Skip to content

Instantly share code, notes, and snippets.

@ericlowry

ericlowry/proxy.toml

Last active May 17, 2020 15:33
Show Gist options
  • Save ericlowry/1eb14437c174e3071a8e6a045425d8d3 to your computer and use it in GitHub Desktop.
Save ericlowry/1eb14437c174e3071a8e6a045425d8d3 to your computer and use it in GitHub Desktop.
Download ZIP
simple traefik example with proxy server
Raw
proxy.toml
#
# mkdir ./proxy/certs/swat
# cd ./proxy/certs/swat
# mkcert -cert-file=./cert.pem -key-file=./key.pem swat.localhost "*.swat.localhost"
#
[[tls.certificates]]
certFile = "/opt/proxy/certs/swat/cert.pem"
keyFile = "/opt/proxy/certs/swat/key.pem"
stores = ["default"]
#
# More domains can be added ...
#
#[[tls.certificates]]
# certFile = "/opt/proxy/certs/domain2/cert.pem"
# keyFile = "/opt/proxy/certs/domain2/key.pem"
#
#[[tls.certificates]]
# certFile = "/opt/proxy/certs/domain3/cert.pem"
# keyFile = "/opt/proxy/certs/domain3/key.pem"
#
Raw
traefik-docker-compose.yml
#
# docker-compose.yml
#
# description: Simple Web Application Template
#
version: '3.7'
services:
proxy:
image: traefik:v2.2.1 # (latest as of 2020-05-16)
ports:
- 80:80
- 443:443
command:
- --api.insecure=false
- --log.level=WARN # DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --providers.docker
- --providers.docker.exposedbydefault=false
- --providers.file.filename=/opt/proxy/proxy.toml
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./proxy:/opt/proxy
labels:
- traefik.enable=true
# redirect middleware for http to https
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.services.https-redirect.loadbalancer.server.port=9999
# redirect http://proxy.localhost to https://proxy.localhost
- traefik.http.routers.proxy-redirect.entrypoints=http
- traefik.http.routers.proxy-redirect.rule=Host(`proxy.localhost`)
- traefik.http.routers.proxy-redirect.service=https-redirect
- traefik.http.routers.proxy-redirect.middlewares=https-redirect
# external route to https://proxy.localhost
- traefik.http.routers.proxy-https.entrypoints=https
- traefik.http.routers.proxy-https.rule=Host(`proxy.localhost`)
- traefik.http.routers.proxy-https.tls=true
- traefik.http.routers.proxy-https.service=api@internal
db:
build: ./db
depends_on:
- proxy
volumes:
- ./db/cluster-setup:/bin/cluster-setup
- db-data:/opt/couchdb/data
environment:
- COUCHDB_HOST=http://db:5984
- COUCHDB_USER=${COUCHDB_ADMIN_USER}
- COUCHDB_PASSWORD=${COUCHDB_ADMIN_PASSWORD}
labels:
- traefik.enable=true
- traefik.http.services.db-service.loadbalancer.server.port=5984
# redirect http://db.swat.localhost to https://db.swat.localhost
- traefik.http.routers.db-redirect.entrypoints=http
- traefik.http.routers.db-redirect.rule=Host(`db.swat.localhost`)
- traefik.http.routers.db-redirect.service=https-redirect
- traefik.http.routers.db-redirect.middlewares=https-redirect
# route to https://db.swat.localhost
- traefik.http.routers.db-https.entrypoints=https
- traefik.http.routers.db-https.rule=Host(`db.swat.localhost`)
- traefik.http.routers.db-https.tls=true
- traefik.http.routers.db-https.service=db-service
api:
build: ./api
depends_on:
- proxy
- db
volumes:
- ./api:/opt/api
#- ./.git:/opt/.git # needed for `dc exec api test-watch`
- ./scripts/yarn-check:/usr/local/bin/yarn-check
environment:
- NODE_ENV=development
- PORT=3000
- DEBUG=api:*
- COUCHDB_HOST=http://db:5984
- COUCHDB_ADMIN_USER=${COUCHDB_ADMIN_USER}
- COUCHDB_ADMIN_PASSWORD=${COUCHDB_ADMIN_PASSWORD}
- COUCHDB_META_DB=${COUCHDB_META_DB}
- COOKIE_DOMAIN=swat.localhost
tty: true
command: sh -c 'yarn-check && nodemon --quiet www'
labels:
- traefik.enable=true
- traefik.http.services.api-service.loadbalancer.server.port=3000
# redirect http://api.swat.localhost to https://api.swat.localhost
- traefik.http.routers.api-redirect.entrypoints=http
- traefik.http.routers.api-redirect.rule=Host(`api.swat.localhost`)
- traefik.http.routers.api-redirect.service=https-redirect
- traefik.http.routers.api-redirect.middlewares=https-redirect
# external route to https://api.swat.localhost
- traefik.http.routers.api-https.entrypoints=https
- traefik.http.routers.api-https.rule=Host(`api.swat.localhost`)
- traefik.http.routers.api-https.tls=true
- traefik.http.routers.api-https.service=api-service
client:
build: ./client
depends_on:
- proxy
environment:
- REACT_APP_API_URI=https://api.swat.localhost/api
- REACT_APP_COUCHDB_HOST=https://db.swat.localhost
- REACT_APP_COUCHDB_META_DB=${COUCHDB_META_DB}
- REACT_APP_RESERVED_USER_NAMES=${COUCHDB_ADMIN_USER}
volumes:
- ./client:/opt/client
- ./scripts/yarn-check:/usr/local/bin/yarn-check
command: sh -c 'yarn-check && yarn start'
tty: false
labels:
- traefik.enable=true
- traefik.http.services.client-service.loadbalancer.server.port=3000
# routing for https://swat.localhost
- traefik.http.routers.client-https.entrypoints=https
- traefik.http.routers.client-https.rule=Host(`swat.localhost`)
- traefik.http.routers.client-https.tls=true
- traefik.http.routers.client-https.service=client-service
# routing for http://swat.localhost
# (this route is needed for hot-loading to work)
- traefik.http.routers.client-http.entrypoints=http
- traefik.http.routers.client-http.rule=Host(`swat.localhost`)
- traefik.http.routers.client-http.service=client-service
volumes:
db-data:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment