First Post
Here is where it all starts...
For this site I decide to play with ghost. It is nodejs
based blogging engine, with a template based theming engine. To make the install easier and manageable I use a ghost docker container with a docker traefik container as reverse proxy in front of it. The traefik also gives me the out of the box opportunity to use Let's Encrypt to secure the site.
Because I plan to host more containers, I decided to use docker-compose
to see if that helps with the management of the various 'apps'.
Config
The docker-compose.yaml
:
version: '3'
####
# services
services:
traefik: # reverse proxy
hostname: traefik
image: traefik:alpine
networks:
- default
- traefik_proxy
ports:
- "80:80"
- "443:443"
- "8080:8080"
labels:
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:dalmore.${MYDOMAIN}; PathPrefixStrip: /traefik"
- "traefik.port=8080"
- "traefik.docker.network=traefik_proxy"
- "traefik.frontend.headers.SSLRedirect=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${DOCKERDIR}/traefik:/etc/traefik
- ${DOCKERDIR}/shared:/shared
pascal: # ghost blog
image: ghost:2-alpine
networks:
- traefik_proxy
environment:
- url=https://pascal.${MYDOMAIN}
volumes:
- ${DOCKERDIR}/mainghost:/var/lib/ghost/content
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:pascal.${MYDOMAIN}"
- "traefik.backend=pascal"
And a traefik.toml
to automatically use Let's Encrypt
logLevel = "INFO" # DEBUG, INFO, WARN, ERROR, FATAL, PANIC
defaultEntryPoints = [ "http", "https" ]
#[api]
[web]
address = ":8080"
[web.auth.basic]
usersFile = "/shared/.htpasswd"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[file]
watch = true
filename = "/etc/traefik/rules.toml"
[acme]
email = "le@kolyn.nl"
storage = "/etc/traefik/acme/acme.json"
entryPoint = "https"
onHostRule = true
acmeLogging = true
#caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
[acme.httpChallenge]
entryPoint = "http"
# Connection to docker host system (docker.sock)
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "kolyn.nl"
watch = true
# This will hide all docker containers that don't have explicitly
# set label to "enable"
exposedbydefault = false
The [acme]
block enables Let's Encrypt. The important part is onHostRule = true
this creates a certificate for every traefik.frontend.rule
as read from the docker daemon. The exposedbydefault = false
will only expose docker containers if they are labeled with traefik.enable
. The rest is magic....
Usage
You can start it all up in the background ( -d
) :
$ docker-compose up -d
if you omit the -d
then you can see the logs of the various containers in your terminal but if you close the terminal the containers stop, handy for debugging. But else use the -d
and you can still view the logs:
docker-compose logs -f
or just the logs for the traefik 'service':
$ docker-compose logs -f traefik