Set up Traefik with SSL using Let's Encrypt and a Route 53 domain on an AWS EC2 Instance. Traefik will act as a reverse proxy and auto-renew your certificates! This means you can host services on this domain using Docker. Just remember to add DNS entries in your Route53 entries to point to the IP address of your EC2 instance.
- Install docker and docker compose
- Set up Roles and Policies (see below)
- Change the default username and password protecting the Traefik Dashboard. It is set to
exampleandexample. To use a password in the docker compose you need to escape every$character with a$character. This is not true in environment variable files. Generate a password here. - create a docker bridge to attach traefik to
If you have set up the EC2 instance with the correct roles and policies you can run the code as follows:
./start.sh
This will take some time.
General process to create allow Traefik to manage your domain, although you should take as many security precautions as possible and do your own research on the implication of these roles...
- Go to the IAM console in AWS.
- Create a new policy.
- Grant permissions that allow changes to Route53. A typical policy might include actions like
route53:GetChange,route53:ChangeResourceRecordSets,route53:ListResourceRecordSets,route53:ListHostedZonesByNameandroute53:ListHostedZones. Restrict the resource to the specific hosted zone ID that Traefik will be working with.
- In IAM console, create a new role.
- Attach the policy you created in the previous step.
- If Traefik is running on an EC2 instance, choose EC2 as the trusted entity. If it's running on Kubernetes in EKS, choose EKS or the appropriate entity.
- Attach the role to the EC2 instance where Traefik is running.