We will setup a HTTPS Termination on Traefik for our Java Web Application using Payara Micro, that will sit behind our Traefik proxy. In this guide, I will be using GitLab’s Private Registry for pushing my Images to.
Traefik Dockerfile:
Our Traefik Dockerfile:
Traefik Dockerfile 1
2
3
4
5
FROM traefik
ADD traefik.toml .
EXPOSE 80
EXPOSE 8080
EXPOSE 443
traefik.toml
Our Traefik config: traefik.toml
traefik.toml 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
defaultEntryPoints = [ "http" , "https" ]
[ web ]
address = ":8080"
[ entryPoints ]
[ entryPoints . http ]
address = ":80"
[ entryPoints . https ]
address = ":443"
[ entryPoints . https . tls ]
[ acme ]
email = "recipient@domain.com"
storage = "acme.json"
entryPoint = "https"
onDemand = false
OnHostRule = true
[ docker ]
endpoint = "unix:///var/run/docker.sock"
domain = "apps.domain.com"
watch = true
exposedbydefault = false
Build the Image:
Login to GitLab’s Registry, build and push the image:
1
2
3
$ docker login registry.gitlab.com
$ docker build -t registry.gitlab.com/<user>/<repo>/traefik:latest .
$ docker push registry.gitlab.com/<user>/<repo>/traefik:latest
Traefik:
Create the Traefik Proxy Service:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$ docker service create \
--name traefik \
--constraint 'node.role==manager' \
--publish 80:80 \
--publish 443:443 \
--publish 8080:8080 \
--mount type = bind ,source= /var/run/docker.sock,target= /var/run/docker.sock \
--network appnet \
--with-registry-auth registry.gitlab.com/<user>/<repo>/traefik:latest \
--docker \
--docker.swarmmode \
--docker.domain= apps.domain.com \
--docker.watch \
--logLevel= DEBUG \
--web
Java Web Application:
Our Java Web Applications Dockerfile:
Dockerfile 1
2
FROM payara/micro
COPY app.war /opt/payara/deployments/app.war
Build and Push the Image to our GitLab Registry:
1
2
$ docker build -t registry.gitlab.com/<user>/<repo>/java_web:latest .
$ docker push registry.gitlab.com/<user>/<repo>/java_web:latest
Create the Java Web Application on Docker Swarm, specifiying our Host
, and also a PathPrefix
, so that the Traefik Proxy can accept requests for the Hostname
, and anything from /app/
1
2
3
4
5
6
$ docker service create \
--name java_web \
--label 'traefik.port=8080' \
--label traefik.frontend.rule= "Host:apps.domain.com; PathPrefix: /app/" \
--network appnet \
--with-registry-auth registry.gitlab.com/<user>/<repo>/java_web:latest
Now we should be able to access our Web Application on https://apps.domain.com/app/
Resources: