Traefik 2.0 + Docker — an Advanced Guide

Containeroo
Sep 24 · 2 min read

Introduction

This tutorial is the second part of this article. We will go trough the following configurations:

  1. Add a file provider* to traefik.yml
  2. Create a config file for a central configuration for storing middlewares config.yml.
  3. Configure a middleware chain

*file provider is another place where you can store your configuration

You will find all the required configuration files in our Git repository.

EDIT: Unfortunately there is currently an issue with embedded Gists on the Medium Desktop site (mobile works fine). You can find all our Gists here.

Prerequisites

In order to follow along, you’ll need to read this post!

Update Traefik configuration

To setup a reusable middleware add an additional provider in the Traefik configuration file traefik.yml (Lines 15 and 16).

/opt/containers/traefik/traefik.yml

Create a file for the central configuration:

touch /opt/containers/traefik/data/config.yml

Add a middleware to redirect http to https:

/opt/containers/traefik/data/config.yml

Mount the new config.yml file in the docker-compose file for Traefik (line 20):

/opt/containers/traefik/docker-compose.yml

Recreate Traefik container:

docker-compose up -d

Attention, Attention:

The redirection in the file provider does not work in the docker-compose for Traefik!

Use the new Middleware

As a template we use the docker-compose of Portainer from the previous article. Replace the lines 19 and 20 with following line:

- "traefik.http.routers.traefik.middlewares=https-redirect@file"

The Portainer docker-compose now looks like this:

/opt/containers/portainer/docker-compose.yml

The @fileinstructs Traefik to look inside config.yml for the corresponding middleware.

So every time you want to redirect http to https, you can add the middleware https-redirect. You can add multiple middlewares separated with a comma.

Middleware-Chain

The Chain middleware enables you to define reusable combinations of other pieces of middleware. It makes reusing the same groups easier.

The Description above was stolen from here.

So let’s do this! Add some middelwares in the config.yml:

/opt/containers/traefik/data/config.yml
  • The default-header middleware sets some basic security headers.
  • The default-whitelistmiddleware allows only internal IP addresses.

Then we add a middleware chain with the previously created middlewares:

/opt/containers/traefik/data/config.yml

The complete config.yml now looks like this:

/opt/containers/traefik/data/config.yml

To use the chain we can add it as any other middleware:

- "traefik.http.routers.portainer-secure.middlewares=secured@file"

With the central middlewares and the middleware chain it’s easy to setup multiple containers with the same configuration.

You can also add additional lables for the same settings. Here an example for Nextcloud:

- "traefik.http.middlewares.nc-header.headers.customFrameOptionsValue=SAMEORIGIN"
- "traefik.http.routers.nextcloud-secure.middlewares=secured@file,nc-header"

gi8lino from Containeroo

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade