{"id":17160828,"url":"https://github.com/korridor/reverse-proxy-docker-traefik","last_synced_at":"2025-04-13T13:21:52.908Z","repository":{"id":98922637,"uuid":"248612477","full_name":"korridor/reverse-proxy-docker-traefik","owner":"korridor","description":"Easy setup for a reverse proxy with Traefik, Docker Compose and Let's Encrypt","archived":false,"fork":false,"pushed_at":"2025-02-03T19:08:07.000Z","size":26,"stargazers_count":44,"open_issues_count":0,"forks_count":10,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-27T04:22:40.016Z","etag":null,"topics":["docker","docker-compose","letsencrypt","reverse-proxy","setup-development-environment","traefik","traefik-dashboard"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/korridor.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"license.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-19T21:54:14.000Z","updated_at":"2025-03-24T06:40:13.000Z","dependencies_parsed_at":"2025-02-03T19:35:17.691Z","dependency_job_id":"7151ebce-292f-446a-818b-b6b0e622e58c","html_url":"https://github.com/korridor/reverse-proxy-docker-traefik","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/korridor%2Freverse-proxy-docker-traefik","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/korridor%2Freverse-proxy-docker-traefik/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/korridor%2Freverse-proxy-docker-traefik/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/korridor%2Freverse-proxy-docker-traefik/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/korridor","download_url":"https://codeload.github.com/korridor/reverse-proxy-docker-traefik/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248718105,"owners_count":21150508,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-compose","letsencrypt","reverse-proxy","setup-development-environment","traefik","traefik-dashboard"],"created_at":"2024-10-14T22:26:10.343Z","updated_at":"2025-04-13T13:21:52.877Z","avatar_url":"https://github.com/korridor.png","language":null,"readme":"# Traefik Setup with Docker Compose\n\nThis is a reusable Traefik config for usage on a virtual server or for local development using Docker Compose.   \nIt uses:\n - [Traefik 3](https://traefik.io/traefik/)\n - [Docker](https://www.docker.com/)\n - [Let's encrypt](https://letsencrypt.org/) (Optional)\n\n\u003e [!NOTE]\n\u003e Check out **solidtime - The modern Open Source Time-Tracker** at [solidtime.io](https://www.solidtime.io)\n\n## Table of content\n\n * [Production setup](#production-setup)\n    + [Setting up traefik](#setting-up-traefik)\n    + [Traefik dashboard](#traefik-dashboard)\n    + [Connect docker compose service to reverse-proxy](#connect-docker-compose-service-to-reverse-proxy)\n    + [SSL configuration](#ssl-configuration)\n    + [Global middlewares](#global-middlewares)\n    + [Access Logs](#access-logs)\n * [Setup for local development](#setup-for-local-development)\n    + [Setting up traefik](#setting-up-traefik-1)\n    + [Traefik dashboard](#traefik-dashboard-1)\n    + [Connect docker compose service to reverse-proxy](#connect-docker-compose-service-to-reverse-proxy-1)\n    + [Enable SSL locally](#enable-ssl-locally)\n    + [Enable SSL in the docker compose file](#enable-ssl-in-the-docker-compose-file)\n * [FAQ](#faq)\n * [Credits](#credits)\n * [License](#license)\n\n## Production setup\n\n### Setting up traefik\n\n1. Clone repository\n   ```bash\n   git clone https://github.com/korridor/reverse-proxy-docker-traefik.git\n   cd reverse-proxy-docker-traefik\n   ```\n2. Copy default config  \n   ```bash\n   cp docker-compose.prod.yml docker-compose.yml\n   cp -r configs-prod configs\n   echo \"{}\" \u003e certificates/acme.json\n   chmod 600 certificates/acme.json\n   ```\n3. Replace domain for dashboard (`reverse-proxy.somedomain.com` in `configs/dynamic/dashboard.yml`)\n   ```yaml\n   http:\n     routers:\n       traefik:\n         rule: Host(`reverse-proxy.somedomain.com`)\n         # ...\n       traefik-http-redirect:\n         rule: Host(`reverse-proxy.somedomain.com`)\n         # ...\n   ```\n4. Replace password for admin account (in `configs/dynamic/dashboard.yml`) \n    ```yaml\n   http:\n     # ...\n     middlewares:\n       dashboardauth:\n         basicAuth:\n           users:\n             - \"user1:$2y$05$/x10KYbrHtswyR8POT.ny.H4fFd1n.0.IEiYiestWzE1QFkYIEI3m\"\n    ```  \n     - You can use a website like [this](https://hostingcanada.org/htpasswd-generator/) to generate the hash (use Bcrypt).\n     - Or generate it with: `echo $(htpasswd -nB user1)`\n5. Replace email for Let's encrypt (`mail@somedomain.com` in `configs/traefik.yml`)\n    ```yaml\n    certificatesResolvers:\n      letsencrypt:\n        acme:\n          # ...\n          email: mail@somedomain.com\n    ```\n6. Start container\n   ```bash\n   docker compose up -d\n   ```\n7. Check that Traefik is running smoothly\n   ```bash\n   docker compose logs\n   ```\n\n### Traefik dashboard\n\nThe Traefik dashboard is now available under:\n```\nhttps://reverse-proxy.somedomain.com\n```\nThe dashboard shows you the configured routers, services, middleware, etc.\n\n### Connect docker compose service to reverse-proxy\n\n```yaml\nversion: '3.8'\nnetworks:\n  frontend:\n    external: true\n    name: reverse-proxy-docker-traefik_routing\nservices:\n  someservice:\n    restart: always\n    # ...\n    labels:\n      - \"traefik.enable=true\"\n      - \"traefik.docker.network=reverse-proxy-docker-traefik_routing\"\n      # https\n      - \"traefik.http.routers.someservice.rule=Host(`someservice.com`)\"\n      - \"traefik.http.routers.someservice.tls=true\"\n      - \"traefik.http.routers.someservice.tls.certresolver=letsencrypt\"\n      - \"traefik.http.routers.someservice.entrypoints=websecure\"\n      # http (redirect to https)\n      - \"traefik.http.routers.someservice-http.rule=Host(`someservice.com`)\"\n      - \"traefik.http.routers.someservice-http.entrypoints=web\"\n      - \"traefik.http.routers.someservice-http.middlewares=redirect-to-https@file\"\n    networks:\n     - frontend\n     - ...\n```\n\n**Password protection for service with basic auth**\n\n```yaml\nservices:\n  someservice:\n    # ...\n    labels:\n      # ...\n      - \"traefik.http.routers.someservice.middlewares=someservice-auth\"\n      - \"traefik.http.middlewares.someservice-auth.basicauth.users=user1:$2y$05$/x10KYbrHtswyR8POT.ny.H4fFd1n.0.IEiYiestWzE1QFkYIEI3m\"\n```\n\nYou can generate the **escaped** hash with the following command: `echo $(htpasswd -nB user1) | sed -e s/\\\\$/\\\\$\\\\$/g`\nIf you use a website like [this](https://hostingcanada.org/htpasswd-generator/) to generate the hash remember to escape the dollar signs (`$` -\u003e `$$`) and use Bcrypt.\n\n**Specifying port if service exposes multiple ports**\n\nIf your service exposes multiple ports Traefik does not know which one it should use.\nWith this line you can select one:\n\n```yaml\nservices:\n  someservice:\n    # ...\n    labels:\n      # ...\n      - \"traefik.http.services.someservice.loadbalancer.server.port=8080\"\n```\n\n### SSL configuration\n\nPer default the SSL configuration is set so that [SSL Labs](https://www.ssllabs.com/) gives an `A` rating.\n\nIf you want an `A+` rating, you need to use HSTS (HTTP Strict Transport Security).\nThe setup includes a global middleware called `hsts-minimal@file` that can be used to activate HSTS in a simple setting.\nSee \"Global middlewares\" for more information.\n\n### Global middlewares\n\n**hsts-minimal@file**\n\nAdds the HSTS header to the HTTP response without `includeSubDomains` and `preload`.\nThe `max-age` is set to one year / 31536000 seconds.\n\n**hsts-standard@file**\n\nAdds the HSTS header to the HTTP response with `includeSubDomains` and no `preload`.\nThe `max-age` is set to one year / 31536000 seconds.\n\n**hsts-full@file**\n\nAdds the HSTS header to the HTTP response with `includeSubDomains` and `preload`.\nThe `max-age` is set to one year / 31536000 seconds.\n\n**redirect-to-https@file**\n\nAdds a permanent redirect to HTTPS.\n\n**redirect-non-www-to-www@file**\n\nAdds a permanent redirect (HTTP 301) from non-www domains to the HTTPS www domain\nExamples:\n- `https://example.test` -\u003e `https://www.example.test`\n- `http://example.test` -\u003e `https://www.example.test`\n\n**redirect-www-to-non-www@file**\n\nAdds a permanent redirect (HTTP 301) from www domains to the HTTPS non-www domain\nExamples:\n- `https://www.example.test` -\u003e `https://example.test`\n- `http://www.example.test` -\u003e `https://example.test`\n\n### Access Logs\n\nTo enable the Traefik access logs in the production configuration, open the file `traefik.yml` within the config folder and uncomment the `accessLog` section.