Ruan Bekker's Blog

From a Curious mind to Posts on Github

HTTPS Termination Using LetsEncrypt With Traefik on Docker Swarm

We will setup a HTTPS Termination on Traefik for our Java Web Application using Payara Micro, that will sit behind our Traefik proxy. In this guide, I will be using GitLab’s Private Registry for pushing my Images to.

Traefik Dockerfile:

Our Traefik Dockerfile:

Traefik Dockerfile
1
2
3
4
5

FROM traefik
ADD traefik.toml .
EXPOSE 80
EXPOSE 8080
EXPOSE 443

traefik.toml

Our Traefik config: traefik.toml

traefik.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

defaultEntryPoints = ["http", "https"]

[web]
address = ":8080"

[entryPoints]

[entryPoints.http]
address = ":80"

[entryPoints.https]
address = ":443"

[entryPoints.https.tls]

[acme]
email = "recipient@domain.com"
storage = "acme.json"
entryPoint = "https"
onDemand = false
OnHostRule = true

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "apps.domain.com"
watch = true
exposedbydefault = false

Build the Image:

Login to GitLab’s Registry, build and push the image:

1
2
3

$ docker login registry.gitlab.com
$ docker build -t registry.gitlab.com/<user>/<repo>/traefik:latest .
$ docker push registry.gitlab.com/<user>/<repo>/traefik:latest

Traefik:

Create the Traefik Proxy Service:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

$ docker service create \
--name traefik \
--constraint 'node.role==manager' \
--publish 80:80 \
--publish 443:443 \
--publish 8080:8080 \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
--network appnet \
--with-registry-auth registry.gitlab.com/<user>/<repo>/traefik:latest \
--docker \
--docker.swarmmode \
--docker.domain=apps.domain.com \
--docker.watch \
--logLevel=DEBUG \
--web

Java Web Application:

Our Java Web Applications Dockerfile:

Dockerfile
1
2

FROM payara/micro
COPY app.war /opt/payara/deployments/app.war

Build and Push the Image to our GitLab Registry:

1
2

$ docker build -t registry.gitlab.com/<user>/<repo>/java_web:latest .
$ docker push registry.gitlab.com/<user>/<repo>/java_web:latest

Create the Java Web Application on Docker Swarm, specifiying our Host, and also a PathPrefix, so that the Traefik Proxy can accept requests for the Hostname, and anything from /app/

1
2
3
4
5
6

$ docker service create \
--name java_web \
--label 'traefik.port=8080' \
--label traefik.frontend.rule="Host:apps.domain.com; PathPrefix: /app/" \
--network appnet \
--with-registry-auth registry.gitlab.com/<user>/<repo>/java_web:latest

Now we should be able to access our Web Application on https://apps.domain.com/app/

Resources: