two.io"
- "*.something.example-two.io"
- "some.long.path.staging.example-two.io"
serversTransport:
insecureSkipVerify: true
providers:
docker:
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
letsencrypt:
acme:
# Your email address here
email: "admin@example.com"
storage: acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment