Traefik with SSL + Portainer on Docker Swarm Repro · GitHub
source link: https://gist.github.com/ruanbekker/510a75ba327cba65ab8f74dbd26c6140
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Traefik and Portainer on Docker Swarm with Letsencrypt
Reproducing a Traefik with SSL and Portainer setup on a 2 Node Docker Swarm
Install Docker:
Install Docker on both nodes with a Bootstrap Script:
$ curl https://gitlab.com/rbekker87/scripts/raw/master/setup-docker-ubuntu.sh | bash
Initialize the Swarm
Initialize Swarm on Manager (node-1):
$ docker swarm init --advertise-addr ens3
Swarm initialized: current node (jhs46c7mv0vl86v488joqazpd) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-3kgazh7s0aebjgov5tw0s85d0oz1wu4whefibiszaiuij7f7ub-3ocy5sathgputnxzpjacfypip 10.163.68.18:2377
Join Worker Node to the Swarm (node-2):
$ docker swarm join --token SWMTKN-1-3kgazh7s0aebjgov5tw0s85d0oz1wu4whefibiszaiuij7f7ub-3ocy5sathgputnxzpjacfypip 10.163.68.18:2377
This node joined a swarm as a worker.
List nodes from the Manager (node-1):
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
jhs46c7mv0vl86v488joqazpd * docker1 Ready Active Leader 18.09.7
3bzwcuokvfi7w3gitfturzw93 docker2 Ready Active 18.09.7
Setup a A Record to the Manager IP:
meikel.rbkr.xyz->185.136.234.52
Setup a Wildcard Record with the value of CNAME to the previous record:
*.meikel.rbkr.xyz->meikel.rbkr.xyz
Testing:
$ dig A meikel.rbkr.xyz +short
185.136.234.52
$ dig CNAME test.meikel.rbkr.xyz +short
meikel.rbkr.xyz.
Provision Traefik:
Create the compose file for treafik docker-compose.traefik.yml:
version: '3.7'
services:
traefik:
image: traefik:latest
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
command: >
--api
--acme
--acme.storage=/certs/acme.json
--acme.entryPoint=https
--acme.httpChallenge.entryPoint=http
--acme.onHostRule=true
--acme.onDemand=false
--acme.acmelogging=true
--acme.email=${EMAIL:-root@localhost}
--docker
--docker.swarmMode
--docker.domain=${DOMAIN:-localhost}
--docker.watch
--defaultentrypoints=http,https
--entrypoints='Name:http Address::80'
--entrypoints='Name:https Address::443 TLS'
--logLevel=INFO
--accessLog
--metrics
--metrics.prometheus
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- traefik_certs:/certs
configs:
- source: traefik_htpasswd
target: /etc/htpasswd
networks:
- public
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
labels:
- "traefik.docker.network=public"
- "traefik.port=8080"
- "traefik.backend=traefik"
- "traefik.enable=true"
- "traefik.frontend.rule=Host:traefik.${DOMAIN:-localhost}"
- "traefik.frontend.auth.basic.usersFile=/etc/htpasswd"
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.entryPoints=http,https"
configs:
traefik_htpasswd:
file: ./htpasswd
networks:
public:
driver: overlay
name: public
volumes:
traefik_certs: {}
Install dependency to create basic auth file:
sudo apt install apache2-utils -y
Create admin/admin credentials:
$ htpasswd -c htpasswd admin
New password:
Re-type new password:
Adding password for user admin
Set the domain and reachable email as environment variable:
$ export DOMAIN=meikel.rbkr.xyz
$ export [email protected]
Deploy the traefik stack:
$ docker stack deploy -c docker-compose.traefik.yml proxy
Creating network public
Creating config proxy_traefik_htpasswd
Creating service proxy_traefik
List the service:
$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
c4cm18zspces proxy_traefik replicated 1/1 traefik:latest
Access the Traefik UI on https://traefik.meikel.rbkr.xyz
Portainer
Create the compose docker-compose.portainer.yml
version: '3.7'
services:
agent:
image: portainer/agent
environment:
AGENT_CLUSTER_ADDR: tasks.agent
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- private
deploy:
mode: global
placement:
constraints:
- node.platform.os == linux
portainer:
image: portainer/portainer
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- portainer-data:/data
networks:
- private
- public
deploy:
placement:
constraints:
- node.role == manager
labels:
- traefik.frontend.rule=Host:portainer.${DOMAIN}
- traefik.enable=true
- traefik.port=9000
- traefik.tags=public
- traefik.docker.network=public
- traefik.redirectorservice.frontend.entryPoints=http
- traefik.redirectorservice.frontend.redirect.entryPoint=https
- traefik.webservice.frontend.entryPoints=https
networks:
private:
driver: overlay
name: private
public:
external: true
volumes:
portainer-data: {}
Make sure the DOMAIN environment variable is still set:
$ env | grep DOMAIN
DOMAIN=meikel.rbkr.xyz
Deploy the stack:
$ docker stack deploy -c docker-compose.portainer.yml portainer
Creating network private
Creating service portainer_agent
Creating service portainer_portainer
Check if all the containers has checked in for the respective services:
$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
wwu7alr6ysw0 portainer_agent global 2/2 portainer/agent:latest
09flw7vt80r7 portainer_portainer replicated 1/1 portainer/portainer:latest
c4cm18zspces proxy_traefik replicated 1/1 traefik:latest
Portainer should show up on the Traefik UI as a Frontend and Backend:
Accessing Portainer on https://portainer.meikel.rbkr.xyz:
After setting up the user:
And having a look at the services:
Recommend
-
98
介绍docker图形化管理提供了很多工具,有Portainer、DockerUI、Shipyard等等,本文主要介绍Portainer。 Portainer是一个开源、轻量级Docker管理用户界面,基于DockerAPI,提供状态显示面板、应用模板快速部署、容器镜像网络数据卷的基本操作(包括上传下...
-
36
1 前言 从没想到 Docker 也有可视化的工具,因为它的命令还是非常清晰简单的。无聊搜了一下,原来已经有很多 Docker 可视化工具了。如 DockerUI 、 Shipyard 、 R...
-
10
docker图形化管理工具之Portainer 177 次查看 What is Portainer? Portainer是一款轻量级的图形化管理工具,通过它我们可以轻松管理不同的docker环境。Portai...
-
10
Traefik Reverse Proxy with Docker Compose and Docker Swarm February 17, 2021 Reading time ~8 minutes ...
-
5
最近在使用rancher2.5.5部署Redis主从复制的时候,发现rancher会产生很多iptables的规则,这些规则导致我们在部署了rancher的机器上无法使用Redis的主从复制功能,因为我对rancher和k8s的了解也仅限于了解网络架构和使用,对底层并不深入,短期内无法解决这个网...
-
8
Repro property set before custom element upgradeRepro property set before custom element upgrade Hello world!
-
97
Pi-Hosted Portainer Template V2 This git is a collection of tutorials for docker / portainer made using raspberry pi / arm also hosting a ARM based App Template for Portainer.io
-
5
Please include a repro You probably arrived here because of a curt message in response to an issue you filed on a repo that I contribute to. Sorry about that (particularly if you filed the issue long ago and have been waiting patiently fo...
-
3
Slaying Zombie ‘No Repro’ Crashes with Infer#
-
7
The open-source developer tool and browser extension to make bug reporting in the browser more collaborative and reproducible. Repro shortens the debugging cycle in web development and empowers teams to painlessly ship defect-free software to user...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK