Today, we’re going to use SSL for everything. No more self-sign certs. No more http. No more hosting things on odd ports. We’re going all in with SSL for our internal services and our external services too. We going to set up a reverse proxy using Traefik, Portainer, and use that to get wildcard certificates from Let’s Encrypt. Join me and let’s secure all the things.
Looking to do this same thing in Kubernetes? Check out traefik + cert-manager on Kubernetes
Docker Setup
See this post on how to install docker and docker-compose
Traefik
1
2
3
4
5
6
7
mkdir traefik
cd traefik
mkdir data
cd data
touch acme.json
chmod 600 acme.json
touch traefik.yml
traefik.yml can be found here
create docker network
1
docker network create proxy
1
touch docker-compose.yml
docker-compose.yml can be found here
1
2
cd data
touch config.yml
1
docker-compose up -d
Portainer
1
2
3
4
mkdir portainer
cd portainer
touch docker-compose.yml
mkdir data
docker-compose.yml can be found here
Generate Basic Auth Password
1
2
sudo apt update
sudo apt install apache2-utils
1
echo $(htpasswd -nb "<USER>" "<PASSWORD>") | sed -e s/\\$/\\$\\$/g
NOTE: Replace <USER> with your username and <PASSWORD> with your password to be hashed.
If you’re having an issue with your password, it might not be escaped properly and you can use the following command to prompt for your password
1
echo $(htpasswd -nB USER) | sed -e s/\\$/\\$\\$/g
Paste the output in your docker-compose.yml in line (traefik.http.middlewares.traefik-auth.basicauth.users=<USER>:<HASHED-PASSWORD>)
Spin up the container
1
docker-compose up -d
Traefik Routes Config
1
2
cd traefik/data
nano config.yml
config.yml here
1
docker-compose up -d --force-recreate
Your folder structure should look like the below, if you are following along with the example. But feel free to make it however you wish just keep in mind you’ll need to change the location in the corresponding files.
1
2
3
4
5
6
./traefik
├── data
│ ├── acme.json
│ ├── config.yml
│ └── traefik.yml
└── docker-compose.yml
Links
⚙️ See all the hardware I recommend at https://l.technotim.live/gear
🚀 Don’t forget to check out the 🚀Launchpad repo with all of the quick start source files