inits.cloud

Traefik Reverse Proxy

Sets up Traefik reverse proxy with automatic SSL and service discovery

Script Author

Rowan de Haas's avatar
Rowan de Haas
Script Author

Script Details

Created 11 months ago
Size 3 KB

Tags

Script Content

Raw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#cloud-config
package_update: true
package_upgrade: true

packages:
  - wget
  - docker.io
  - docker-compose

write_files:
  - path: /opt/traefik/docker-compose.yml
    content: |
      version: '3.7'
      
      services:
        traefik:
          image: traefik:v3.0
          container_name: traefik
          restart: unless-stopped
          ports:
            - "80:80"
            - "443:443"
            - "8080:8080"
          volumes:
            - /var/run/docker.sock:/var/run/docker.sock:ro
            - ./traefik.yml:/etc/traefik/traefik.yml:ro
            - ./dynamic.yml:/etc/traefik/dynamic.yml:ro
            - ./acme.json:/acme.json
          labels:
            - "traefik.enable=true"
            - "traefik.http.routers.dashboard.rule=Host(``traefik.localhost``)"
            - "traefik.http.routers.dashboard.service=api@internal"
          networks:
            - traefik
      
      networks:
        traefik:
          external: true

  - path: /opt/traefik/traefik.yml
    content: |
      api:
        dashboard: true
        insecure: true
      
      entryPoints:
        web:
          address: ":80"
        websecure:
          address: ":443"
      
      providers:
        docker:
          exposedByDefault: false
        file:
          filename: /etc/traefik/dynamic.yml
          watch: true
      
      certificatesResolvers:
        letsencrypt:
          acme:
            email: admin@example.com
            storage: /acme.json
            httpChallenge:
              entryPoint: web

  - path: /opt/traefik/dynamic.yml
    content: |
      http:
        middlewares:
          default-headers:
            headers:
              frameDeny: true
              sslRedirect: true
              browserXssFilter: true
              contentTypeNosniff: true
              forceSTSHeader: true
              stsIncludeSubdomains: true
              stsPreload: true
              stsSeconds: 31536000

  - path: /opt/traefik/acme.json
    content: ""
    permissions: '0600'

runcmd:
  # Create directory
  - mkdir -p /opt/traefik
  - cd /opt/traefik
  # Set permissions
  - chmod 600 acme.json
  # Start Docker
  - systemctl enable docker
  - systemctl start docker
  # Create network
  - docker network create traefik
  # Start Traefik
  - docker-compose up -d
  # Configure firewall
  - ufw allow 80/tcp
  - ufw allow 443/tcp
  - ufw allow 8080/tcp
  - echo "Traefik dashboard available at http://localhost:8080"

How to Use This Script

Cloud Provider Examples

Amazon EC2

aws ec2 run-instances
  --image-id ami-12345678
  --instance-type t3.micro
  --user-data file://script.yaml

DigitalOcean

doctl compute droplet create
  --image ubuntu-22-04-x64
  --size s-1vcpu-1gb
  --user-data-file script.yaml
  my-droplet

Google Cloud

gcloud compute instances create
  my-instance
  --metadata-from-file
  user-data=script.yaml