I am trying to build a Traefik dynamic configuration that has a rule for "Host(app.localhost)"
in development but uses "Host(realname.com)"
in production. I'm also using Docker but I don't think that is relevant to my question. My question is: is there an idiomatic way to use environment variables in my dynamic configuration?
The docs mention Go templates but I don't understand it beyond that. It's really lacking. I've also considered something like envsubst but was hoping to not have to install another tool.
I'm using Traefik 2.0+. Also, I must use the File Provider as I'm using a self-signed cert locally for TLS. From Traefik's documentation:
In the above example, we've used the file provider to handle these definitions. It is the only available method to configure the certificates (as well as the options and the stores). However, in Kubernetes, the certificates can and must be provided by secrets.
Using traefik v2.0+ docker image, you can simply use docker-compose
and define your environment variables in .env
file. Then use labels like this below example.
Uses File provider to add self-signed TLS certificates for localhost using traefik CLI command:--providers.file.filename=/etc/traefik/certs.toml
.env
file in local:# Environment variables for docker-compose.yml
LOG_LEVEL=DEBUG
NETWORK=net
## dashboard configs
DASHBOARD_HOST=app.localhost
CONFIG_PATH=./config
CERT_PATH=./certs
.env
file in production:# Environment variables for docker-compose.yml
# LOG_LEVEL=INFO
LOG_LEVEL=ERROR
NETWORK=net
## dashboard configs
DASHBOARD_HOST=realname.com
CONFIG_PATH=./config
CERT_PATH=./certs
version: "3.5"
services:
traefik:
# Setting container_name disables running multinple instances of this service
container_name: traefik
image: traefik:v2.1
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --log.level=${LOG_LEVEL}
- --providers.docker
- --providers.docker.exposedbydefault=false
- --providers.file.filename=/etc/traefik/certs.toml
- --api
ports:
- "80:80"
- "443:443"
networks:
- net
volumes:
- "${CERT_PATH}:/certs"
- "${CONFIG_PATH}:/etc/traefik"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
# set this lebel to `false` and the rest is history
traefik.enable: true
# middleware redirect
traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https
# redirection HTTP to HTTPS
traefik.http.routers.http_catchall.rule: hostregexp(`{host:.+}`)
traefik.http.routers.http_catchall.entrypoints: web
traefik.http.routers.http_catchall.middlewares: redirect-to-https
# dashboard
traefik.http.routers.traefik.rule: Host(`${DASHBOARD_HOST}`)
traefik.http.routers.traefik.entrypoints: websecure
traefik.http.routers.traefik.service: api@internal
traefik.http.routers.traefik.tls: true
networks:
net:
external: false
name: ${NETWORK}
[tls.stores.default.defaultCertificate]
certFile = "/certs/cert.crt"
keyFile = "/certs/cert.key"
-----BEGIN CERTIFICATE-----
<THE CERTIFICATE STRING>
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
<THE RSA PRIVATE KEY STRING>
-----END RSA PRIVATE KEY-----
docker-compose
will replace all the variables like ${DASHBOARD_HOST}
with the values defined in .env
file.
Then, you can validate your config using: docker-compose config
Run using: docker-compose up -d
-d
flag is for detached mode, runs containers in the background
Source Files:
You can refer to this repository on github to find an elaborate version of this example, on how to setup traefik v2
using docker-compose
for self-signed or to automatically acquire Let's Encrypt wildcard certificates.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With