Using Traefik to add a secure connection to your containers is common use, they have fantastic documentation around using the ACME protocol and it’s easy to setup. What I had a harder time figuring out was using certificates that I had already generated.
What I’m Using
Setting up Traefik
First things first, you’ll need your certificate (.crt) and private key (.key). For this example I’m storing them in
C:\certs\ on my local machine and will mount them at
/etc/certs/ inside Traefik.
Next we need to create a dynamic configuration file that tells Traefik where our certs are located within the container.
Next lets take a look at the compose file for Traefik:
The official Traefik documentation does a great job of explaining most of these arguments but I want to point out
providers.file.directory. This tells Traefik that we’re using a File Provider as a dynamic configuration method and the directory our configurations are located. This is different than the directory used for static configurations.
We can now deploy our Traefik service:
docker-compose -f .\traefik-compose.yml up -d
And you should be able to browse to the Traefik dashboard at http://localhost:8080/dashboard/.
Deploying Containers Behind Traefik
You can now deploy services behind Traefik, in this example we’ll deploy a simple whoami service:
docker-compose -f .\whoami-compose.yml up -d
traefik.http.routers.whoami.entrypoints: Creates a router called
whoami listening on the
traefik.http.routers.whoami.tls: Forces the
whoami router to use TLS.
traefik.http.routers.whoami.rule: Applies a host rule specifying that the service will respond to
traefik.http.services.whoami-service.loadbalancer.server.port: Sends traffic to the container on port
To test it you’ll probably need to create a host file entry for your URL, following the example you’d need:
When you browse to your URL, you should notice that it’s using SSL and you should also see your router/service on the Traefik dashboard.