traefikletsencryptsslreverse-proxyhttps

Traefik + Let's Encrypt

A production-ready Traefik v3 reverse proxy stack with automatic HTTPS via Let's Encrypt ACME certificate provisioning. Traefik watches the Docker socket for container labels to dynamically configure routing rules, eliminating the need for manual configuration files. HTTP traffic is automatically redirected to HTTPS, and certificates are stored in a named volume for persistence across restarts. A lightweight whoami test service is included to verify that routing and SSL are working correctly out of the box. The Traefik dashboard is optionally accessible for real-time monitoring of routers, services, and middlewares. This stack serves as the ideal entry point for adding SSL-terminated reverse proxying to any Docker-based infrastructure.

Ouvrir dans l'Éditeur Tous les Modèles2 services · 1 réseaux · 2 volumes

Services Inclus

traefik

traefik:v3.2

redémarrage: unless-stopped

Ports : 80:80, 443:443, 8080:8080

volumes: 3 mounts

Env vars: 3

healthcheck

Variables d'Environnement :

ACME_EMAIL=${ACME_EMAIL:[email protected]}

TRAEFIK_DASHBOARD=${TRAEFIK_DASHBOARD:-true}

TRAEFIK_LOG_LEVEL=${TRAEFIK_LOG_LEVEL:-INFO}

whoami

traefik/whoami:v1.10

redémarrage: unless-stopped

healthcheck

YAML Généré

# Generated by ComposeHub (composehub.dev)
name: traefik-letsencrypt
services:
  traefik:
    image: traefik:v3.2
    restart: unless-stopped
    command:
      - "--api.dashboard=${TRAEFIK_DASHBOARD:-true}"
      - "--api.insecure=${TRAEFIK_API_INSECURE:-true}"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=proxy"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL:[email protected]}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--log.level=${TRAEFIK_LOG_LEVEL:-INFO}"
      - "--accesslog=${TRAEFIK_ACCESS_LOG:-true}"
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik_certs:/letsencrypt
      - traefik_config:/etc/traefik
    environment:
      ACME_EMAIL: ${ACME_EMAIL:[email protected]}
      TRAEFIK_DASHBOARD: ${TRAEFIK_DASHBOARD:-true}
      TRAEFIK_LOG_LEVEL: ${TRAEFIK_LOG_LEVEL:-INFO}
    networks:
      - proxy
    healthcheck:
      test:
        - CMD
        - traefik
        - healthcheck
        - "--ping"
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s
    deploy:
      resources:
        limits:
          cpus: "1.00"
          memory: 256M
        reservations:
          cpus: "0.10"
          memory: 64M
    labels:
      com.composeforge.description: Traefik v3 reverse proxy with automatic SSL
  whoami:
    image: traefik/whoami:v1.10
    restart: unless-stopped
    networks:
      - proxy
    healthcheck:
      test:
        - CMD-SHELL
        - wget --no-verbose --tries=1 --spider http://localhost:80/ || exit 1
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s
    deploy:
      resources:
        limits:
          cpus: "0.10"
          memory: 32M
        reservations:
          cpus: "0.02"
          memory: 8M
    labels:
      traefik.enable: "true"
      traefik.http.routers.whoami.rule: Host(`${WHOAMI_DOMAIN:-whoami.localhost}`)
      traefik.http.routers.whoami.entrypoints: websecure
      traefik.http.routers.whoami.tls.certresolver: letsencrypt
      traefik.http.services.whoami.loadbalancer.server.port: "80"
      com.composeforge.description: Whoami test service for verifying Traefik routing
networks:
  proxy:
    driver: bridge
volumes:
  traefik_certs:
    driver: local
  traefik_config:
    driver: local

Informations Rapides

Services: 2
Réseaux: 1
Volumes: 2

Quand l'Utiliser

Ce modèle est idéal pour mettre en place un environnement traefik + let's encrypt Tous les services sont préconfigurés avec des healthchecks, des limites de ressources et des valeurs par défaut raisonnables. Personnalisez les variables d'environnement avant de déployer en production.

Conseils

Changez tous les mots de passe par défaut avant le déploiement
Vérifiez les limites de ressources pour votre matériel
Ajoutez un reverse proxy pour le HTTPS en production
Configurez des stratégies de sauvegarde pour les volumes de données

Ouvrir dans l'Éditeur

Traefik + Let's Encrypt

Services Inclus

traefik

traefik:v3.2

redémarrage: unless-stopped

Ports : 80:80, 443:443, 8080:8080

volumes: 3 mounts

Env vars: 3

healthcheck

Variables d'Environnement :

ACME_EMAIL=${ACME_EMAIL:[email protected]}

TRAEFIK_DASHBOARD=${TRAEFIK_DASHBOARD:-true}

TRAEFIK_LOG_LEVEL=${TRAEFIK_LOG_LEVEL:-INFO}

whoami

traefik/whoami:v1.10

redémarrage: unless-stopped

healthcheck

YAML Généré

# Generated by ComposeHub (composehub.dev)
name: traefik-letsencrypt
services:
  traefik:
    image: traefik:v3.2
    restart: unless-stopped
    command:
      - "--api.dashboard=${TRAEFIK_DASHBOARD:-true}"
      - "--api.insecure=${TRAEFIK_API_INSECURE:-true}"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=proxy"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL:[email protected]}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--log.level=${TRAEFIK_LOG_LEVEL:-INFO}"
      - "--accesslog=${TRAEFIK_ACCESS_LOG:-true}"
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik_certs:/letsencrypt
      - traefik_config:/etc/traefik
    environment:
      ACME_EMAIL: ${ACME_EMAIL:[email protected]}
      TRAEFIK_DASHBOARD: ${TRAEFIK_DASHBOARD:-true}
      TRAEFIK_LOG_LEVEL: ${TRAEFIK_LOG_LEVEL:-INFO}
    networks:
      - proxy
    healthcheck:
      test:
        - CMD
        - traefik
        - healthcheck
        - "--ping"
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s
    deploy:
      resources:
        limits:
          cpus: "1.00"
          memory: 256M
        reservations:
          cpus: "0.10"
          memory: 64M
    labels:
      com.composeforge.description: Traefik v3 reverse proxy with automatic SSL
  whoami:
    image: traefik/whoami:v1.10
    restart: unless-stopped
    networks:
      - proxy
    healthcheck:
      test:
        - CMD-SHELL
        - wget --no-verbose --tries=1 --spider http://localhost:80/ || exit 1
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s
    deploy:
      resources:
        limits:
          cpus: "0.10"
          memory: 32M
        reservations:
          cpus: "0.02"
          memory: 8M
    labels:
      traefik.enable: "true"
      traefik.http.routers.whoami.rule: Host(`${WHOAMI_DOMAIN:-whoami.localhost}`)
      traefik.http.routers.whoami.entrypoints: websecure
      traefik.http.routers.whoami.tls.certresolver: letsencrypt
      traefik.http.services.whoami.loadbalancer.server.port: "80"
      com.composeforge.description: Whoami test service for verifying Traefik routing
networks:
  proxy:
    driver: bridge
volumes:
  traefik_certs:
    driver: local
  traefik_config:
    driver: local