How to get started with Traefik and Docker Compose?

There’s not much else I can write about that you probably don’t already know about Docker. You either love or hate it.

One thing to note, it sure is popular with the /r/selfhosted folks for its ease of use.

This tutorial is written for Debian and should work for Ubuntu as well.

  1. Update your existing list of packages:

    sudo apt update
    
  2. Add the GPG key for the official Docker repository to your system:

    curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
    
  3. Add the Docker repository to APT sources:

    sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
    
  4. Update the package database with the Docker packages from the newly added repo:

    sudo apt update
    
  5. Install Docker:

    sudo apt install docker-ce
    sudo systemctl status docker
    
  6. Add your user to the docker group. Log out and back in to apply the changes:

    sudo usermod -aG docker ${USER}
    
  7. Check the latest Docker Compose version here and run the following command accordingly:

    sudo curl -L https://github.com/docker/compose/releases/download/X.X.X/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
    sudo chmod +x /usr/local/bin/docker-compose
    
  8. Verify the installation was successful:

    docker-compose --version
    
  9. Create new folder to organise your Traefik/Docker Compose files:

    sudo mkdir /shared
    sudo mkdir /shared/traefik
    sudo touch /shared/traefik/acme.json
    sudo chmod 600 /shared/traefik/acme.json
    
  10. Generate a password and copy it:

    sudo htpasswd -c /etc/nginx/.htpasswd ${USER}
    cat /etc/nginx/.htpasswd
    
  11. Create the Traefik config:

    sudo nano /shared/traefik/traefik.toml
    

    traefik.toml:

    defaultEntryPoints = ["http", "https"]
    [entryPoints]
      [entryPoints.dashboard]
        address = ":8080"
        [entryPoints.dashboard.auth]
          [entryPoints.dashboard.auth.basic]
            users = ["<USER:HTPASS>"]
      [entryPoints.http]
        address = ":80"
          [entryPoints.http.redirect]
            entryPoint = "https"
      [entryPoints.https]
        address = ":443"
          [entryPoints.https.tls]
    
    [api]
    entrypoint="dashboard"
    
    [acme]
    email = "hello@example.com"
    storage = "acme.json"
    entryPoint = "https"
    onHostRule = true
      [acme.httpChallenge]
      entryPoint = "http"
    
    [docker]
    domain = "example.com"
    watch = true
    network = "web"
    

    Replace USER:HTPASS with the output from the previous step.

  12. Point your subdomain (i.e. proxy) A record to your server’s public IP address. I’m using Cloudflare to manage my domain’s DNS.

  13. Create the docker network:

    sudo docker network create web
    
  14. Create the Traefik container:

    sudo docker run -d -v /var/run/docker.sock:/var/run/docker.sock -v /shared/traefik/traefik.toml:/traefik.toml -v /shared/traefik/acme.json:/acme.json -p 80:80 -p 443:443 -l traefik.frontend.rule=Host:proxy.example.com -l traefik.port=8080 --network web --name traefik traefik:1.7.2-alpine{Enter}
    
  15. Navigate to proxy.example.com and login using the credentials generated before.

  16. Include the following labels for your docker-compose.yml:

    traefik.backend=<NAME>
    traefik.frontend.rule=Host:<NAME>.<DOMAIN>
    traefik.docker.network=web
    traefik.port=80
    
  17. That’s it!

09 December 2019

index