Last active
May 17, 2020 15:33
-
-
Save ericlowry/1eb14437c174e3071a8e6a045425d8d3 to your computer and use it in GitHub Desktop.
simple traefik example with proxy server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# mkdir ./proxy/certs/swat | |
# cd ./proxy/certs/swat | |
# mkcert -cert-file=./cert.pem -key-file=./key.pem swat.localhost "*.swat.localhost" | |
# | |
[[tls.certificates]] | |
certFile = "/opt/proxy/certs/swat/cert.pem" | |
keyFile = "/opt/proxy/certs/swat/key.pem" | |
stores = ["default"] | |
# | |
# More domains can be added ... | |
# | |
#[[tls.certificates]] | |
# certFile = "/opt/proxy/certs/domain2/cert.pem" | |
# keyFile = "/opt/proxy/certs/domain2/key.pem" | |
# | |
#[[tls.certificates]] | |
# certFile = "/opt/proxy/certs/domain3/cert.pem" | |
# keyFile = "/opt/proxy/certs/domain3/key.pem" | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# docker-compose.yml | |
# | |
# description: Simple Web Application Template | |
# | |
version: '3.7' | |
services: | |
proxy: | |
image: traefik:v2.2.1 # (latest as of 2020-05-16) | |
ports: | |
- 80:80 | |
- 443:443 | |
command: | |
- --api.insecure=false | |
- --log.level=WARN # DEBUG, INFO, WARN, ERROR, FATAL, PANIC | |
- --entrypoints.http.address=:80 | |
- --entrypoints.https.address=:443 | |
- --providers.docker | |
- --providers.docker.exposedbydefault=false | |
- --providers.file.filename=/opt/proxy/proxy.toml | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock | |
- ./proxy:/opt/proxy | |
labels: | |
- traefik.enable=true | |
# redirect middleware for http to https | |
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https | |
- traefik.http.services.https-redirect.loadbalancer.server.port=9999 | |
# redirect http://proxy.localhost to https://proxy.localhost | |
- traefik.http.routers.proxy-redirect.entrypoints=http | |
- traefik.http.routers.proxy-redirect.rule=Host(`proxy.localhost`) | |
- traefik.http.routers.proxy-redirect.service=https-redirect | |
- traefik.http.routers.proxy-redirect.middlewares=https-redirect | |
# external route to https://proxy.localhost | |
- traefik.http.routers.proxy-https.entrypoints=https | |
- traefik.http.routers.proxy-https.rule=Host(`proxy.localhost`) | |
- traefik.http.routers.proxy-https.tls=true | |
- traefik.http.routers.proxy-https.service=api@internal | |
db: | |
build: ./db | |
depends_on: | |
- proxy | |
volumes: | |
- ./db/cluster-setup:/bin/cluster-setup | |
- db-data:/opt/couchdb/data | |
environment: | |
- COUCHDB_HOST=http://db:5984 | |
- COUCHDB_USER=${COUCHDB_ADMIN_USER} | |
- COUCHDB_PASSWORD=${COUCHDB_ADMIN_PASSWORD} | |
labels: | |
- traefik.enable=true | |
- traefik.http.services.db-service.loadbalancer.server.port=5984 | |
# redirect http://db.swat.localhost to https://db.swat.localhost | |
- traefik.http.routers.db-redirect.entrypoints=http | |
- traefik.http.routers.db-redirect.rule=Host(`db.swat.localhost`) | |
- traefik.http.routers.db-redirect.service=https-redirect | |
- traefik.http.routers.db-redirect.middlewares=https-redirect | |
# route to https://db.swat.localhost | |
- traefik.http.routers.db-https.entrypoints=https | |
- traefik.http.routers.db-https.rule=Host(`db.swat.localhost`) | |
- traefik.http.routers.db-https.tls=true | |
- traefik.http.routers.db-https.service=db-service | |
api: | |
build: ./api | |
depends_on: | |
- proxy | |
- db | |
volumes: | |
- ./api:/opt/api | |
#- ./.git:/opt/.git # needed for `dc exec api test-watch` | |
- ./scripts/yarn-check:/usr/local/bin/yarn-check | |
environment: | |
- NODE_ENV=development | |
- PORT=3000 | |
- DEBUG=api:* | |
- COUCHDB_HOST=http://db:5984 | |
- COUCHDB_ADMIN_USER=${COUCHDB_ADMIN_USER} | |
- COUCHDB_ADMIN_PASSWORD=${COUCHDB_ADMIN_PASSWORD} | |
- COUCHDB_META_DB=${COUCHDB_META_DB} | |
- COOKIE_DOMAIN=swat.localhost | |
tty: true | |
command: sh -c 'yarn-check && nodemon --quiet www' | |
labels: | |
- traefik.enable=true | |
- traefik.http.services.api-service.loadbalancer.server.port=3000 | |
# redirect http://api.swat.localhost to https://api.swat.localhost | |
- traefik.http.routers.api-redirect.entrypoints=http | |
- traefik.http.routers.api-redirect.rule=Host(`api.swat.localhost`) | |
- traefik.http.routers.api-redirect.service=https-redirect | |
- traefik.http.routers.api-redirect.middlewares=https-redirect | |
# external route to https://api.swat.localhost | |
- traefik.http.routers.api-https.entrypoints=https | |
- traefik.http.routers.api-https.rule=Host(`api.swat.localhost`) | |
- traefik.http.routers.api-https.tls=true | |
- traefik.http.routers.api-https.service=api-service | |
client: | |
build: ./client | |
depends_on: | |
- proxy | |
environment: | |
- REACT_APP_API_URI=https://api.swat.localhost/api | |
- REACT_APP_COUCHDB_HOST=https://db.swat.localhost | |
- REACT_APP_COUCHDB_META_DB=${COUCHDB_META_DB} | |
- REACT_APP_RESERVED_USER_NAMES=${COUCHDB_ADMIN_USER} | |
volumes: | |
- ./client:/opt/client | |
- ./scripts/yarn-check:/usr/local/bin/yarn-check | |
command: sh -c 'yarn-check && yarn start' | |
tty: false | |
labels: | |
- traefik.enable=true | |
- traefik.http.services.client-service.loadbalancer.server.port=3000 | |
# routing for https://swat.localhost | |
- traefik.http.routers.client-https.entrypoints=https | |
- traefik.http.routers.client-https.rule=Host(`swat.localhost`) | |
- traefik.http.routers.client-https.tls=true | |
- traefik.http.routers.client-https.service=client-service | |
# routing for http://swat.localhost | |
# (this route is needed for hot-loading to work) | |
- traefik.http.routers.client-http.entrypoints=http | |
- traefik.http.routers.client-http.rule=Host(`swat.localhost`) | |
- traefik.http.routers.client-http.service=client-service | |
volumes: | |
db-data: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment