Když mám rozjetý Traefik, nový stack je 1 minuta práce. Stačí přidat 4 labely a máš HTTPS, redirect z HTTP, healthcheck.
docker-compose.yml
yaml
services:
app:
image: ghcr.io/example/app:latest
restart: unless-stopped
environment:
- NODE_ENV=production
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/api/health"]
interval: 30s
timeout: 5s
retries: 3
start_period: 30s
labels:
- "traefik.enable=true"
- "traefik.http.routers.app.rule=Host(`app.example.com`)"
- "traefik.http.routers.app.entrypoints=websecure"
- "traefik.http.routers.app.tls.certresolver=letsencrypt"
- "traefik.http.services.app.loadbalancer.server.port=3000"
networks:
- traefik
- app
db:
image: postgres:16-alpine
restart: unless-stopped
environment:
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
volumes:
- db_data:/var/lib/postgresql/data
secrets:
- db_password
networks:
- app
networks:
traefik:
external: true
app:
driver: bridge
volumes:
db_data:
secrets:
db_password:
file: ./secrets/db_password.txtTraefik base stack
Tohle je samostatný stack, který běží jednou na hostu:
yaml
services:
traefik:
image: traefik:v3.2
restart: unless-stopped
command:
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- [email protected]
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
- --log.level=INFO
- --accesslog=true
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./letsencrypt:/letsencrypt
networks:
- traefik
networks:
traefik:
external: trueVolume na
/letsencrypt/acme.jsonmusí mítchmod 600jinak Traefik odmítne start. Bezpečnostní pojistka.