A local Traefik proxy that simplifies access to local Docker development instances.
- Local development
- HTTP/HTTPS support
- Self-signed certificates
Clone the project and change directory
git clone git clone https://github.com/bjoern-hempel/local-traefik-proxy.git && cd local-traefik-proxyMust be executed only once:
docker network create traefikdocker network ls | grep traefikdocker compose up -ddocker container ls- Open http://localhost:8080/dashboard/#/
- Respectively http://traefik.localhost/dashboard/#/ ;)
docker compose up -dcd demo/simple1 && docker compose up -ddocker compose downcd demo/simple2 && docker compose up -ddocker compose downThis is a minimal example with nginx within your docker compose setup.
Make changes to your .env file:
# Namespace to use for host name variables (hostname safe)
NAMESPACE_UNDERLINE=de_ixno_simple_1
# Namespace to use for host name variables (hostname safe) (development)
NAMESPACE_HOSTNAME_UNDERLINE=${NAMESPACE_UNDERLINE}_development
# The URL of this project
URL_LOCAL=simple1.localhost
# Traefik network name
NETWORK_NAME_TRAEFIK=traefikAdd labels to your docker-compose.yml settings. Tip: Use the file docker-compose.override.yml to work with it locally
only and disable the settings for productive work (docker-compose.prod.yml).
# Use docker compose version 3.8
version: '3.8'
# configure services
services:
# Serve the project 1.
application:
image: arm64v8/nginx:latest
...
labels:
# enable traefik
- "traefik.enable=true"
# middleware
- "traefik.http.middlewares.${NAMESPACE_HOSTNAME_UNDERLINE}_https.redirectscheme.scheme=https"
# simple 1 project (http)
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_http.entrypoints=web"
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_http.rule=Host(`${URL_LOCAL}`)"
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_http.middlewares=${NAMESPACE_HOSTNAME_UNDERLINE}_https"
# simple 1 project (https)
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_https.entrypoints=websecure"
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_https.rule=Host(`${URL_LOCAL}`)"
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_https.tls=true"
# network
- "traefik.docker.network=${NETWORK_NAME_TRAEFIK}"
networks:
- traefik
...
# configure networks
networks:
traefik: # ${NETWORK_NAME_TRAEFIK}
external: true
name: "${NETWORK_NAME_TRAEFIK}"This is a real life example.
Make changes to your .env file:
# Namespace to use for host name variables (hostname safe)
NAMESPACE_UNDERLINE=de_ixno_real
# Namespace to use for host name variables (hostname safe) (development)
NAMESPACE_HOSTNAME_UNDERLINE=${NAMESPACE_UNDERLINE}_development
# The local URL of this project
URL_LOCAL=real.localhost
# Traefik network name (local)
NETWORK_NAME_TRAEFIK_PUBLIC_LOCAL=traefik
# https port
PORT_HTTPS=443
# Expose api https port (To bypass the Traefik proxy or if it is not installed)
PORT_HTTPS_API_EXPOSE=44443Add labels to your docker-compose.yml settings. Tip: Use the file docker-compose.override.yml to work with it locally
only and disable the settings for productive work (docker-compose.prod.yml).
version: "3.8"
# Configures the services
services:
# Nginx to serve the app.
nginx:
...
labels:
# enable traefik
- "traefik.enable=true"
# middleware
- "traefik.http.middlewares.${NAMESPACE_HOSTNAME_UNDERLINE}_https.redirectscheme.scheme=https"
- "traefik.http.middlewares.${NAMESPACE_HOSTNAME_UNDERLINE}_frame.headers.customFrameOptionsValue=sameorigin"
# services (load balancer)
- "traefik.http.services.${NAMESPACE_HOSTNAME_UNDERLINE}_https_lb.loadbalancer.server.port=${PORT_HTTPS}"
- "traefik.http.services.${NAMESPACE_HOSTNAME_UNDERLINE}_https_lb.loadbalancer.server.scheme=https"
# http layer -> redirect https
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_http.entrypoints=web"
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_http.rule=Host(`www.${URL_LOCAL}`)"
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_http.middlewares=${NAMESPACE_HOSTNAME_UNDERLINE}_https"
# https layer
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_https.entrypoints=websecure"
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_https.rule=Host(`www.${URL_LOCAL}`)"
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_https.middlewares=${NAMESPACE_HOSTNAME_UNDERLINE}_frame"
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_https.service=${NAMESPACE_HOSTNAME_UNDERLINE}_https_lb"
- "traefik.http.routers.${NAMESPACE_HOSTNAME_UNDERLINE}_https.tls=true"
# network
- "traefik.docker.network=${NETWORK_NAME_TRAEFIK_PUBLIC_LOCAL}"
...
ports:
- "${PORT_HTTPS_API_EXPOSE}:${PORT_HTTPS}"
networks:
- network-internal
- network-traefik
other-service:
...
networks:
- network-internal
...
networks:
network-internal:
external: false
name: "${NAMESPACE_HOSTNAME}.network.internal"
network-traefik:
external: true
name: "${NETWORK_NAME_TRAEFIK_PUBLIC_LOCAL}"
See: https://medium.com/@tbusser/creating-a-browser-trusted-self-signed-ssl-certificate-2709ce43fd15
cd certsopenssl genrsa -des3 -out rootCA.key 2048openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.pem -subj "/C=DE/ST=Saxony/L=Dresden/O=Ixnode/OU=IT/CN=IXNODE ROOT"openssl req -new -nodes -out server.csr -newkey rsa:2048 -keyout server.key -subj "/C=DE/ST=Saxony/L=Dresden/O=Ixnode/OU=IT/CN=IXNODE DEV"openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext