We Keep Coding

Error 504 Gateway Timeout when trying to access a homeserver service through an SSH tunnel and traefik

Situation: I run Home Assistant on an Ubuntu server on my home LAN network. Because my home network is behind a double NAT, I have set up an SSH tunnel to tunnel the Home Assistant web interface to a VPS server running Ubuntu as well.
When I run the following on the VPS, I notice that the SSH tunnel works as expected:
$ curl localhost:8045 | grep -iPo '(?<=<title>)(.*)(?=</title>)'
Home Assistant
On the VPS, I run a bunch of web services via docker-compose and traefik. The other services (caddy, portainer) run without problems.
When I try to serve the Home Assistant service through traefik and access https://ha.mydomain.com through a web browser, I get an Error 504 Gateway Timeout.
Below are my configuration files. What am I doing wrong?
docker-compose yaml file:
version: "3.7"
services:
traefik:
container_name: traefik
image: traefik:latest
networks:
- proxy
extra_hosts:
- host.docker.internal:host-gateway
ports:
- "80:80"
- "443:443"
volumes:
- /etc/localtime:/etc/localtime:ro
- ${HOME}/docker/data/traefik/traefik.yml:/traefik.yml:ro
- ${HOME}/docker/data/traefik/credentials.txt:/credentials.txt:ro
- ${HOME}/docker/data/traefik/config:/config
- ${HOME}/docker/data/traefik/letsencrypt/acme.json:/acme.json
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.dashboard.rule=Host(`traefik.mydomain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
- "traefik.http.routers.dashboard.tls.domains[0].main=traefik.mydomain.com"
- "traefik.http.routers.dashboard.tls.domains[0].sans=traefik.mydomain.com"
- "traefik.http.routers.dashboard.service=api#internal"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.usersfile=/credentials.txt"
caddy:
image: caddy:latest
container_name: caddy
restart: unless-stopped
networks:
- proxy
volumes:
- ${HOME}/docker/data/caddy/Caddyfile:/etc/caddy/Caddyfile
- ${HOME}/docker/data/caddy/site:/srv
- ${HOME}/docker/data/caddy/data:/data
- ${HOME}/docker/data/caddy/config:/config
labels:
- "traefik.http.routers.caddy-secure.rule=Host(`vps.mydomain.com`)"
- "traefik.http.routers.caddy-secure.service=caddy"
- "traefik.http.services.caddy.loadbalancer.server.port=80"
portainer:
image: portainer/portainer-ce
container_name: portainer
networks:
- proxy
command: -H unix:///var/run/docker.sock --http-enabled
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${HOME}/docker/data/portainer:/data
labels:
- "traefik.http.routers.portainer-secure.rule=Host(`portainer.mydomain.com`)"
- "traefik.http.routers.portainer-secure.service=portainer"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
restart: unless-stopped
networks:
# proxy is the network used for traefik reverse proxy
proxy:
external: true
traefik static configuration file:
api:
dashboard: true
insecure: false
debug: true
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: web_secure
web_secure:
address: :443
http:
middlewares:
- secureHeaders#file
tls:
certResolver: letsencrypt
providers:
docker:
network: proxy
endpoint: "unix:///var/run/docker.sock"
file:
filename: /config/dynamic.yml
watch: true
certificatesResolvers:
letsencrypt:
acme:
email: myname#mydomain.com
storage: acme.json
keyType: EC384
httpChallenge:
entryPoint: web
traefik dynamic configuration file:
# dynamic.yml
http:
middlewares:
secureHeaders:
headers:
sslRedirect: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
user-auth:
basicAuth:
users:
- "username:hashedpassword"
routers:
home-assistant-secure:
rule: "Host(`ha.mydomain.com`)"
service: home-assistant
services:
home-assistant:
loadBalancer:
passHostHeader: true
servers:
- url: http://host.docker.internal:8045
tls:
options:
default:
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
minVersion: VersionTLS12

Redirect from non-www to www with Traefik 2

I would like to redirect from non-www to www.
What I would like to do:
Type in the browser:
https://domainname.com
obtain:
https://www.domainname.com
What I write:
version: "3.9"
services:
traefik:
build: ./traefik
image: image-traefik-eb:v.1.0
container_name: container-traefik-eb
command:
- --log.level=INFO
- --log.filePath=/data-log/traefik.log
- --log.format=json
- --accesslog=true
- --api.insecure
- --api.dashboard
- --providers.docker
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls=true
- --entrypoints.websecure.http.tls.certresolver=leresolver
- --certificatesresolvers.leresolver.acme.tlsChallenge=true
- --certificatesresolvers.leresolver.acme.email=##########gmail.com
- --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
- --entrypoints.websecure.http.middlewares.redirect-non-www-to-www.redirectregex.permanent=true
- --entrypoints.websecure.http.middlewares.redirect-non-www-to-www.redirectregex.regex="^https?://(?:www\\.)?(.+)"
- --entrypoints.websecure.http.middlewares.redirect-non-www-to-www.redirectregex.replacement="https://www.${1}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./volumes/data-letsencrypt/:/letsencrypt
- ./volumes/data-log/:/data-log/
restart: always
ports:
- 80:80
- 443:443
networks:
- eb
- traefik-network
php:
build: ./php-apache
image: image-php-apache-eb:v.1.0
labels:
traefik.enable: 'true'
traefik.http.services.php.loadbalancer.server.port: 80
traefik.http.services.php.loadbalancer.server.scheme: http
traefik.http.routers.php.rule: Host(`www.#########.ml`,`#########.ml`)
traefik.http.routers.php.middlewares: redirect-non-www-to-www
volumes:
- ./volumes/data-php:/var/www/html
restart: always
depends_on:
- traefik
networks:
- eb
networks:
eb:
internal: true
traefik-network:
Dockerfile
FROM php:8.1-apache
EXPOSE 80
Dockerfile
FROM traefik:v2.8.0
Source from which I got the code:
https://medium.com/geekculture/how-to-redirect-from-non-www-to-www-with-traefik-659cb7197449
What I get:
ERROR: Invalid interpolation format for "command" option in service "traefik": "--entrypoints.websecure.http.middlewares.redirect-non-www-to-www.redirectregex.replacement="https://www.${1}""
ubuntu-22-04-lts#webserver:~/www.domainname.com$
A few steps forward:
With this new configuration:
A) I reach the dashboard in secure mode and on a valid certificate;
B) I reach the PHP service;
C) Redirect http to https and non-www to www;
With this new configuration:
D) I don't get a valid certificate for index.php (I get a certificate only for the dashboard)
E) I get a lot of error warnings on the nameserver.
version: "3.9"
services:
traefik:
build: ./traefik
image: image-traefik-eb:v.1.0
container_name: container-traefik-eb
command:
- --log.level=INFO
- --log.filePath=/data-log/traefik.log
- --log.format=json
- --accesslog=true
- --api.insecure=false
- --api.dashboard=true
- --providers.docker
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls=true
- --entrypoints.websecure.http.tls.certresolver=leresolver
- --certificatesresolvers.leresolver.acme.tlsChallenge=true
- --certificatesresolvers.leresolver.acme.email=domain-name#gmail.com
- --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
labels:
traefik.enable: true
traefik.http.routers.dashboard.rule: Host(`www.traefik.domain-name.ga`)
traefik.http.routers.dashboard.service: api#internal
traefik.http.routers.dashboard.middlewares: auth
traefik.http.middlewares.auth.basicauth.users: user:***********************
traefik.http.routers.unmatchedwww.rule: HostRegexp(`{name:^www\..*}`)
traefik.http.routers.unmatchedwww.service: noop#internal
traefik.http.routers.unmatchedwww.priority: 2
traefik.http.routers.matchlast.rule: PathPrefix(`/`)
traefik.http.routers.matchlast.priority: 1
traefik.http.routers.matchlast.middlewares: addwww
traefik.http.middlewares.addwww.redirectregex.regex: ^https://(?:www\.)?(.*)
traefik.http.middlewares.addwww.redirectregex.replacement: https://www.$${1}
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./volumes/data-letsencrypt/:/letsencrypt
- ./volumes/data-log/:/data-log/
restart: always
ports:
- 80:80
- 443:443
networks:
- eb
- traefik-network
php:
build: ./php-apache
image: image-php-apache-eb:v.1.0
labels:
traefik.enable: 'true'
traefik.http.services.php.loadbalancer.server.port: 80
traefik.http.services.php.loadbalancer.server.scheme: http
traefik.http.routers.php.rule: Host(`www.domain-name.ga`)
traefik.http.routers.php.tls.domains[0].main: domain-name.ga
traefik.http.routers.php.tls.domains[0].sans: www.domain-name.ga
volumes:
- ./volumes/data-php:/var/www/html
restart: always
depends_on:
- traefik
networks:
- eb
networks:
eb:
internal: true
traefik-network:
FROM traefik:v2.8.0
FROM php:8.1-apache
EXPOSE 80
A few steps forward:
With these codes I improve the situation:
traefik.http.routers.php.tls.certresolver: leresolver
Host(`www.traefik.domain-name.ga`,`traefik.domain-name.ga`)
but i have problems with these links:
'https://traefik.domain-name.ga/'
'http://traefik.domain-name.ga/'

