Secure Treafik by using socket proxy for docker socket

This commit is contained in:
Florian Zirker 2021-04-01 19:20:06 +02:00
parent 30ebabc2ec
commit f71b5aa5d6

View file

@ -16,8 +16,9 @@ services:
- "--providers.docker=true" - "--providers.docker=true"
- "--providers.docker.exposedbydefault=false" - "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=web" - "--providers.docker.network=web"
- "--providers.docker.endpoint=tcp://docker-socket-proxy:2375"
#- "--log.level=DEBUG" #- "--log.level=DEBUG"
- "--accesslog=true" #- "--accesslog=true"
- "--entrypoints.web.address=:80" - "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure" - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https" - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
@ -33,8 +34,8 @@ services:
- "443:443" - "443:443"
networks: networks:
- web - web
- proxy
volumes: volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- ${VOLUMES_PATH}/letsencrypt:/letsencrypt - ${VOLUMES_PATH}/letsencrypt:/letsencrypt
- $PWD/tls.toml:/etc/traefik/tls.toml - $PWD/tls.toml:/etc/traefik/tls.toml
labels: labels:
@ -50,6 +51,16 @@ services:
- "traefik.http.middlewares.auth.basicauth.users=${HTPASSWD}" - "traefik.http.middlewares.auth.basicauth.users=${HTPASSWD}"
- "docker.group=proxy" - "docker.group=proxy"
docker-socket-proxy:
image: tecnativa/docker-socket-proxy
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
CONTAINERS: 1
networks:
- proxy
# whoami: # whoami:
# image: containous/whoami # image: containous/whoami
@ -67,4 +78,4 @@ services:
networks: networks:
web: web:
external: true external: true
proxy: