Adding SSL certificate to Traefik on ECS

Traefik is awesome reverse proxy & load balancer. If you are not using Traefik already then I recommend using it in your next project. I can guarantee that you will not regret.

Setting up SSL certificate on Traefik is a cakewalk. While adding SSL on traefik, I realised how it outshine other reverse proxy (Nginx , HAProxy).

Traefik use LetsEncrypt to automatically generate and renew SSL certificates.

Dockerfile

FROM      traefik:v1.7-alpine
COPY      traefik_ecs.toml /etc/traefik/traefik.toml
RUN touch /etc/traefik/acme.json
RUN chmod +x /etc/traefik/acme.json

traefik_ecs.toml

defaultEntryPoints = ["https", "http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.bar]
address = ":8080"
[api]
entryPoint = "bar"
dashboard = true
[ecs]
clusters = ["YOUR_ECS_CLUSTER_NAME"]
watch = true
domain = "YOUR_DOMAIN_NAME"
autoDiscoverClusters = false
refreshSeconds = 15
exposedByDefault = true
region = "YOUR_AWS_REGION"
accessKeyID = "YOUR_AWS_ACCESS_KEY_ID"
secretAccessKey = "YOUR_AWS_SECRET_ACCESS_KEY"
[acme]
email = "YOUR_EMAIL"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"

Replace YOUR_* values with actual, build image using Dockerfile and deploy it on ECS. That’s it, Traefik will take care of rest and SSL certificate will be added to your domain. Isn’t Traefik awesome ? Let me know what you think through comments below.

References:

  1. https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/
  2. https://blog.networkprofile.org/my-traefik-reverse-proxy-setup/
  3. https://github.com/netbears/traefik-cluster-ecs