基于docker compose部署,使用时替换
docker-compose.yml中的dashboard.example.com为自己的域名,替换treakfik.yml中的email@example.com为自己的邮箱.
配置文件目录结构
|-- docker-compose.yml
|-- data
|-- treakfik.yml
|-- config
|-- dynamic.yml
docker-compose.yml
version: '3'
services:
traefik:
images: traefik
container_name: traefik
restart: always
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./data/config:/config
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.traefik-secure.entrrypoints=websecure"
- "traefik.http.routers.traefik-secure.rule=Host(`dashboard.example.com`)"
- "traefik.http.touters.traefik-secure.middlewares=user-auth@file"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
traefik:
external: true
treakfik.yml
api:
dashboard: true
pilot:
dashboard: false
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
websecure:
address: :443
http:
middlewares:
- secureHeaders@file
tls:
certResolver: letsencrypt
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config/dynamic.yml
certificatesResolvers:
letsencrypt:
acme:
email: email@example.com
storage: acme.json
keyType: EC384
httpChallenge:
entryPoint: web
dynamic.yml
http:
middlewares:
secureHeaders:
headers:
forceSTSHeader: true
stsPreload: true
stsSeconds: 31536000
# username: admin
# password: qwer1234
user-auth:
basicAuth:
users:
- "admin:$apr1$tm53ra6x$FntXd6jcvxYM/YH0P2hcc1"
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305