Use Your Own Certificates with Traefik

Clint Colding
Nov 6 · 2 min read

Using Traefik to add a secure connection to your containers is common use, they have fantastic documentation around using the ACME protocol and it’s easy to setup. What I had a harder time figuring out was using certificates that I had already generated.

What I’m Using

Setting up Traefik

First things first, you’ll need your certificate (.crt) and private key (.key). For this example I’m storing them in C:\certs\ on my local machine and will mount them at /etc/certs/ inside Traefik.

Next we need to create a dynamic configuration file that tells Traefik where our certs are located within the container.

Next lets take a look at the compose file for Traefik:

The official Traefik documentation does a great job of explaining most of these arguments but I want to point out This tells Traefik that we’re using a File Provider as a dynamic configuration method and the directory our configurations are located. This is different than the directory used for static configurations.

We can now deploy our Traefik service:

docker-compose -f .\traefik-compose.yml up -d

And you should be able to browse to the Traefik dashboard at http://localhost:8080/dashboard/.

Deploying Containers Behind Traefik

You can now deploy services behind Traefik, in this example we’ll deploy a simple whoami service:

docker-compose -f .\whoami-compose.yml up -d

traefik.http.routers.whoami.entrypoints: Creates a router called whoami listening on the websecure entrypoint.

traefik.http.routers.whoami.tls: Forces the whoami router to use TLS.

traefik.http.routers.whoami.rule: Applies a host rule specifying that the service will respond to Sends traffic to the container on port 8080.

Test It!

To test it you’ll probably need to create a host file entry for your URL, following the example you’d need:

When you browse to your URL, you should notice that it’s using SSL and you should also see your router/service on the Traefik dashboard.

