Traefik v2 setup with Prometheus monitoring and Grafana interface.
- All traffic from port 80 is routed to port 443
- Dashboard is SSL secured by default and not accessible in port 8080
- Prometheus with BasicAuth enabled
- Grafana includes Traefik v2 dashboard
- Supports Docker Swarm mode
- clone the repo
- create
.envfile from.env.example
- The default user and password for the dashboard is admin/admin. make sure to generate a new password using 'htpasswd' and replace it in your '.env' file
- create your
conf/traefik.tomlfile fromconf/conf.d/traefik.toml.example - create your
conf/certificates.tomlfile fromconf/conf.d/certificates.toml.example - create your
conf/tls.tomlfile fromconf/tls.toml.example - place certificate and private key files in
certsfolder - create your
docker-compose.ymlfromdocker-compose.dev.yml
- to create a
docker-compose.prod.ymlfile for docker swarm run:
docker-compose config > docker-compose.prod.yml
Network name is 'proxy'
When you create a stack make sure it's divided into three networks: proxy, backend and frontend. the idea behind splitting the stack into three networks is to block the access of the reverse proxy to the backend containers.
with the Traefik container you will only create the 'proxy' network, other networks will be created with each stack according to that stack name to avoid access between frontend/backend containers of different stacks.
- proxy
- stack1_frontend
- stack1_backend
- stack2_frontend
- stack2_backend
and so on...
- request --> traefik --> frontend1 --> backend1
- request --> traefik --> frontend2 --> backend2
there is a 'connect.sh' script included that will connect your Traefik container to all of your frontend networks. you only need to run it after creating a new stack. the connection is persistent and will remain between reboots and up/down commands. you can run the script multiple times, it will output an error if the connection already exist.
Grafana and Prometheus setups are based on vegasbrianc traefik repository
Author: RaveMaker.