Skip to content

Documentation Traefik

Installation Traefik sur Docker

Exemple Docker-Compose.yml

version: "3.3"

services:

  reverse-proxy:
    image: "traefik:v2.0"
    container_name: "traefik"
    networks:
      - traefik
    ports:
      - "80:80"
#      - "8080:8080"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/home/julien/containers/traefik/traefik.yml:/etc/traefik/traefik.yml"
      - "/home/julien/containers/traefik/data/tmp:/tmp"
      - "/home/julien/containers/traefik/data/letsencrypt:/letsencrypt"
      - "/home/julien/containers/traefik/data/log:/var/log"
      - "/home/julien/containers/traefik/data/dynamic:/etc/traefik/dynamic"

    environment:
      - OVH_ENDPOINT=ovh-eu
      - OVH_APPLICATION_KEY=
      - OVH_APPLICATION_SECRET=
      - OVH_CONSUMER_KEY=

    restart: always

    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik-net
      - traefik.http.routers.traefik-dash2.rule=Host("trae.worldkhalifa.fr")
#      - traefik.http.routers.traefik-dash2.rule=Host("172.20.15.18")
      - traefik.http.routers.traefik-dash2.entrypoints=websecure
      - traefik.http.routers.traefik-dash2.tls=true
      - traefik.http.routers.traefik-dash2.tls.options=default
      - traefik.http.routers.traefik-dash2.tls.certresolver=ovh
      - traefik.http.routers.traefik-dash2.tls.domains[0].main=worldkhalifa.fr
      - traefik.http.routers.traefik-dash2.tls.domains[0].sans=*.worldkhalifa.fr
      - traefik.http.routers.traefik-dash2.service=api@internal

networks:
    traefik:
      external:
        name: traefik-net

Monter les volumes Docker-Compose

Monter le fichier docker.sock vers /var/run/docker.sock:ro

- "/var/run/docker.sock:/var/run/docker.sock:ro"

Monter le fichier traefik.yml vers /etc.traefik/trafik.yml

- "/home/julien/containers/traefik/traefik.yml:/etc/traefik/traefik.yml"

Monter le dossier tmp vers /tmp

- "/home/julien/containers/traefik/data/tmp:/tmp"

Monter le dossier letsencrypt vers /letsencrypt

- "/home/julien/containers/traefik/data/letsencrypt:/letsencrypt"

Monter le dossier des log dans /var/log

- "/home/julien/containers/traefik/data/log:/var/log"

Monter le dossier dynamic dans /etc/traefik/dynamic

- "/home/julien/containers/traefik/data/dynamic:/etc/traefik/dynamic"

Challenge DNS OVH

Ajouter dans environnement les clés API OVH disponible sur :
https://api.ovh.com/createToken/

Dynamic configuration Docker Labels

Liens et Références

https://docs.traefik.io/reference/dynamic-configuration/docker/

Pour que ce Docker soit pris en compte par Traefik :

- traefik.enable=true

Pour utiliser un réseau spécifique :

- traefik.docker.network="nom_interface"

Créer une règle et un routeur HTTP :

- traefik.http.routers.traefik-dash2.rule=Host("exemple.domain.test")

Configurer le point d'entrée (websecure = 443, web = 80):

- traefik.http.routers.traefik-dash2.entrypoints=websecure

Activer le tls :

- traefik.http.routers.traefik-dash2.tls=true

Laisser les options par défaut :

- traefik.http.routers.traefik-dash2.tls.options=default

Let's Encrypt activer le certificate Resolvers :

- traefik.http.routers.traefik-dash2.tls.certresolver=ovh

Ajouter le ou les domaines :

- traefik.http.routers.traefik-dash2.tls.domains[0].main=worldkhalifa.fr
- traefik.http.routers.traefik-dash2.tls.domains[0].sans=*.worldkhalifa.fr

Créer un service :

- traefik.http.routers.traefik-dash2.service="nom du service"

Créer un réseau :

networks:
        traefik:
          external:
            name: traefik-net

Exemple traefik.yml

global:
  checkNewVersion: true
  sendAnonymousUsage: false

serversTransport:
  insecureSkipVerify: true
# Optional - default values
#  maxIdleConnsPerHost: 2
#  forwardingTimeouts:
#    dialTimeout: 30s
#    responseHeaderTimeout: 0s
#    idleConnTimeout: 90s

EntryPoints:
  web:
    address: :80
  websecure:
    address: :443

log:
#  level: INFO
  level: DEBUG
  filePath: "/var/log/traefik.log"

accessLog:
  filePath: "/var/log/access.log"
  bufferingSize: 100
  fields:
    defaultMode: keep
    headers:
      defaultMode: keep
      names:
          User-Agent: keep
providers:
  #providersThrottleDuration: 42
  providersThrottleDuration: 10s
  docker:
    watch: true
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    swarmMode: false
  file:
    directory: /etc/traefik/dynamic/
    watch: true

api:
  dashboard: true
  debug: true

certificatesResolvers:
  ovh:
    acme:
      email: julienchary74800@gmail.com
#      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      storage: /letsencrypt/acme.json
      dnsChallenge:
        provider: ovh
        resolvers:
        - 1.1.1.1:53
        - 8.8.8.8:53

EntryPoints

Configuration des Points d'entrée en attribuant un nom a un port.

EntryPoints:
  web:
    address: :80
  websecure:
    address: :443

Log

Activer les log et enregistrer seulement les DEBUG dans le fichier /var/log/traefik.log

log:
#  level: INFO
  level: DEBUG
  filePath: "/var/log/traefik.log"

AccessLog

Activer l'acces aux log.

accessLog:
  filePath: "/var/log/access.log"
  bufferingSize: 100
  fields:
    defaultMode: keep
    headers:
      defaultMode: keep
      names:
          User-Agent: keep

Certificates Resolvers

Activer le résolveur de certificat

certificatesResolvers:
  ovh:
    acme:
      email: julienchary74800@gmail.com
#      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      storage: /letsencrypt/acme.json
      dnsChallenge:
        provider: ovh
        resolvers:
        - 1.1.1.1:53
        - 8.8.8.8:53