I have taken your config and removed HTTPS configuration (so I tested with only HTTP, so no additional layers of complexity, just testing plain HTTP and redirect logic). You will need to adjust and add HTTPS on your own since we are not using any HTTPS with Traeifk so I can't really help you with that. But nonetheless:
About your redirect logic, I had to move
traefik.http.middlewares.redirect-non-www-to-www.redirectregex
logic to the Labels section of the depending service instead of the traefik configuration to make it work. I created a custom domain called 'my-custom-domain.org' and I edited my hosts' file, to point it to my local dev environment.
In the end i came down to the working configuration:
version: "3.9"
services:
traefik:
image: traefik:v2.8.1
container_name: container-traefik-eb
command:
- --log.level=INFO
- --log.format=json
- --accesslog=true
- --api.insecure
- --api.dashboard
- --providers.docker
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: always
ports:
- 80:80
- 443:443
networks:
- eb
php:
image: nginx:latest
labels:
traefik.enable: 'true'
traefik.http.services.php.loadbalancer.server.port: 80
#traefik.http.services.php.loadbalancer.server.scheme: http
traefik.http.routers.php.rule: Host(`www.my-custom-domain.org`,`my-custom-domain.org`)
traefik.http.routers.php.service: php
traefik.http.routers.php.entrypoints: web
traefik.http.routers.php.middlewares: redirect-non-www-to-www
traefik.http.middlewares.redirect-non-www-to-www.redirectregex.permanent: true
traefik.http.middlewares.redirect-non-www-to-www.redirectregex.regex: "^http://my-custom-domain.org/(.*)"
traefik.http.middlewares.redirect-non-www-to-www.redirectregex.replacement: "http://www.my-custom-domain.org/$${1}"
restart: always
depends_on:
- traefik
networks:
- eb
networks:
eb:
external: true
I have tested this configuration in incognito mode and it works as intended for all http://my-custom-domain.org -> http://www.my-custom-domain.org redirects.
I hope you find it useful and are successful with HTTPS additions, or that any other member which works with Traefik here will be able to help you with that issue.

Let's Encrypt with Traefik - JWS has an invalid anti-replay nonce

I have this composer file, it was working properly, but 2 days ago I added a new domain and it fails to get the Let's encrypt certficate,
version: '3.4'
services:
traefik:
image: "traefik:v2.4"
container_name: "traefik"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudns"
- "--certificatesresolvers.myresolver.acme.email=myemail#gmail.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
labels:
- "com.centurylinklabs.watchtower.enable=false"
ports:
- "80:80"
- "443:443"
environment:
- "CLOUDNS_AUTH_ID=xxxx"
- "CLOUDNS_AUTH_PASSWORD=xxxx"
volumes:
- type: volume
source: traefik
target: /letsencrypt
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- "organic"
php-apache:
image: "php7.4"
restart: "unless-stopped"
container_name: "php-apache"
labels:
- "traefik.enable=true"
- "traefik.http.routers.exampledomain.rule=Host(`example.com`)"
- "traefik.http.routers.exampledomain.entrypoints=websecure"
- "traefik.http.routers.exampledomain.tls.certresolver=myresolver"
- "com.centurylinklabs.watchtower.enable=false"
networks:
- "organic"
networks:
organic:
driver: bridge
Here are the errors I'm getting
traefik | time="2021-04-17T03:31:02Z" level=debug msg="legolog: [INFO] retry due to: acme: error: 400 :: POST :: :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce:
traefik | time="2021-04-17T03:31:02Z" level=error msg="Unable to obtain ACME certificate for domains \"example.com\": unable to generate a certificate for thedomains [example.com]: error: one or more domains had a problem:\n[example.com] [example.com] acme: error presenting token: time limit exceeded: last error: %!w(<nil>)\n" providerName=myresolver.acme rule="Host(`example.com`)" routerName=exampledomain#docker
The tx is generated successfully in ClouDNS is normal, I have spent two days trying to figure out what might be the problem with no luck.

I had the same problem recently and after many configuration tries I deleted the traefik container (not recreate) as well as the letsencrypt volume. Then I redeployed with docker-compose up -d. On startup of traefik new certificates there generated immediately and without any complains. Hope this helps solves your issue as well.
traefik:
image: "traefik:v2.4"
container_name: "traefik"
restart: always
command:
#- "--log.level=DEBUG"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=traefik_proxy"
- "--providers.docker.endpoint=tcp://docker-socket-proxy:2375"
- "--ping=true"
- "--ping.entryPoint=ping"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
- "--certificatesresolvers.letsencrypt.acme.email=${CERTIFICATE_EMAIL}"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
- "--certificatesResolvers.letsencrypt.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
- "--entryPoints.ping.address=:8081"
- "--entrypoints.http.address=:80"
- "--entrypoints.https.address=:443"
- "--entrypoints.https.http.tls.certresolver=letsencrypt"
- "--entrypoints.https.http.tls.domains[0].main=${DOMAINNAME}"
- "--entrypoints.https.http.tls.domains[0].sans=*.${DOMAINNAME}"
environment:
- CF_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
healthcheck:
test: ["CMD", "wget", "-c", "http://localhost:8081/ping"]
retries: 3
interval: "15s"
timeout: "3s"
start_period: "15s"
networks:
- traefik_proxy
- socket-proxy
security_opt:
- no-new-privileges:true
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
volumes:
- "letsencrypt:/letsencrypt"
#- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
- "com.centurylinklabs.watchtower.enable=true"
depends_on:
- docker-socket-proxy

Traefik v2.1.4 - How to create a static route and redirect to a specific host and port

I'm a beginner with Traefik v2.1.4. I'm using in a docker container. I'm trying to set up a static route. I found some examples using the toml configuration file.
[providers]
[providers.file]
[http]
[http.routers]
[http.routers.netdata]
rule = "Host(`netdata.my-domain.com`)"
service = "netdata"
entrypoint=["http"]
[http.services]
[http.services.netdata.loadbalancer]
[[http.services.netdata.loadbalancer.servers]]
url = "https://192.168.0.2:19999"
Following this example I would like to convert it to docker labels of my docker-compose.
My docker-compose file:
version: "3.7"
services:
traefik:
image: traefik:v2.1.4
container_name: traefik
restart: always
command:
- "--log.level=DEBUG"
- "--api.insecure=false"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.letsresolver.acme.tlschallenge=true"
- "--certificatesresolvers.letsresolver.acme.email=my-email#domain.com"
- "--certificatesresolvers.letsresolver.acme.storage=/letsencrypt/acme.json"
labels:
- "traefik.enable=true"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# global redirect to https
- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirs.entrypoints=web"
- "traefik.http.routers.redirs.middlewares=redirect-to-https"
# dashboard
- "traefik.http.routers.traefik.rule=Host(`traefik.my-domain.com`)"
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.middlewares=admin"
- "traefik.http.routers.traefik.tls.certresolver=letsresolver"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.middlewares.admin.basicauth.users=user:hash-passwordXXX"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
default:
external:
name: network

It is possible to use 2 providers together: file and docker.
Your docker-compose.yml:
services:
traefik:
image: traefik:2.2.1
command: traefik --configFile=/etc/traefik/traefik.yml
ports:
- "80:80"
- "8080:8080"
volumes:
- ./traefik.yml:/etc/traefik/traefik.yml
- ./routes.yml:/etc/traefik/routes.yml
- /var/run/docker.sock:/var/run/docker.sock
# your services go here ...
Your traefik.yml:
api:
dashboard: true
insecure: true
entryPoints:
web:
address: :80
providers:
docker: {}
file:
filename: /etc/traefik/routes.yml
watch: true
Your routes.yml:
http:
routers:
hello:
rule: PathPrefix(`/hello`)
service: hello#docker
rule: PathPrefix(`/world`)"
service: world#docker
These are only examples, don't use them in production environment directly, of course.

