Based on Simple XenOrchestra setup using docker-compose, this extension of our config from that post features Traefik container labels. For the Traefik configuration, see for example our previous post Simple Traefik docker-compose setup with Lets Encrypt Cloudflare DNS-01 & TLS-ALPN-01 & HTTP-01 challenges
This setup uses a Wildcard certificate but you can also use a non-wildcard cert (e.g. if you don’t have access to the DNS for the DNS01 challenge) by just deleting both traefik.http.routers.xenorchestra.tls.domains... lines and selecting a suitable resolver.
version: '3'
services:
xen-orchestra:
restart: unless-stopped
image: ronivay/xen-orchestra:latest
container_name: xen-orchestra
network_mode: host
stop_grace_period: 1m
environment:
- HTTP_PORT=1780
cap_add:
- SYS_ADMIN
security_opt:
- apparmor:unconfined
volumes:
- ./xo-data:/var/lib/xo-server
- ./redis-data:/var/lib/redis
labels:
- "traefik.enable=true"
- "traefik.http.routers.xenorchestra.rule=Host(`xenorchestra.mydomain.com`)"
- "traefik.http.routers.xenorchestra.entrypoints=websecure"
- "traefik.http.routers.xenorchestra.tls.certresolver=cloudflare"
- "traefik.http.routers.xenorchestra.tls.domains[0].main=mydomain.com"
- "traefik.http.routers.xenorchestra.tls.domains[0].sans=*.mydomain.com"
- "traefik.http.services.xenorchestra.loadbalancer.server.port=1780"
You can now login with the default credentials: [email protected] and password admin