Installation
Connect to the instance with ssh:
ssh debian@<IP_ADDRESS>
Upgrade the server and install the dependencies:
sudo apt update && apt upgrade -y
sudo apt install -y apt-transport-https ca-certificates gnupg2 software-properties-common apache2-utils
Docker
Install Docker and Docker-Compose:
sudo curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg | apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get -y install docker-ce docker-compose
sudo systemctl enable docker
sudo systemctl start docker
Traefik
Create directory for Treafik:
sudo mkdir -p /apps/traefik
cd /apps/traefik
Create the configuration file traefik.yml
:
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
http:
acme:
email: <EMAIL>
storage: acme.json
httpChallenge:
entryPoint: http
providers.file:
filename: "/etc/traefik/dynamic_conf.toml"
watch: true
Warning
Don't forget to change <EMAIL>
by your email
Create the configuration file config.yml
:
http:
middlewares:
https-redirect:
redirectScheme:
scheme: https
default-headers:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
secured:
chain:
middlewares:
- default-headers
Create the file acme.json
:
sudo touch acme.json
sudo chmod 600 acme.json
Create the proxy network for Docker:
sudo docker network create proxy
Encrypt the password you want for Traefik:
sudo echo $(htpasswd -nb admin <YOUR_PASSWORD>) | sed -e s/\\$/\\$\\$/g
Create the compose file docker-compose.yml
:
version: '2'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /apps/traefik/traefik.yml:/traefik.yml:ro
- /apps/traefik/acme.json:/acme.json
- /apps/traefik/config.yml:/config.yml:ro
labels:
- traefik.enable=true
- traefik.http.routers.traefik.entrypoints=http
- traefik.http.routers.traefik.rule=Host("traefik.<NDD>")
- traefik.http.middlewares.traefik-auth.basicauth.users=<YOUR_PASSWORD_ENCRYPTED>
- traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
- traefik.http.routers.traefik.middlewares=traefik-https-redirect
- traefik.http.routers.traefik-secure.entrypoints=https
- traefik.http.routers.traefik-secure.rule=Host("traefik.<NDD>")
- traefik.http.routers.traefik-secure.middlewares=traefik-auth
- traefik.http.routers.traefik-secure.tls=true
- traefik.http.routers.traefik-secure.tls.certresolver=http
- traefik.http.routers.traefik-secure.service=api@internal
networks:
proxy:
external: true
Warning
Don't forget to change <NDD>
by your domain name and <YOUR_PASSWORD_ENCRYPTED>
by your password
Start Traefik with :
sudo docker-compose up -d
Portainer
Create directory for Portainer:
sudo mkdir -p /apps/portainer
cd /apps/portainer
Create the compose file docker-compose.yml
:
version: '2'
services:
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /apps/portainer/data:/data
labels:
- traefik.enable=true
- traefik.http.routers.portainer.entrypoints=http
- traefik.http.routers.portainer.rule=Host("portainer.<NDD>")
- traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https
- traefik.http.routers.portainer.middlewares=portainer-https-redirect
- traefik.http.routers.portainer-secure.entrypoints=https
- traefik.http.routers.portainer-secure.rule=Host("portainer.<NDD>")
- traefik.http.routers.portainer-secure.tls=true
- traefik.http.routers.portainer-secure.tls.certresolver=http
- traefik.http.routers.portainer-secure.service=portainer
- traefik.http.services.portainer.loadbalancer.server.port=9000
- traefik.docker.network=proxy
networks:
proxy:
external: true
Warning
Don't forget to change <NDD>
by your domain name
Start Portainer with :
sudo docker-compose up -d
Connexion
You just have to connect to the address for Traefik: https://traefik.<NDD>
And for Portainer : https://portainer.<NDD>