traefikletsencryptsslreverse-proxyhttps

Traefik + Let's Encrypt

A production-ready Traefik v3 reverse proxy stack with automatic HTTPS via Let's Encrypt ACME certificate provisioning. Traefik watches the Docker socket for container labels to dynamically configure routing rules, eliminating the need for manual configuration files. HTTP traffic is automatically redirected to HTTPS, and certificates are stored in a named volume for persistence across restarts. A lightweight whoami test service is included to verify that routing and SSL are working correctly out of the box. The Traefik dashboard is optionally accessible for real-time monitoring of routers, services, and middlewares. This stack serves as the ideal entry point for adding SSL-terminated reverse proxying to any Docker-based infrastructure.

Abrir en el Editor Todas las Plantillas2 servicios · 1 redes · 2 volúmenes

Servicios Incluidos

traefik

traefik:v3.2

reinicio: unless-stopped

Puertos: 80:80, 443:443, 8080:8080

volúmenes: 3 mounts

Env vars: 3

healthcheck

Variables de Entorno:

ACME_EMAIL=${ACME_EMAIL:[email protected]}

TRAEFIK_DASHBOARD=${TRAEFIK_DASHBOARD:-true}

TRAEFIK_LOG_LEVEL=${TRAEFIK_LOG_LEVEL:-INFO}

whoami

traefik/whoami:v1.10

reinicio: unless-stopped

healthcheck

YAML Generado

# Generated by ComposeHub (composehub.dev)
name: traefik-letsencrypt
services:
  traefik:
    image: traefik:v3.2
    restart: unless-stopped
    command:
      - "--api.dashboard=${TRAEFIK_DASHBOARD:-true}"
      - "--api.insecure=${TRAEFIK_API_INSECURE:-true}"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=proxy"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL:[email protected]}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--log.level=${TRAEFIK_LOG_LEVEL:-INFO}"
      - "--accesslog=${TRAEFIK_ACCESS_LOG:-true}"
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik_certs:/letsencrypt
      - traefik_config:/etc/traefik
    environment:
      ACME_EMAIL: ${ACME_EMAIL:[email protected]}
      TRAEFIK_DASHBOARD: ${TRAEFIK_DASHBOARD:-true}
      TRAEFIK_LOG_LEVEL: ${TRAEFIK_LOG_LEVEL:-INFO}
    networks:
      - proxy
    healthcheck:
      test:
        - CMD
        - traefik
        - healthcheck
        - "--ping"
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s
    deploy:
      resources:
        limits:
          cpus: "1.00"
          memory: 256M
        reservations:
          cpus: "0.10"
          memory: 64M
    labels:
      com.composeforge.description: Traefik v3 reverse proxy with automatic SSL
  whoami:
    image: traefik/whoami:v1.10
    restart: unless-stopped
    networks:
      - proxy
    healthcheck:
      test:
        - CMD-SHELL
        - wget --no-verbose --tries=1 --spider http://localhost:80/ || exit 1
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s
    deploy:
      resources:
        limits:
          cpus: "0.10"
          memory: 32M
        reservations:
          cpus: "0.02"
          memory: 8M
    labels:
      traefik.enable: "true"
      traefik.http.routers.whoami.rule: Host(`${WHOAMI_DOMAIN:-whoami.localhost}`)
      traefik.http.routers.whoami.entrypoints: websecure
      traefik.http.routers.whoami.tls.certresolver: letsencrypt
      traefik.http.services.whoami.loadbalancer.server.port: "80"
      com.composeforge.description: Whoami test service for verifying Traefik routing
networks:
  proxy:
    driver: bridge
volumes:
  traefik_certs:
    driver: local
  traefik_config:
    driver: local

Información Rápida

Servicios: 2
Redes: 1
Volúmenes: 2

Cuándo Usar

Esta plantilla es ideal para configurar un entorno de traefik + let's encrypt Todos los servicios vienen preconfigurados con healthchecks, límites de recursos y valores por defecto sensatos. Personaliza las variables de entorno antes de desplegar en producción.

Consejos

Cambia todas las contraseñas por defecto antes de desplegar
Revisa los límites de recursos para tu hardware
Añade un proxy inverso para HTTPS en producción
Configura estrategias de respaldo para los volúmenes de datos

Abrir en el Editor

Traefik + Let's Encrypt

Servicios Incluidos

traefik

traefik:v3.2

reinicio: unless-stopped

Puertos: 80:80, 443:443, 8080:8080

volúmenes: 3 mounts

Env vars: 3

healthcheck

Variables de Entorno:

ACME_EMAIL=${ACME_EMAIL:[email protected]}

TRAEFIK_DASHBOARD=${TRAEFIK_DASHBOARD:-true}

TRAEFIK_LOG_LEVEL=${TRAEFIK_LOG_LEVEL:-INFO}

whoami

traefik/whoami:v1.10

reinicio: unless-stopped

healthcheck

YAML Generado

# Generated by ComposeHub (composehub.dev)
name: traefik-letsencrypt
services:
  traefik:
    image: traefik:v3.2
    restart: unless-stopped
    command:
      - "--api.dashboard=${TRAEFIK_DASHBOARD:-true}"
      - "--api.insecure=${TRAEFIK_API_INSECURE:-true}"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=proxy"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL:[email protected]}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--log.level=${TRAEFIK_LOG_LEVEL:-INFO}"
      - "--accesslog=${TRAEFIK_ACCESS_LOG:-true}"
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik_certs:/letsencrypt
      - traefik_config:/etc/traefik
    environment:
      ACME_EMAIL: ${ACME_EMAIL:[email protected]}
      TRAEFIK_DASHBOARD: ${TRAEFIK_DASHBOARD:-true}
      TRAEFIK_LOG_LEVEL: ${TRAEFIK_LOG_LEVEL:-INFO}
    networks:
      - proxy
    healthcheck:
      test:
        - CMD
        - traefik
        - healthcheck
        - "--ping"
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s
    deploy:
      resources:
        limits:
          cpus: "1.00"
          memory: 256M
        reservations:
          cpus: "0.10"
          memory: 64M
    labels:
      com.composeforge.description: Traefik v3 reverse proxy with automatic SSL
  whoami:
    image: traefik/whoami:v1.10
    restart: unless-stopped
    networks:
      - proxy
    healthcheck:
      test:
        - CMD-SHELL
        - wget --no-verbose --tries=1 --spider http://localhost:80/ || exit 1
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s
    deploy:
      resources:
        limits:
          cpus: "0.10"
          memory: 32M
        reservations:
          cpus: "0.02"
          memory: 8M
    labels:
      traefik.enable: "true"
      traefik.http.routers.whoami.rule: Host(`${WHOAMI_DOMAIN:-whoami.localhost}`)
      traefik.http.routers.whoami.entrypoints: websecure
      traefik.http.routers.whoami.tls.certresolver: letsencrypt
      traefik.http.services.whoami.loadbalancer.server.port: "80"
      com.composeforge.description: Whoami test service for verifying Traefik routing
networks:
  proxy:
    driver: bridge
volumes:
  traefik_certs:
    driver: local
  traefik_config:
    driver: local