traefikletsencryptsslreverse-proxyhttps

Traefik + Let's Encrypt

A production-ready Traefik v3 reverse proxy stack with automatic HTTPS via Let's Encrypt ACME certificate provisioning. Traefik watches the Docker socket for container labels to dynamically configure routing rules, eliminating the need for manual configuration files. HTTP traffic is automatically redirected to HTTPS, and certificates are stored in a named volume for persistence across restarts. A lightweight whoami test service is included to verify that routing and SSL are working correctly out of the box. The Traefik dashboard is optionally accessible for real-time monitoring of routers, services, and middlewares. This stack serves as the ideal entry point for adding SSL-terminated reverse proxying to any Docker-based infrastructure.

Apri nell'Editor Tutti i Template2 servizi · 1 reti · 2 volumi

Servizi Inclusi

traefik

traefik:v3.2

riavvio: unless-stopped

Porte: 80:80, 443:443, 8080:8080

volumi: 3 mounts

Env vars: 3

healthcheck

Variabili d'Ambiente:

ACME_EMAIL=${ACME_EMAIL:[email protected]}

TRAEFIK_DASHBOARD=${TRAEFIK_DASHBOARD:-true}

TRAEFIK_LOG_LEVEL=${TRAEFIK_LOG_LEVEL:-INFO}

whoami

traefik/whoami:v1.10

riavvio: unless-stopped

healthcheck

YAML Generato

# Generated by ComposeHub (composehub.dev)
name: traefik-letsencrypt
services:
  traefik:
    image: traefik:v3.2
    restart: unless-stopped
    command:
      - "--api.dashboard=${TRAEFIK_DASHBOARD:-true}"
      - "--api.insecure=${TRAEFIK_API_INSECURE:-true}"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=proxy"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL:[email protected]}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--log.level=${TRAEFIK_LOG_LEVEL:-INFO}"
      - "--accesslog=${TRAEFIK_ACCESS_LOG:-true}"
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik_certs:/letsencrypt
      - traefik_config:/etc/traefik
    environment:
      ACME_EMAIL: ${ACME_EMAIL:[email protected]}
      TRAEFIK_DASHBOARD: ${TRAEFIK_DASHBOARD:-true}
      TRAEFIK_LOG_LEVEL: ${TRAEFIK_LOG_LEVEL:-INFO}
    networks:
      - proxy
    healthcheck:
      test:
        - CMD
        - traefik
        - healthcheck
        - "--ping"
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s
    deploy:
      resources:
        limits:
          cpus: "1.00"
          memory: 256M
        reservations:
          cpus: "0.10"
          memory: 64M
    labels:
      com.composeforge.description: Traefik v3 reverse proxy with automatic SSL
  whoami:
    image: traefik/whoami:v1.10
    restart: unless-stopped
    networks:
      - proxy
    healthcheck:
      test:
        - CMD-SHELL
        - wget --no-verbose --tries=1 --spider http://localhost:80/ || exit 1
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s
    deploy:
      resources:
        limits:
          cpus: "0.10"
          memory: 32M
        reservations:
          cpus: "0.02"
          memory: 8M
    labels:
      traefik.enable: "true"
      traefik.http.routers.whoami.rule: Host(`${WHOAMI_DOMAIN:-whoami.localhost}`)
      traefik.http.routers.whoami.entrypoints: websecure
      traefik.http.routers.whoami.tls.certresolver: letsencrypt
      traefik.http.services.whoami.loadbalancer.server.port: "80"
      com.composeforge.description: Whoami test service for verifying Traefik routing
networks:
  proxy:
    driver: bridge
volumes:
  traefik_certs:
    driver: local
  traefik_config:
    driver: local

Informazioni Rapide

Servizi: 2
Reti: 1
Volumi: 2

Quando Usarlo

Questo template è ideale per configurare un ambiente traefik + let's encrypt Tutti i servizi sono preconfigurati con healthchecks, limiti di risorse e valori predefiniti sensati. Personalizza le variabili d'ambiente prima di fare il deploy in produzione.

Consigli

Cambia tutte le password predefinite prima del deploy
Verifica i limiti di risorse per il tuo hardware
Aggiungi un reverse proxy per HTTPS in produzione
Configura strategie di backup per i volumi di dati

Apri nell'Editor

Traefik + Let's Encrypt

Servizi Inclusi

traefik

traefik:v3.2

riavvio: unless-stopped

Porte: 80:80, 443:443, 8080:8080

volumi: 3 mounts

Env vars: 3

healthcheck

Variabili d'Ambiente:

ACME_EMAIL=${ACME_EMAIL:[email protected]}

TRAEFIK_DASHBOARD=${TRAEFIK_DASHBOARD:-true}

TRAEFIK_LOG_LEVEL=${TRAEFIK_LOG_LEVEL:-INFO}

whoami

traefik/whoami:v1.10

riavvio: unless-stopped

healthcheck

YAML Generato

# Generated by ComposeHub (composehub.dev)
name: traefik-letsencrypt
services:
  traefik:
    image: traefik:v3.2
    restart: unless-stopped
    command:
      - "--api.dashboard=${TRAEFIK_DASHBOARD:-true}"
      - "--api.insecure=${TRAEFIK_API_INSECURE:-true}"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=proxy"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL:[email protected]}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--log.level=${TRAEFIK_LOG_LEVEL:-INFO}"
      - "--accesslog=${TRAEFIK_ACCESS_LOG:-true}"
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik_certs:/letsencrypt
      - traefik_config:/etc/traefik
    environment:
      ACME_EMAIL: ${ACME_EMAIL:[email protected]}
      TRAEFIK_DASHBOARD: ${TRAEFIK_DASHBOARD:-true}
      TRAEFIK_LOG_LEVEL: ${TRAEFIK_LOG_LEVEL:-INFO}
    networks:
      - proxy
    healthcheck:
      test:
        - CMD
        - traefik
        - healthcheck
        - "--ping"
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s
    deploy:
      resources:
        limits:
          cpus: "1.00"
          memory: 256M
        reservations:
          cpus: "0.10"
          memory: 64M
    labels:
      com.composeforge.description: Traefik v3 reverse proxy with automatic SSL
  whoami:
    image: traefik/whoami:v1.10
    restart: unless-stopped
    networks:
      - proxy
    healthcheck:
      test:
        - CMD-SHELL
        - wget --no-verbose --tries=1 --spider http://localhost:80/ || exit 1
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s
    deploy:
      resources:
        limits:
          cpus: "0.10"
          memory: 32M
        reservations:
          cpus: "0.02"
          memory: 8M
    labels:
      traefik.enable: "true"
      traefik.http.routers.whoami.rule: Host(`${WHOAMI_DOMAIN:-whoami.localhost}`)
      traefik.http.routers.whoami.entrypoints: websecure
      traefik.http.routers.whoami.tls.certresolver: letsencrypt
      traefik.http.services.whoami.loadbalancer.server.port: "80"
      com.composeforge.description: Whoami test service for verifying Traefik routing
networks:
  proxy:
    driver: bridge
volumes:
  traefik_certs:
    driver: local
  traefik_config:
    driver: local