\n\n```yml\n# Access logs\naccessLog: {}\n```\n\n## Setup for local development\n\n### Setting up Traefik\n\n1. Clone repository\n   ```bash\n   git clone https://github.com/korridor/reverse-proxy-docker-traefik.git\n   cd reverse-proxy-docker-traefik\n   ```\n2. Copy default config  \n   ```bash\n   ln -s docker-compose.local.yml docker-compose.yml\n   ln -s configs-local configs\n   ```\n   \n   If you want to change the configuration copy the configuration instead of creating a symlink.\n   \n   ```bash\n   cp docker-compose.local.yml docker-compose.yml\n   cp -r configs-local configs\n   ```\n3. If you want you can change the domain of the traefik dashboard (`reverse-proxy.test` in `configs/dynamic/dashboard.yml`)\n   ```yaml\n   http:\n     routers:\n       traefik:\n         rule: Host(`reverse-proxy.test`)\n         # ...\n   ```\n4. Start container\n   ```bash\n   docker compose up -d\n   ```\n5. Check that traefik is running smoothly\n   ```bash\n   docker compose logs\n   ```\n\n### Traefik dashboard\n\nThe Traefik dashboard is now available under:\n```\nhttp://reverse-proxy.test\n```\nThe dashboard shows you the configured routers, services, middlewares, etc.\n\n### Connect docker compose service to reverse-proxy\n\n```yaml\nversion: '3.8'\nnetworks:\n  frontend:\n    external: true\n    name: reverse-proxy-docker-traefik_routing\nservices:\n  someservice:\n    restart: always\n    # ...\n    labels:\n      - \"traefik.enable=true\"\n      - \"traefik.docker.network=reverse-proxy-docker-traefik_routing\"\n      # http\n      - \"traefik.http.routers.someservice.rule=Host(`someservice.test`)\"\n      - \"traefik.http.routers.someservice.entrypoints=web\"\n    networks:\n     - frontend\n     - ...\n```\n\n**Enabling service to send requests to itself (with someservice.test)**\n\n```yaml\nservices:\n  someservice:\n    # ...\n    extra_hosts:\n      - \"someservice.test:10.100.100.10\"\n```\n\n**Specifying port if service exposes multiple ports**\n\nIf your service exposes multiple ports Traefik does not know which one it should use.\nWith this config line you can select one:\n\n```yaml\nservices:\n  someservice:\n    # ...\n    labels:\n      # ...\n      - \"traefik.http.services.someservice.loadbalancer.server.port=8080\"\n```\n\n### Enable SSL locally\n\n1. Install [mkcert](https://github.com/FiloSottile/mkcert)\n\nFor example on macOS:\n\n```bash\nbrew install mkcert\nbrew install nss # if you use Firefox\n```\n\nNow install the local CA:\n\n```bash\nmkcert -install\n```\n\n3. Generate certificate\n\nReplace `someservice` with the domains that you are using for local development.\n\n```bash\ncd certificates\nmkcert -key-file local.key.pem -cert-file local.cert.pem \"*.local\" \"*.test\" \"*.someservice.test\" \"*.someservice.local\"\n```\n\n### Enable SSL in the docker compose file\n\n```yaml\nversion: '3.8'\nnetworks:\n  frontend:\n    external: true\n    name: reverse-proxy-docker-traefik_routing\nservices:\n  someservice:\n    restart: always\n    # ...\n    labels:\n      - ...\n      # http\n      - ...\n      # https\n      - \"traefik.http.routers.someservice-https.rule=Host(`someservice.test`)\"\n      - \"traefik.http.routers.someservice-https.entrypoints=websecure\"\n      - \"traefik.http.routers.someservice-https.tls=true\"\n    networks:\n     - frontend\n     - ...\n```\n\n## FAQ\n\n**I have a IPv6-only server, what do I need to change?**\n\nGitHub currently does not support cloning a repository over IPv6. You can clone from my Codeberg mirror instead:\n\n```bash\ngit clone https://codeberg.org/korridor/reverse-proxy-docker-traefik.git\n```\n\n## Credits\n\nI used the following resources to create this setup:\n\n - [Traefik docs](https://docs.traefik.io)\n - [Traefik v2 and Mastodon, a wonderful couple! by Nicolas Inden](https://www.innoq.com/en/blog/traefik-v2-and-mastodon/)\n - [GitHub repo traefik-example by jamct](https://github.com/jamct/traefik-example)\n\n## License\n\nThis configuration is licensed under the MIT License (MIT). Please see [license file](license.md) for more information.\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkorridor%2Freverse-proxy-docker-traefik","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkorridor%2Freverse-proxy-docker-traefik","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkorridor%2Freverse-proxy-docker-traefik/lists"}