{"id":18663083,"url":"https://github.com/asapdotid/dcc-traefik-cf-https","last_synced_at":"2025-08-24T08:13:35.338Z","repository":{"id":113710951,"uuid":"589505892","full_name":"asapdotid/dcc-traefik-cf-https","owner":"asapdotid","description":"Docker Compose Traefik HTTPS Proxy ( Cloudflare - SSL Let’s Encrypt) and ready for production","archived":false,"fork":false,"pushed_at":"2024-11-01T09:56:06.000Z","size":589,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-11-01T10:26:10.769Z","etag":null,"topics":["cloudflare","docker","docker-compose","https","letsencrypt","proxy","proxy-server","ssl","traefik","traefik-docker","traefik-v2"],"latest_commit_sha":null,"homepage":"","language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/asapdotid.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-16T09:29:09.000Z","updated_at":"2024-11-01T09:54:24.000Z","dependencies_parsed_at":null,"dependency_job_id":"df59c789-bca0-4953-8da1-7394ed34f4fb","html_url":"https://github.com/asapdotid/dcc-traefik-cf-https","commit_stats":null,"previous_names":["asapdotid/dcc-traefik-https"],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asapdotid%2Fdcc-traefik-cf-https","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asapdotid%2Fdcc-traefik-cf-https/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asapdotid%2Fdcc-traefik-cf-https/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asapdotid%2Fdcc-traefik-cf-https/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/asapdotid","download_url":"https://codeload.github.com/asapdotid/dcc-traefik-cf-https/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223479556,"owners_count":17151931,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudflare","docker","docker-compose","https","letsencrypt","proxy","proxy-server","ssl","traefik","traefik-docker","traefik-v2"],"created_at":"2024-11-07T08:14:58.747Z","updated_at":"2025-04-11T21:32:04.788Z","avatar_url":"https://github.com/asapdotid.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n    \u003cimg src=\"docs/assets/img/traefik-ssl.png\" width=\"600\" /\u003e\n\u003c/p\u003e\n\n# Docker Compose Traefik - Proxy Container Service (Cloudflare)\n\nThis guide shows you how to deploy your containers behind Traefik reverse-proxy. It will obtain and refresh `HTTPS` certificates automatically and it comes with password-protected Traefik dashboard.\n\n## Docker container\n\n### Main container\n\n-   Docker Socket Proxy 1.26.2/latest\n-   Traefik 2.11.x, 3.1.x, 3.2.x \u0026 3.3.x\n-   Logger Alpine Linux 3.20 or 3.21\n\n### Docker container:\n\n-   Docker Socket Proxy (security) - `Linuxserver.io` [Document](https://hub.docker.com/r/linuxserver/socket-proxy)\n-   Traefik [Document](https://hub.docker.com/_/traefik)\n-   Logger (logrotate \u0026 cron) `Custom of Alpine`\n-   Portainer (Optional) [Document](https://www.portainer.io/)\n\n### Optional (development)\n\n-   Whoami (prints OS information - local development) [Document](https://github.com/traefik/whoami)\n-   Portainer (Optional) [Document](https://www.portainer.io/)\n\n### Step 1: Make Sure You Have Required Dependencies\n\n-   Git\n-   Docker\n-   Docker Compose\n\n#### Example Installation on Debian-based Systems:\n\nOfficial documentation for install Docker with new Docker Compose V2 [doc](https://docs.docker.com/engine/install/), and you can install too Docker Compose V1. Follow official documentation.\n\n```bash\nsudo apt-get install git docker-ce docker-ce-cli containerd.io docker-compose-plugin\n```\n\n### Step 2: Clone the Repository\n\n```bash\ngit clone https://github.com/asapdotid/dcc-traefik-cf-https.git\ncd dcc-traefik-cf-https\n```\n\nMake command help:\n\n```bash\nmake help\n```\n\n### Step 3: Make Initial Environment Variables\n\n```bash\nmake init\n```\n\nModified file in `.make/.env` for build image\n\n```ini\n...\n# Project variables\nDOCKER_REGISTRY=docker.io\nDOCKER_NAMESPACE=asapdotid\nDOCKER_PROJECT_NAME=cf-proxy\n\n# Docker image version\nDOCKER_SOCKET_VERSION=latest\nTRAEFIK_VERSION=3.2\nALPINE_VERSION=3.21\n\n# Timezone for os and log level\nTIMEZONE=Asia/Jakarta\n```\n\n### Step 3: Make Docker Compose Initial Environment Variables\n\n```bash\nmake env\n```\n\nModified file in `src/.env` for build image\n\nThe password is `adminpass` and you might want to change it before deploying to production.\n\n### Step 4: Set Your Own Password\n\nNote: when used in docker-compose.yml all dollar signs in the hash need to be doubled for escaping.\n\n\u003e Install `Apache Tools` package to using `htpasswd`\n\u003e To create a `user`:`password` pair, the following command can be used:\n\n```bash\necho $(htpasswd -nb user)\n\n# OR\n\necho $(htpasswd -nb user password)\n```\n\nRunning script:\n\n```bash\necho $(htpasswd -nb admin)\n\nNew password:\nRe-type new password:\n\nadmin:$apr1$W3jHMbEG$TCzyOICAWv/6kkraCHKYC0\n```\n\nor\n\n```bash\necho $(htpasswd -nb admin adminpass)\n\nadmin:$apr1$W3jHMbEG$TCzyOICAWv/6kkraCHKYC0\n```\n\nThe output has the following format: `username`:`password_hash`. The username doesn't have to be `admin`, feel free to change it (in the first line).\n\nEncode password hash with `base64`:\n\n```bash\necho '$apr1$W3jHMbEG$TCzyOICAWv/6kkraCHKYC0' | openssl enc -e -base64\nJGFwcjEkVzNqSE1iRUckVEN6eU9JQ0FXdi82a2tyYUNIS1lDMAo=\n```\n\nCheck decode:\n\n```bash\necho 'JGFwcjEkVzNqSE1iRUckVEN6eU9JQ0FXdi82a2tyYUNIS1lDMAo=' | openssl enc -d -base64\n```\n\nYou can paste the username into the `TRAEFIK_BASIC_AUTH_USERNAME` environment variable. The other part, `hashedPassword`, should be assigned to `TRAEFIK_BASIC_AUTH_PASSWORD_HASH`. Now you have your own `username`:`password` pair.\n\n### Step 5: Launch Your Deployment\n\nOptional create docker network `net-proxy` for external used with other docker containers:\n\n```bash\ndocker network create net-proxy\n```\n\n```bash\nmake env\n\nmake build\n```\n\nDocker composer make commands:\n\n```bash\nmake up\n# or\nmake down\n```\n\n### Step 6: Additional Docker Service\n\n-   Whoami\n-   Portainer\n\nCan remove or command.\n\n### Step 7: Test Your Deployment\n\n```bash\ncurl -I https://{domain_name}/\n```\n\nYou can also test it in the browser:\n\nhttps://{domain_name}/\n\nhttps://monitor.{domain_name}/\n\n# Deploying on a Public Server With Real Domain\n\nTraefik requires you to define \"Certificate Resolvers\" in the static configuration, which are responsible for retrieving certificates from an ACME server.\n\nThen, each \"router\" is configured to enable TLS, and is associated to a certificate resolver through the tls.certresolver configuration option.\n\nRead [Traefik Let's Encrypt](https://doc.traefik.io/traefik/https/acme/)\n\nHere is a list of supported providers, on this project:\n\n-   Cloudflare\n\nLet's say you have a domain `example.com` and it's DNS records point to your production server. Just repeat the local deployment steps, but don't forget to update `TRAEFIK_DOMAIN_NAME`, `TRAEFIK_ACME_DNS_CHALLENGE_PROVIDER_EMAIL` \u0026 `TRAEFIK_ACME_DNS_CHALLENGE_PROVIDER_TOKEN` environment variables. In case of `example.com`, your `src/.env` file should have the following lines:\n\n```ini\nTRAEFIK_DOMAIN_NAME=example.com\nTRAEFIK_ACME_DNS_CHALLENGE_PROVIDER_EMAIL=email@mail.com\nTRAEFIK_ACME_DNS_CHALLENGE_PROVIDER_TOKEN=coudflare-access-token-123ABC\n```\n\nSetting correct email is important because it allows Let’s Encrypt to contact you in case there are any present and future issues with your certificates.\n\n## Redirect `WWW` to `NON WWW` external services (other docker compose file)\n\nExample labels redirect www to npn www:\n\n```yaml\nlabels:\n    - traefik.enable=true\n    - traefil.docker.network=net-proxy\n    - traefik.http.routers.whoami.entrypoints=https\n    - traefik.http.routers.whoami.rule=Host(`jogjascript.com`)||Host(`www.jogjascript.com`)\n    # Add redirect middlewares for http and https\n    - traefik.http.routers.whoami.middlewares=redirect-http-www@file,redirect-https-www@file\n```\n\n### Example Docker Compose\n\n\u003e File: `src/compose/docker-compose.local.yml`\n\n#### Whoami\n\n```yaml\nwhoami:\n    image: traefik/whoami:latest\n    container_name: whoami\n    networks:\n        - net-internal\n    depends_on:\n        - traefik\n    labels:\n        - traefik.enable=true\n        - traefik.http.routers.whoami.entrypoints=https\n        - traefik.http.routers.whoami.rule=Host(`jogjascript.com`)||Host(`www.jogjascript.com`)\n        # Add redirect middlewares for http and https\n        - traefik.http.routers.whoami.middlewares=redirect-http-www@file,redirect-https-www@file\n```\n\n#### Portainer\n\n```yaml\nportainer:\n    image: portainer/portainer-ce:latest\n    restart: unless-stopped\n    security_opt:\n        - no-new-privileges:true\n    networks:\n        - net-internal\n    volumes:\n        - /etc/localtime:/etc/localtime:ro\n        - ../../.data/portainer:/data\n    labels:\n        - traefik.enable=true\n        - traefik.http.routers.portainer.entrypoints=https\n        - traefik.http.routers.portainer.rule=Host(`portainer.${TRAEFIK_DOMAIN_NAME}`)\n        - traefik.http.services.portainer.loadbalancer.server.port=9000\n    depends_on:\n        - dockersocket\n        - traefik\n```\n\n## External Docker Compose Service Integrate with Traefik (`Labels`)\n\nSample:\n\n```yaml\n---\nlabels:\n    - traefik.enable=true\n    - traefil.docker.network=net-proxy\n    - traefik.http.routers.portainer.entrypoints=https\n    - traefik.http.routers.portainer.rule=Host(`app.${TRAEFIK_DOMAIN_NAME}`)\n```\n\nPath prefix with loadbalancer:\n\n```yaml\n---\nlabels:\n    - traefik.enable=true\n    - traefik.docker.network=net-proxy\n    - traefik.http.routers.backend-v1.entrypoints=https\n    - traefik.http.routers.backend-v1.rule=Host(`api.domain_name.com`) \u0026\u0026 PathPrefix(`/v1`)\n    - traefik.http.services.backend-v1.loadbalancer.server.port=3000\n    - traefik.http.routers.backend-v1.middlewares=api-strip\n    - traefik.http.middlewares.api-strip.stripprefix.prefixes=/v1\n```\n\nSample `nginx` service:\n\n```yaml\n---\nnginx:\n    image: nginx:stable\n    networks:\n        - net-proxy\n    labels:\n        - traefik.enable=true\n        - traefil.docker.network=net-proxy\n        - traefik.http.routers.portainer.entrypoints=https\n        - traefik.http.routers.portainer.rule=Host(`app.${TRAEFIK_DOMAIN_NAME}`)\n```\n\nAlso included is an option that allows only TLS v1.3. This option must be manually configured. There is an example below on how to do this with a docker label.\n\n```yaml\n---\nnginx:\n    image: nginx:stable\n    networks:\n        - net-proxy\n    labels:\n        - traefik.enable=true\n        - traefil.docker.network=net-proxy\n        # only TLS v1.3\n        - traefik.http.routers.project-app.tls.options=tlsv13only@file\n        - traefik.http.routers.portainer.entrypoints=https\n        - traefik.http.routers.portainer.rule=Host(`app.${TRAEFIK_DOMAIN_NAME}`)\n```\n\nRead instruction after container up [instruction](docs/portainer.md)\n\n## License\n\nMIT / BSD\n\n## Author Information\n\nThis Docker Compose Traefik HTTPS was created in 2022 by [Asapdotid](https://github.com/asapdotid) 🚀\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasapdotid%2Fdcc-traefik-cf-https","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fasapdotid%2Fdcc-traefik-cf-https","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasapdotid%2Fdcc-traefik-cf-https/lists"}