There is no docker label mentioned to specify url (in https://docs.traefik.io/v2.1/routing/providers/docker/#routers). And I tried to use url instead of port, but it does not work.
So I suggest to use the file provider (https://docs.traefik.io/v2.1/providers/file/).
suggeston for implementation:
update your config with:
services:
...
traefik:
...
command:
...
- "--providers.file.directory=/path/to/dynamic/conf"
config:
- source: redirect.toml
target: /path/to/dynamic/conf/redirect.toml
...
...
configs:
redirect.toml:
file: redirect.toml
and create redirect.toml with your redirection (as in your example).
Of course you can also bindmount the config into the container, or create your own traefik image containing the config, or ...
In case you want to work with labels, you can start a service which redirects with socat
services:
...
netdata:
image: alpine/socat
command: tcp-listen:80,fork,reuseaddr tcp-connect:192.168.0.2:19999
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.netdata.rule: Host(`netdata.my-domain.com`)
traefik.http.services.netdata_srv.loadbalancer.server.port: 80
# hm, and probably tell to forward as https, ...

Traefik: Simple Letsencrypt HTTPS redirect to whoami service throws "404 page not found"

I've tried to get this up and running for two days now and some simple HTTP -> HTTPs redirect does not work! :(
Pretty simple use case:
whoami.my-example-domain.com:80 => redirect to whoami.my-example-domain.com:443 and then traefik internally redirects to :80 of my whoami service docker container.
Here's the docker-compose.yml
version: "3"
services:
reverse-proxy:
image: traefik:alpine
command:
- --logLevel=WARN
- --defaultentrypoints=http,https
- --entrypoints=Name:http Address::80 Redirect.EntryPoint:https
- --entrypoints=Name:https Address::443 TLS
- --acme
- --acme.email=myemail#gmail.com
- --acme.storage=acme.json
- --acme.entryPoint=https
- --acme.httpChallenge.entryPoint=http
- --acme.OnHostRule=true
- --acme.onDemand=false
- --acme.acmeLogging=true
- --docker
- --docker.watch
- --docker.exposedbydefault=false
- --docker.domain=docker.localhost
restart: always
networks:
- web
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- /opt/data/traefik/acme.json:/acme.json
whoami:
image: containous/whoami # A container that exposes an API to show its IP address
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:whoami.some-example-domain.com"
- "traefik.port=80"
- "traefik.frontend.entryPoints=http"
networks:
web:
external: true
When I now call http://whoami.some-example-domain.com (this is just a demo domain and won't work) => it redirects to HTTPs... which is cool, but then it throws the famous "404 page not found" traefik standard error.
If already tried to set the following labels to the container:
"traefik.port=80"
"traefik.frontend.entryPoints=http"
That didn't work either.
Any help would be appreciated! Thanks in advance!
Regards,
Sascha

You have to remove traefik.frontend.entryPoints (linked to defaultentrypoints) or use traefik.frontend.entryPoints=http,https
version: "3"
services:
reverse-proxy:
image: traefik:v1.7.8
command:
- --logLevel=WARN
- --defaultentrypoints=http,https
- --entrypoints=Name:http Address::80 Redirect.EntryPoint:https
- --entrypoints=Name:https Address::443 TLS
- --acme
- --acme.email=myemail#gmail.com
- --acme.storage=acme.json
- --acme.entryPoint=https
- --acme.httpChallenge.entryPoint=http
- --acme.OnHostRule=true
- --acme.onDemand=false
- --acme.acmeLogging=true
- --docker
- --docker.exposedbydefault=false
- --docker.domain=some-example-domain.com
restart: always
networks:
- web
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- /opt/data/traefik/acme.json:/acme.json
whoami:
image: containous/whoami # A container that exposes an API to show its IP address
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:some-example-domain.com"
networks:
- web
networks:
web:
external: true