version: "3.3" services: traefik: image: "traefik:v2.0.7" command: - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --providers.docker - --api - --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory - --certificatesresolvers.le.acme.email=letsencrypt@labdomain.cloud - --certificatesresolvers.le.acme.storage=/acme.json - --certificatesresolvers.le.acme.tlschallenge=true ports: - "80:80" - "443:443" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - "/docker/acme.json:/acme.json" labels: # Dashboard - "traefik.http.routers.traefik.rule=Host(`traefik.labdomain.cloud`)" - "traefik.http.routers.traefik.service=api@internal" - "traefik.http.routers.traefik.tls.certresolver=le" - "traefik.http.routers.traefik.entrypoints=websecure" - "traefik.http.routers.traefik.middlewares=authtraefik" - "traefik.http.middlewares.authtraefik.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/" # user/password # global redirect to https - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" - "traefik.http.routers.http-catchall.entrypoints=web" - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" # middleware redirect - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" my-app: image: containous/whoami:v1.3.0 labels: - "traefik.http.routers.my-app.rule=Host(`whoami.labdomain.cloud`)" - "traefik.http.routers.my-app.tls=true" - "traefik.http.routers.my-app.tls.certresolver=le" # Dashboard (https://localhost:8080) # Route # Basic auth (login: user | password: password) # Let's Encrypt (https://whoami.docker.localhost/) # Global HTTP to HTTPS redirection (http://whoami.docker.localhost/) # Dashboard [api@internal] # Dashboard [api@internal] + Basic auth (login: user | password: password) # Dashboard [api@internal] + TLS (https://traefik.docker.localhost/) # touch acme.json; chmod 600 acme.json