Use Your Own Certificates with Traefik

Clint Colding
Nov 6 · 2 min read

Using Traefik to add a secure connection to your containers is common use, they have fantastic documentation around using the ACME protocol and it’s easy to setup. What I had a harder time figuring out was using certificates that I had already generated.

What I’m Using

Setting up Traefik

First things first, you’ll need your certificate (.crt) and private key (.key). For this example I’m storing them in C:\certs\ on my local machine and will mount them at /etc/certs/ inside Traefik.

Next we need to create a dynamic configuration file that tells Traefik where our certs are located within the container.

Next lets take a look at the compose file for Traefik:

The official Traefik documentation does a great job of explaining most of these arguments but I want to point out providers.file.directory. This tells Traefik that we’re using a File Provider as a dynamic configuration method and the directory our configurations are located. This is different than the directory used for static configurations.

We can now deploy our Traefik service:

docker-compose -f .\traefik-compose.yml up -d

And you should be able to browse to the Traefik dashboard at http://localhost:8080/dashboard/.

Deploying Containers Behind Traefik

You can now deploy services behind Traefik, in this example we’ll deploy a simple whoami service:

docker-compose -f .\whoami-compose.yml up -d

traefik.http.routers.whoami.entrypoints: Creates a router called whoami listening on the websecure entrypoint.

traefik.http.routers.whoami.tls: Forces the whoami router to use TLS.

traefik.http.routers.whoami.rule: Applies a host rule specifying that the service will respond to whoami.mydomain.com.

traefik.http.services.whoami-service.loadbalancer.server.port: Sends traffic to the container on port 8080.

Test It!

To test it you’ll probably need to create a host file entry for your URL, following the example you’d need:

127.0.0.1 whoami.mydomain.com

When you browse to your URL, you should notice that it’s using SSL and you should also see your router/service on the Traefik dashboard.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade