- Published on
HTTPS Termination using LetsEncrypt with Traefik on Docker Swarm
- Authors
- Name
We will setup a HTTPS Termination on Traefik for our Java Web Application using Payara Micro, that will sit behind our Traefik proxy. In this guide, I will be using GitLab's Private Registry for pushing my Images to.
Traefik Dockerfile:
Our Traefik Dockerfile:
FROM traefik
ADD traefik.toml .
EXPOSE 80
EXPOSE 8080
EXPOSE 443
traefik.toml
Our Traefik config: traefik.toml
defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "recipient@domain.com"
storage = "acme.json"
entryPoint = "https"
onDemand = false
OnHostRule = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "apps.domain.com"
watch = true
exposedbydefault = false
Build the Image:
Login to GitLab's Registry, build and push the image:
$ docker login registry.gitlab.com
$ docker build -t registry.gitlab.com/<user>/<repo>/traefik:latest .
$ docker push registry.gitlab.com/<user>/<repo>/traefik:latest
Traefik:
Create the Traefik Proxy Service:
$ docker service create \
--name traefik \
--constraint 'node.role==manager' \
--publish 80:80 \
--publish 443:443 \
--publish 8080:8080 \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
--network appnet \
--with-registry-auth registry.gitlab.com/<user>/<repo>/traefik:latest \
--docker \
--docker.swarmmode \
--docker.domain=apps.domain.com \
--docker.watch \
--logLevel=DEBUG \
--web
Java Web Application:
Our Java Web Applications Dockerfile:
FROM payara/micro
COPY app.war /opt/payara/deployments/app.war
Build and Push the Image to our GitLab Registry:
$ docker build -t registry.gitlab.com/<user>/<repo>/java_web:latest .
$ docker push registry.gitlab.com/<user>/<repo>/java_web:latest
Create the Java Web Application on Docker Swarm, specifiying our Host
, and also a PathPrefix
, so that the Traefik Proxy can accept requests for the Hostname
, and anything from /app/
$ docker service create \
--name java_web \
--label 'traefik.port=8080' \
--label traefik.frontend.rule="Host:apps.domain.com; PathPrefix: /app/" \
--network appnet \
--with-registry-auth registry.gitlab.com/<user>/<repo>/java_web:latest
Now we should be able to access our Web Application on https://apps.domain.com/app/
Resources:
- https://gist.github.com/nknapp/20c7cd89f1f128b8425dd89cbad0b802
- https://niels.nu/blog/2017/traefik-https-letsencrypt.html
Thank You
Thanks for reading, feel free to check out my website, feel free to subscribe to my newsletter or follow me at @ruanbekker on Twitter.
- Linktree: https://go.ruan.dev/links
- Patreon: https://go.ruan.dev/patreon