Thanks for watching this video! Below is the code samples you’re looking for; enjoy!
AWS Route53: DNS Resolver IAM policy example:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:GetChange",
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/*",
"arn:aws:route53:::change/*"
]
},
{
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
}
]
}Next, here’s your docker-compose.yml and its’ corresponding .env variables files. Don’t forget that if you’re following this full example, these files for Traefik need to live in a folder named traefik in order for the bits later to line up.
version: '3.9'
networks:
proxy:
volumes:
traefik-letsencrypt:
services:
traefik:
image: traefik:v3.0
container_name: traefik
restart: unless-stopped
ports:
- "80:80"
- "443:443"
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- traefik-letsencrypt:/letsencrypt
- ./traefik.yml:/etc/traefik/traefik.yml
- ./file-provider.yml:/dynamic/conf/file-provider.yml
labels:
- traefik.enable=true
- traefik.http.routers.traefik.rule=Host(`traefik.yourdomain.com`)
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=le
- traefik.http.routers.traefik.service=api@internal
- traefik.http.services.api.loadbalancer.server.port=8080
# - traefik.http.routers.traefik.middlewares=authentik@file
## yourdomain.com cert
- traefik.http.routers.traefik.tls.domains[6].main=yourdomain.com
- traefik.http.routers.traefik.tls.domains[6].sans=*.yourdomain.com
environment:
- AWS_ACCESS_KEY_ID=${AWS_KEY}
- AWS_SECRET_ACCESS_KEY=${AWS_SECRET}
- AWS_REGION=${AWS_REGION}.env file:
AWS_KEY=xxxxxxxxxxxx
AWS_SECRET=xxxxxxxxxxxx
AWS_REGION=us-west-2 #doesn't matter, as Route53 is a global serviceNext, we need our Traefik config file, traefik.yml:
api:
insecure: true
dashboard: true
debug: true
log:
level: error
serversTransport:
insecureSkipVerify: true
providers:
docker:
network: "proxy"
exposedByDefault: false
file:
filename: "/dynamic/conf/file-provider.yml"
watch: true
entrypoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecured
scheme: https
websecured:
address: :443
certificatesresolvers:
le:
acme:
dnschallenge:
provider: route53
email: "info@yourdomain.com"
storage: "/letsencrypt/acme.json"and your file-provider.yml:
http:
routers:
some-webservice:
tls: true
service: service-name
rule: "Host(`someservice.yourdomain.com`)"
services:
service-name:
loadBalancer:
servers:
- url: "http://172.26.10.137:11000"
tcp:
routers:
some-tcp:
tls: true
service: service-name-tcp
rule: "HostSNI(`service.yourdomain.com`)"
services:
service-name-tcp:
loadBalancer:
servers:
- address: 172.26.10.137:3478
udp:
routers:
some-service-udp:
entrypoints:
- some-service-udp
service: some-service-udp
services:
some-service-udp:
loadbalancer:
servers:
- address: 172.26.10.137:3478.. and finally, your whoami container, which is just a simple docker-compose.yml (in it’s own directory, don’t forget that!); just swap in your domain name.
version: "3.9"
networks:
traefik_proxy:
external: true
services:
whoami:
image: traefik/whoami
container_name: whoami
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- traefik_proxy
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.whoami-test-rtr.rule=Host(`whoami.yourdomain.com`)"
- "traefik.http.routers.whoami-test-rtr.entrypoints=websecured"
- "traefik.http.routers.whoami-test-rtr.tls=true"
- "traefik.http.routers.whoami-test-rtr.tls.certresolver=le"
- "traefik.http.services.whoami-test-rtr.loadbalancer.server.port=80"That’s it! If you run in to any problems, be sure to watch the video back in detail, and you are always welcome to ask questions in the video comments. Cheers!
~OMG
Recent Comments