Skip to content

Installation

Connect to the instance with ssh:

ssh debian@<IP_ADDRESS>

Upgrade the server and install the dependencies:

sudo apt update && apt upgrade -y
sudo apt install -y apt-transport-https ca-certificates gnupg2 software-properties-common apache2-utils

Docker

Install Docker and Docker-Compose:

sudo curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg | apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get -y install docker-ce docker-compose
sudo systemctl enable docker
sudo systemctl start docker

Traefik

Create directory for Treafik:

sudo mkdir -p /apps/traefik
cd /apps/traefik

Create the configuration file traefik.yml:

api:
    dashboard: true
entryPoints:
    http:
    address: ":80"
    https:
    address: ":443"
providers:
    docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
certificatesResolvers:
    http:
    acme:
        email: <EMAIL>
        storage: acme.json
        httpChallenge:
        entryPoint: http
providers.file:
    filename: "/etc/traefik/dynamic_conf.toml"
    watch: true

Warning

Don't forget to change <EMAIL> by your email

Create the configuration file config.yml:

http:
    middlewares:
    https-redirect:
        redirectScheme:
        scheme: https
    default-headers:
        headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
    secured:
        chain:
        middlewares:
        - default-headers

Create the file acme.json:

sudo touch acme.json
sudo chmod 600 acme.json

Create the proxy network for Docker:

sudo docker network create proxy

Encrypt the password you want for Traefik:

sudo echo $(htpasswd -nb admin <YOUR_PASSWORD>) | sed -e s/\\$/\\$\\$/g

Create the compose file docker-compose.yml:

version: '2'
services:
    traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
        - no-new-privileges:true
    networks:
        - proxy
    ports:
        - 80:80
        - 443:443
    volumes:
        - /etc/localtime:/etc/localtime:ro
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - /apps/traefik/traefik.yml:/traefik.yml:ro
        - /apps/traefik/acme.json:/acme.json
        - /apps/traefik/config.yml:/config.yml:ro
    labels:
        - traefik.enable=true
        - traefik.http.routers.traefik.entrypoints=http
        - traefik.http.routers.traefik.rule=Host("traefik.<NDD>")
        - traefik.http.middlewares.traefik-auth.basicauth.users=<YOUR_PASSWORD_ENCRYPTED>
        - traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
        - traefik.http.routers.traefik.middlewares=traefik-https-redirect
        - traefik.http.routers.traefik-secure.entrypoints=https
        - traefik.http.routers.traefik-secure.rule=Host("traefik.<NDD>")
        - traefik.http.routers.traefik-secure.middlewares=traefik-auth
        - traefik.http.routers.traefik-secure.tls=true
        - traefik.http.routers.traefik-secure.tls.certresolver=http
        - traefik.http.routers.traefik-secure.service=api@internal
networks:
    proxy:
        external: true

Warning

Don't forget to change <NDD> by your domain name and <YOUR_PASSWORD_ENCRYPTED> by your password

Start Traefik with :

sudo docker-compose up -d

Portainer

Create directory for Portainer:

sudo mkdir -p /apps/portainer
cd /apps/portainer

Create the compose file docker-compose.yml:

version: '2'
services:
    portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    restart: unless-stopped
    security_opt:
        - no-new-privileges:true
    networks:
        - proxy
    volumes:
        - /etc/localtime:/etc/localtime:ro
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - /apps/portainer/data:/data
    labels:
        - traefik.enable=true
        - traefik.http.routers.portainer.entrypoints=http
        - traefik.http.routers.portainer.rule=Host("portainer.<NDD>")
        - traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https
        - traefik.http.routers.portainer.middlewares=portainer-https-redirect
        - traefik.http.routers.portainer-secure.entrypoints=https
        - traefik.http.routers.portainer-secure.rule=Host("portainer.<NDD>")
        - traefik.http.routers.portainer-secure.tls=true
        - traefik.http.routers.portainer-secure.tls.certresolver=http
        - traefik.http.routers.portainer-secure.service=portainer
        - traefik.http.services.portainer.loadbalancer.server.port=9000
        - traefik.docker.network=proxy

networks:
    proxy:
        external: true

Warning

Don't forget to change <NDD> by your domain name

Start Portainer with :

sudo docker-compose up -d

Connexion

You just have to connect to the address for Traefik: https://traefik.<NDD>

traefik.png

And for Portainer : https://portainer.<NDD>

portainer.png