Wildcard SSL Certificate With Letsencrypt on Docker Swarm Using Traefik
With Letsencrypt supporting Wildcard certificates is really awesome. Now, we can setup traefik to listen on 443, acting as a reverse proxy and is doing HTTPS Termination to our Applications thats running in our Swarm.
Architectural Design:
At the moment we have 3 Manager Nodes, and 5 Worker Nodes:
Using a Dummy Domain example.com which is set to the 3 Public IP’s of our Manager Nodes
DNS is set for: example.com A Record to: 52.10.1.10, 52.10.1.11, 52.10.1.12
DNS is set for: *.example.com CNAME to example.com
Any application that is spawned into our Swarm, will be labeled with a traefik.frontend.rule which will be routed to the service and redirected from HTTP to HTTPS
Create the Overlay Network:
Create the overlay network that will be used for our stack:
1
$ docker network create --driver overlay appnet
Create the Compose Files for our Stacks:
Create the Traefik Service Compose file, we will deploy it in Global Mode, constraint to our Manager Nodes, so that every manager node has a copy of traefik running.
We have a replicated volume under our /mnt partition, so that all our managers can read from that path, create the file and provide the sufficient permissions: