inits.cloud

Traefik Reverse Proxy

Sets up Traefik reverse proxy with automatic SSL and service discovery

Script Author

Rowan de Haas's avatar
Rowan de Haas
Script Author

Script Details

Created 6 months ago
Size 3 KB

Tags

Script Content

Raw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#cloud-config
package_update: true
package_upgrade: true

packages:
  - wget
  - docker.io
  - docker-compose

write_files:
  - path: /opt/traefik/docker-compose.yml
    content: |
      version: '3.7'
      
      services:
        traefik:
          image: traefik:v3.0
          container_name: traefik
          restart: unless-stopped
          ports:
            - "80:80"
            - "443:443"
            - "8080:8080"
          volumes:
            - /var/run/docker.sock:/var/run/docker.sock:ro
            - ./traefik.yml:/etc/traefik/traefik.yml:ro
            - ./dynamic.yml:/etc/traefik/dynamic.yml:ro
            - ./acme.json:/acme.json
          labels:
            - "traefik.enable=true"
            - "traefik.http.routers.dashboard.rule=Host(``traefik.localhost``)"
            - "traefik.http.routers.dashboard.service=api@internal"
          networks:
            - traefik
      
      networks:
        traefik:
          external: true

  - path: /opt/traefik/traefik.yml
    content: |
      api:
        dashboard: true
        insecure: true
      
      entryPoints:
        web:
          address: ":80"
        websecure:
          address: ":443"
      
      providers:
        docker:
          exposedByDefault: false
        file:
          filename: /etc/traefik/dynamic.yml
          watch: true
      
      certificatesResolvers:
        letsencrypt:
          acme:
            email: admin@example.com
            storage: /acme.json
            httpChallenge:
              entryPoint: web

  - path: /opt/traefik/dynamic.yml
    content: |
      http:
        middlewares:
          default-headers:
            headers:
              frameDeny: true
              sslRedirect: true
              browserXssFilter: true
              contentTypeNosniff: true
              forceSTSHeader: true
              stsIncludeSubdomains: true
              stsPreload: true
              stsSeconds: 31536000

  - path: /opt/traefik/acme.json
    content: ""
    permissions: '0600'

runcmd:
  # Create directory
  - mkdir -p /opt/traefik
  - cd /opt/traefik
  # Set permissions
  - chmod 600 acme.json
  # Start Docker
  - systemctl enable docker
  - systemctl start docker
  # Create network
  - docker network create traefik
  # Start Traefik
  - docker-compose up -d
  # Configure firewall
  - ufw allow 80/tcp
  - ufw allow 443/tcp
  - ufw allow 8080/tcp
  - echo "Traefik dashboard available at http://localhost:8080"

How to Use This Script

Cloud Provider Examples

Amazon EC2

aws ec2 run-instances
  --image-id ami-12345678
  --instance-type t3.micro
  --user-data file://script.yaml

DigitalOcean

doctl compute droplet create
  --image ubuntu-22-04-x64
  --size s-1vcpu-1gb
  --user-data-file script.yaml
  my-droplet

Google Cloud

gcloud compute instances create
  my-instance
  --metadata-from-file
  user-data=script.yaml