I have set up my first home-docker-stack:
DDNS account --> No chance to get subdomains --> Use ports.
Configure a https-proxy so that https-configuration is not required for each container --> Use traefik.
Now I have a traefik.toml with the following content:
defaultEntryPoints = ["http", "https"]
logLevel = "DEBUG"
debug = true
[web]
address = ":8080"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "MY_EMAIL_ADDRESS"
storage = "/etc/traefik/acme/acme.json"
entryPoint = "https"
onDemand = true
OnHostRule = false
[acme.httpChallenge]
entryPoint = "http"
[docker]
domain = "MY_DOMAIN"
watch = true
And a docker-compose.yml looking as follows:
version: '3.4'
services:
db:
image: mariadb:10.1
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=SOMEPASSWORD
env_file:
- db.env
wordpress:
image: wordpress:apache
restart: always
ports:
- "8001:80"
environment:
- WORDPRESS_DB_HOST=db
- WORDPRESS_DB_PASSWORD=SOMEPASSWORD
- WORDPRESS_DB_NAME=wordpress
depends_on:
- db
networks:
- default
- traefik-net
deploy:
replicas: 1
labels:
- "traefik.enable=true"
- "traefik.port=8001"
- "traefik.docker.network=traefik-net"
traefik:
image: traefik:1.5-alpine
restart: always
networks:
- traefik-net
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/traefik/traefik.toml:/etc/traefik/traefik.toml:ro
- /home/traefik/acme:/etc/traefik/acme
privileged: true
container_name: traefik
volumes:
db:
networks:
traefik-net:
If I now try to reach my traefik-instance as follows:
https://MY_DOMAIN/
The client returns (untrusted self signed certificate):
Dem Zertifikat wird nicht vertraut, weil es vom Aussteller selbst signiert wurde.
The traefik log contains:
traefik | time="2018-03-19T13:29:29Z" level=debug msg="Looking for provided certificate to validate MY_DOMAIN..."
traefik | time="2018-03-19T13:29:29Z" level=debug msg="No provided certificate found for domains MY_DOMAIN, get ACME certificate."
traefik | time="2018-03-19T13:29:29Z" level=debug msg="Looking for an existing ACME challenge for MY_DOMAIN..."
traefik | time="2018-03-19T13:29:29Z" level=debug msg="http2: server: error reading preface from client 80.129.18.33:44700: remote error: tls: unknown certificate authority"
Why might the generation of the certificate not start? What do I have to fix?
Traefik will access your container through the docker network, in the docker network the ports you have set in the ports mapping in the docker-compose file means nothing. ports is just to map the container port to one of the hosts ports.
So the port that you should tell traefik to use (through the labels) is 80, the port that the webserver listens to. And you could remove the port mapping, because that's just to the host, if Traefik have ports open for http, it will route the requests to your container (through the exposed port, which should be 80).
As long as your container is in the network, the exposed ports will be available for all other containers in the network.
Another note:
You are in the docker-compose file using a 3.x version. All 3.x versions are swarm specific, so stick to 2.x for none-swarm files.
Related
im running a gitlab-ee docker container behind a traefik v1 docker container. My gitlab is supposed to run on the domain gitlab.dev.example.com:65443 the port 65443 is being forwarded to 443 on my server within my router (i have other stuff running on my 443 and 80 port). my traefik dashboard is running on traefik.dev.example.com:65443/dashboard/
Now when i want to get a lets encrypt certificate with traefik it tries to get it for the domain gitlab.dev.example.com and fails with "Unable to obtain ACME certificate for domains "gitlab.dev.example.com" [...]"
if i visit https://gitlab.dev.example.com:65443 it opens my gitlab container but with the "Traefik Default Cert". I cannot push or pull from these gitlab repositories because the SSL Certificates are self signed hence why i want to get a lets encrypt one.
i swapped out the actual domain with "example.com" obviously
my traefik.toml:
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https", "http"]
[web]
address = ":80"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "traefik.dev.example.com" //swapped the url out
watch = true
exposedByDefault = false
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Enable retry sending a request if the network error
[retry]
# Let's encrypt configuration
[acme]
email="e#mail.com" //swapped the email out
storage="acme.json"
entryPoint="https"
acmeLogging=true
OnHostRule=true
[acme.httpChallenge]
entryPoint = "http"
now to my docker-compose files. i have a seperate docker-compose.yml for each container
my docker-compose.yml for the traefik container:
version: "3.2"
services:
reverse-proxy:
image: traefik:alpine
command: --api --docker --logLevel=error
restart: unless-stopped
container_name: docker-traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/etc/traefik/traefik.toml
- ./acme.json:/acme.json
environment:
- "TZ=Europe/Berlin"
networks:
- traefik_proxy
- default
ports:
- "443:443"
- "80:80"
logging:
driver: "json-file"
options:
max-file: "3"
max-size: "5m"
labels:
- traefik.backend=traefik-proxy
- traefik.frontend.rule=Host:traefik.dev.loropserver.de
- traefik.docker.network=traefik_proxy
- traefik.port=8080
- traefik.enable=true
- traefik.frontend.auth.basic=lorop:$$apr1$$dHnqprRX$$DjIWIaE97EnMoxwu6o/14.
networks:
traefik_proxy:
external:
name: traefik_proxy
# default:
# driver: bridge
my docker-compose.yml for the gitlab container:
version: '3.5'
services:
gitlab:
image: 'gitlab/gitlab-ee:latest'
container_name: gitlab
restart: unless-stopped
hostname: 'gitlab.dev.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.dev.example.com';
//some more configs
ports:
- '22:22'
- '5005:5005'
volumes:
- './volumes/gitlab/config:/etc/gitlab'
- './volumes/gitlab/logs:/var/log/gitlab'
- './volumes/gitlab/data:/var/opt/gitlab'
- /etc/localtime:/etc/localtime:ro
- './certs:/etc/gitlab/trusted-certs'
networks:
- traefik_proxy
labels:
- 'traefik.enable=true'
- 'traefik.port=65443'
- 'traefik.docker.network=traefik_proxy'
- 'traefik.backend=gitlab'
- 'traefik.frontend.rule=Host:gitlab.dev.example.com'
- 'traefik.http.routers.entrypoints=websecure'
networks:
traefik_proxy:
external: true
Setup: I have a variety of native applications and docker applications on a nas device.
(simplistic example).
host
: 8080 (console)
: 81 (apache)
: <port> and more (individual nas applications)
- container:traefik
:80
- container:nginx
:90
- container:customcode
:4000
- and more (individual applications)
:<port>
(host is 192.168.1.22).
**All containers and applications work and are reachable via 'http://192.168.1.22:<port>'
I was attempting to use traefik with simplistic names to manage the ports.
i.e.
'apache' redirect to http://192.168.1.22:81 (host exposed) - works
'nas' redirect to http://192.168.1.22:8080 (host exposed) - works
'nginx' redirect to http://192.168.1.22:90 (container exposed) -
fails
The traefik setup is able to redirect to all ports on the host itself, but none of the ports exposed by docker. This works for sites on different hosts as well. for ports exposed by containers I get a 'Gateway timeout' error
(only Log file entry: "'504 Gateway Timeout' caused by: dial tcp 192.168.1.22:90: i/o timeout").
I cannot use labels on the containers as they don't (and some cannot) share networks. I just want traefik to route to the IP:Port without worrying about if the port is provided by a container or not.
traefik.toml
loglevel = "ERROR"
[Log]
filePath = "/etc/traefik/traefik.log"
level = "DEBUG"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[api]
dashboard = true
[providers.docker]
watch = false
exposedByDefault = false
endpoint = "unix:///var/run/docker.sock"
[providers.file]
watch = true
filename = "/etc/traefik/services.toml"
services.toml
[http]
[http.services]
[http.services.nas]
[http.services.nas.loadBalancer]
[[http.services.nas.loadBalancer.servers]]
url = "http://192.168.1.22:8080/"
[http.services.test90]
[http.services.test90.loadBalancer]
[[http.services.test90.loadBalancer.servers]]
url = "http://192.168.1.22:90/" #this does not work#
[http.services.test81]
[http.services.test81.loadBalancer]
[[http.services.test81.loadBalancer.servers]]
url = "http://192.168.1.22:81/"
docker compose:
version: "3.5"
services:
traefik:
image: "traefik:2.4"
container_name: "traefik"
restart: always
environment:
- PUID=<id>
- PGID=<id>
ports:
- "443:443"
- "80:80"
volumes:
- "/shr/traefik/:/etc/traefik/"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`traefik`)"
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.entrypoints=http,https"
- "traefik.http.routers.traefik.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=admin:<pass>"
- "traefik.http.routers.nas.entrypoints=http"
- "traefik.http.routers.nas.rule=Host(`nas`)"
- "traefik.http.routers.nas.service=nas#file"
- "traefik.http.routers.test81.entrypoints=http"
- "traefik.http.routers.test81.rule=Host(`apache`)"
- "traefik.http.routers.test81.service=test81#file"
- "traefik.http.routers.test90.entrypoints=http"
- "traefik.http.routers.test90.rule=Host(`nginx`)"
- "traefik.http.routers.test90.service=test90#file"
networks:
- proxy
whoami:
image: "traefik/whoami"
container_name: "whoami"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami`)"
- "traefik.http.routers.whoami.entrypoints=http"
networks:
- proxy
networks:
proxy:
external:
name: proxy
You might need to assing the correct traefik network in the application that causes the problem:
In the docker-compose.yml:
labels:
[...]
- "traefik.enable=true"
- "traefik.docker.network=foobar"
[...]
Where "foobar" is the docker network that traefik is also in. Ideally, an external docker network.
It seems that adding network_mode: "host" to the docker-compose and removing the custom network fixed the issue.
I'm trying to secure a site which is served by trafik using let's encrypt. However, it fails when testing the acme challenge.
time="2019-02-07T23:23:35Z" level=error msg="Unable to obtain ACME certificate for domains \"git.redacted.be\" detected thanks to rule \"Host:git.redacted.be\" : unable to generate a certificate for the domains [git.redacted.be]: acme: Error -> One or more domains had a problem:\n[git.redacted.be] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://git.redacted.be/.well-known/acme-challenge/I_44HUy2IqyYZk-6GmfWxtm7Uunx_wid9rgHpXkhZcM: Error getting validation data, url: \n"
The server is publicly available (if I go to http://git.redacted.be, it get's redirected to https and I can configure my git server) from the internet, and gogs (the git server) is also made accessible via traefik and docker.
When I manually navigate to the url mentioned (.well-known/acme-challenge/...), the request times out but logging inside traefik shows: Error getting challenge for token: cannot find challenge for
I already tried some of the workarounds mentioned in https://github.com/containous/traefik/issues/2763 (disable IPv6 and use traefik:alpine)
This is my setup:
Traefik docker-compose.yml
version: '3.2'
services:
traefik:
image: traefik:alpine # The official Traefik docker image
command: --api --docker --logLevel=info # Enables the web UI and tells Tr ik to listen to docker
restart: unless-stopped
ports:
- "81:80" # The HTTP port
- "444:443"
- "18080:8080" # The Web UI (enabled by --api)
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
networks:
- traefik
logging:
driver: "json-file"
networks:
traefik:
external:
name: traefik
Traefik.toml
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "redacted.be"
watch = true
exposedByDefault = false
[acme]
email = "ronald#redacted.be"
storage = "acme.json"
entryPoint = "https"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
The docker-compose of my git server:
version: '3.2'
services:
gogs:
restart: unless-stopped
image: gogs/gogs
volumes:
- ./data/db:/data/db
- ./data/git:/data/git
- ./data/gogs:/data/gogs
networks:
- gogs
- traefik
ports:
- "10022:22"
- "3000:3000"
labels:
- "traefik.port=3000"
- "traefik.frontend.rule=Host:git.redacted.be"
- "traefik.docker.network=traefik"
networks:
gogs:
traefik:
external:
name: traefik
Any idea what I'm doing wrong?
Having some real issues getting HTTPS entrypoints working from my Traefik docker container.
I was trying to follow the guidelines over at https://docs.traefik.io/user-guide/docker-and-lets-encrypt/
Also have tried various bits from https://docs.traefik.io/user-guide/examples/ and https://ian-says.com/articles/traefik-proxy-docker-lets-encrypt/ and various other places
It all works fine in http, but https gives me a connection refused, and no https entrypoint is active in the traefik web portal.
When I check port 443 externally it says its closed, however there is no firewall, and its not already in use (see docker ps below), so all I can think is that the traefik container itself isn't setup correctly for https?
My question: How do I get HTTPS working on traefik? Also how do I see the traefik logs to get more info? docker-compose logs -f reverse-proxy is empty
traefik.toml
defaultEntryPoints = ["https","http"]
debug = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "email#domain.com"
storage = "/home/project/acme.json"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "domain.com"
sans = ["app.domain.com", "api.domain.com"]
docker-compose.yml
version: '3'
services:
reverse-proxy:
image: traefik
command: --api --docker
ports:
- "80:80"
- "443:443"
- "8080:8080" # The Web UI (enabled by --api)
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/traefik/traefik.toml:/home/project/traefik.toml
- /opt/traefik/acme.json:/home/project/acme.json
api:
build:
context: ./api/
dockerfile: Dockerfile
volumes:
- ~/api:/var/www/html
networks:
- web
restart: always
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:api.domain.com"
- "traefik.docker.network=web"
webapp:
build:
context: ./webapp/
dockerfile: DockerfileNode
volumes:
- ~/webapp:/app
networks:
- web
labels:
- "traefik.frontend.rule=Host:app.domain.com"
- "traefik.docker.network=web"
- "traefik.enable=true"
expose:
- 8188
networks:
web:
external: true
screengrab of my traefik portal
(note: only http entry points, no https)
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d956a9d25ace webapp "/usr/bin/kafka-sock…" 18 minutes ago Up 16 minutes 8188/tcp webapp_1
e46693c8ca3e api "docker-php-entrypoi…" 21 minutes ago Up 16 minutes 80/tcp api_1
321c5efc720b traefik "/traefik --api --do…" 2 hours ago Up 16 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:8080->8080/tcp reverse-proxy_1
I try to run three docker containers on one host. Traaefik is one of the containers to proxy traffic to the other containers.
My first goal is to reach each container through a dedicated hostname on port 80. Traefik ui should be available only through a hostname and on port 80 also, having some sort of authentication.
Using only a docker-compose.yml, I can reach all three containers using the hostnames, all on port 80. But to add authentication, I guess I need to introduce a traefik.toml. But this gives me troubles.
Next goal would be to introduce SSL using let's encrypt on all three hosts.But first things first...
Working solution with three hosts, all on port 80, lacking authorization for Traefik UI:
version: "2"
networks:
web:
services:
prox:
image: containous/traefik:latest # The official Traefik docker image
command: --api --docker # Enables the web UI and tells Træfik to listen to docker
restart: unless-stopped
ports:
- "80:80" # The HTTP port
labels:
- "traefik.port=8080"
- "traefik.backend=traefikception"
- "traefik.frontend.rule=Host:traefik.test.com"
- "traefik.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
networks:
- web
seafile_1:
image: seafileltd/seafile
container_name: seafile_1
restart: unless-stopped
environment:
SEAFILE_ADMIN_EMAIL: me#test.com
SEAFILE_ADMIN_PASSWORD: ####
SEAFILE_SERVER_HOSTNAME: 1.test.com
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:1.test.com
- traefik.port=80
- traefik.backend=seafile_1
- traefik.docker.network=web
volumes:
- /opt/seafile-data/ttt_1:/shared
networks:
- web
seafile_2:
image: seafileltd/seafile
container_name: seafile_2
restart: unless-stopped
environment:
SEAFILE_ADMIN_EMAIL: me#test2.com
SEAFILE_ADMIN_PASSWORD: #####
SEAFILE_SERVER_HOSTNAME: 2.test2.com
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:2.test2.com
- traefik.port=80
- traefik.backend=seafile_1
- traefik.docker.network=web
volumes:
- /opt/seafile-data/ttt_2:/shared
networks:
- web
Adding the following traefik.toml:
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.proxy]
address=":80"
[entryPoints.proxy.auth]
[entryPoints.proxy.auth.basic]
users = [
"joh:$apr1$RKdHyOKO$QDK1EKB4UJbsda7CXfPfK0",
]
[api]
entrypoint="proxy"
I get lot's of the following errors in the log, none of the containers is reachable from outside:
prox_1 | time="2018-06-17T19:23:26Z" level=fatal msg="Error preparing server: listen tcp :8080: bind: address already in use"
prox_1 | time="2018-06-17T19:24:26Z" level=error msg="Error opening listener listen tcp :8080: bind: address already in use"
prox_1 | time="2018-06-17T19:24:26Z" level=fatal msg="Error preparing server: listen tcp :8080: bind: address already in use"
I am pretty sure I need to adapt my docker-compose.yml and move settings to traefik.toml, but I cannot get my head around how to to that.
Thanks in advance!!
With the help of traefik support on slack I was able to solve this.
you may not have more than one entryPoint per Port
The Authorization can be configured in the docker-compose.yml
add acme.json and configure https and Let's encrypt only in traefik.toml
In /opt/traefik put the following three files:
acme.json:
may be empty but must be well secured:
touch acme.json
chmod 600 acme.json
docker-compose.yml:
version: "2"
networks:
web:
services:
prox:
image: containous/traefik:latest # The official Traefik docker image
command: --api --docker # Enables the web UI and tells Træfik to listen to docker
restart: unless-stopped
ports:
- "80:80"
- "443:443"
# - "8080:8080" # Don't want this port open (on all hostnames!)
labels:
- "traefik.port=8080"
- "traefik.backend=traefikception"
- "traefik.frontend.rule=Host:traefik.example.me"
- "traefik.enable=true"
- "traefik.frontend.auth.basic=admin:$$ert2$$RKdHyOKO$$QDK1EKB4UJbsda7CXfPfK0"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock" # So that Traefik can listen to the Docker events
- "./traefik.toml:/traefik.toml"
- "./acme.json:/acme.json"
networks:
- web
seafile_org1:
image: seafileltd/seafile
container_name: seafile_org1
restart: unless-stopped
environment:
SEAFILE_ADMIN_EMAIL: mail#mail.me
SEAFILE_ADMIN_PASSWORD: ####
SEAFILE_SERVER_HOSTNAME: org1.example.me
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:org1.example.me
- traefik.port=80
- traefik.backend=seafile_org1
- traefik.docker.network=web
volumes:
- /opt/seafile-data/org1:/shared
networks:
- web
seafile_org2:
image: seafileltd/seafile
container_name: seafile_org2
restart: unless-stopped
environment:
SEAFILE_ADMIN_EMAIL: mail#mail.com
SEAFILE_ADMIN_PASSWORD: ####
SEAFILE_SERVER_HOSTNAME: org2.example.com
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:org2.example.com
- traefik.port=80
- traefik.backend=seafile_org2
- traefik.docker.network=web
volumes:
- /opt/seafile-data/org2:/shared
networks:
- web
get what you need to put as value to traefik.frontend.auth.basic issuing:
htpasswd -n admin
traefik.toml:
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[api]
dashboard = true
# Enable ACME (Let's Encrypt): automatic SSL.
[acme]
email = "you#mail.com"
storage = "acme.json"
entryPoint = "https"
# If true, display debug log messages from the acme client library.
# acmeLogging = true
# Enable certificate generation on frontends host rules.
onHostRule = true
# CA server to use.
# Uncomment the line to use Let's Encrypt's staging server,
# leave commented to go to prod.
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# Use a HTTP-01 ACME challenge.
# Optional (but recommended)
[acme.httpChallenge]
entryPoint = "http"
This uses Let's encrypt staging environment to get you three certs. Comment the line with caServer to get the real certs! Recreate an empty acme.json as well!
The seafile-data is stored in
/opt/seafile-data/org1
and
/opt/seafile-data/org2
respectively.
In /opt/traefik you can start the system:
docker-compose up -d
and watch the logs with
docker-compose logs
Startup takes some time on first run to setup seafile, get the certs,...
Your hosts should be reachable, giving no SSL errors or warnings on
http://traefik.example.me (Asking your credentials to see the page)
http://org1.example.me
http://org2.example.com
What's left to do is to edit the ccnet.conf file in each of the seafile installation directories (/opt/seafile-data/org1/seafile/conf/ccnet.conf) and change the protocol to "http" and remove the port ":8000" from SERVICE_URL so that shared links are correct for that setup as well. The line should read:
SERVICE_URL = https://org1.example.me
You can do it all in the Docker Stacks file:
version: "3.7"
services:
traefik:
image: traefik:1.7.13
command: >
--api
--docker
--docker.swarmmode
--docker.watch
--docker.exposedbydefault=false
# --debug=true
--loglevel=error # debug
--defaultentrypoints=https,http
--entryPoints="Name:http Address::80 Redirect.EntryPoint:https"
--entryPoints="Name:https Address::443 TLS"
--retry
--acme=true
--acme.entrypoint=https
--acme.httpchallenge
--acme.httpchallenge.entrypoint=http
--acme.domains="..."
--acme.email="..."
--acme.storage=/certs/acme.json
ports:
- 80:80 # HTTP
- 443:443 # HTTPS
- 8080:8080 # The Web UI (enabled by --api)
volumes:
- acme:/certs
- /var/run/docker.sock:/var/run/docker.sock:ro
whoami:
image: containous/whoami
deploy:
labels:
traefik.frontend.rule: Path:/whoami
traefik.enable: "true"
traefik.port: 80
volumes:
acme: