Einfaches Traefik docker-compose-Setup mit Lets Encrypt Cloudflare DNS-01 & TLS-ALPN-01 & HTTP-01 Challenges

Dies ist mein Setup mit docker-compose zum Starten von Traefik, das alle gängigen Verschlüsselungsanbieter unterstützt. Ich empfehle, das Verzeichnis /opt/traefik zu erstellen und die folgende Datei als /opt/traefik/docker-compose.yml zu speichern. Diese Konfiguration hat die file- und docker-Anbieter standardmäßig aktiviert.

docker-compose.yml

services:
  traefik:
    image: "traefik:v3.2"
    network_mode: "host"
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.directory=/etc/traefik/conf"
      - "--providers.file.watch=true"
      - "--entrypoints.web.address=:80"
      - "--entryPoints.web.http.redirections.entryPoint.to=websecure"
      - "--entryPoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--entryPoints.websecure.http3"
      - "--entryPoints.websecure.http3.advertisedport=443"
      - "--log.level=info"
      - "--serversTransport.insecureSkipVerify=true"
#
      - "--certificatesresolvers.cloudflare-ec384.acme.dnschallenge=true"
      - "--certificatesresolvers.cloudflare-ec384.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.cloudflare-ec384.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
      - "--certificatesresolvers.cloudflare-ec384.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.cloudflare-ec384.acme.email=letsencrypt@mydomain.com"
      - "--certificatesresolvers.cloudflare-ec384.acme.KeyType=EC384"
      - "--certificatesresolvers.cloudflare-ec384.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.cloudflare.acme.dnschallenge=true"
      - "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
      - "--certificatesresolvers.cloudflare.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.cloudflare.acme.email=letsencrypt@mydomain.com"
      - "--certificatesresolvers.cloudflare.acme.KeyType=EC256"
      - "--certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.cloudflare-staging.acme.dnschallenge=true"
      - "--certificatesresolvers.cloudflare-staging.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.cloudflare-staging.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
      - "--certificatesresolvers.cloudflare-staging.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.cloudflare-staging.acme.email=letsencrypt@mydomain.com"
      - "--certificatesresolvers.cloudflare-staging.acme.KeyType=EC256"
      - "--certificatesresolvers.cloudflare-staging.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.alpn-ec384.acme.tlsChallenge=true"
      - "--certificatesresolvers.alpn-ec384.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.alpn-ec384.acme.email=letsencrypt@mydomain.com"
      - "--certificatesresolvers.alpn-ec384.acme.KeyType=EC384"
      - "--certificatesresolvers.alpn-ec384.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.alpn.acme.tlsChallenge=true"
      - "--certificatesresolvers.alpn.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "[email protected]"
      - "--certificatesresolvers.alpn.acme.KeyType=EC256"
      - "--certificatesresolvers.alpn.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.alpn-staging.acme.tlsChallenge=true"
      - "--certificatesresolvers.alpn-staging.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.alpn-staging.acme.email=letsencrypt@mydomain.com"
      - "--certificatesresolvers.alpn-staging.acme.KeyType=EC256"
      - "--certificatesresolvers.alpn-staging.acme.storage=/letsencrypt/acme.json"
    environment:
      - [email protected]
      - CLOUDFLARE_API_KEY=XYZABC123
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./conf:/etc/traefik/conf:ro"

services:
  traefik:
    image: "traefik:v3.2"
    network_mode: "host"
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.directory=/etc/traefik/conf"
      - "--providers.file.watch=true"
      - "--entrypoints.web.address=:80"
      - "--entryPoints.web.http.redirections.entryPoint.to=websecure"
      - "--entryPoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--entryPoints.websecure.http3"
      - "--entryPoints.websecure.http3.advertisedport=443"
      - "--log.level=info"
      - "--serversTransport.insecureSkipVerify=true"
#
      - "--certificatesresolvers.cloudflare-ec384.acme.dnschallenge=true"
      - "--certificatesresolvers.cloudflare-ec384.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.cloudflare-ec384.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
      - "--certificatesresolvers.cloudflare-ec384.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.cloudflare-ec384.acme.email=letsencrypt@mydomain.com"
      - "--certificatesresolvers.cloudflare-ec384.acme.KeyType=EC384"
      - "--certificatesresolvers.cloudflare-ec384.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.cloudflare.acme.dnschallenge=true"
      - "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
      - "--certificatesresolvers.cloudflare.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.cloudflare.acme.email=letsencrypt@mydomain.com"
      - "--certificatesresolvers.cloudflare.acme.KeyType=EC256"
      - "--certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.cloudflare-staging.acme.dnschallenge=true"
      - "--certificatesresolvers.cloudflare-staging.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.cloudflare-staging.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
      - "--certificatesresolvers.cloudflare-staging.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.cloudflare-staging.acme.email=letsencrypt@mydomain.com"
      - "--certificatesresolvers.cloudflare-staging.acme.KeyType=EC256"
      - "--certificatesresolvers.cloudflare-staging.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.alpn-ec384.acme.tlsChallenge=true"
      - "--certificatesresolvers.alpn-ec384.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.alpn-ec384.acme.email=letsencrypt@mydomain.com"
      - "--certificatesresolvers.alpn-ec384.acme.KeyType=EC384"
      - "--certificatesresolvers.alpn-ec384.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.alpn.acme.tlsChallenge=true"
      - "--certificatesresolvers.alpn.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.alpn.acme.email=letsencrypt@mydomain.com"
      - "--certificatesresolvers.alpn.acme.KeyType=EC256"
      - "--certificatesresolvers.alpn.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.alpn-staging.acme.tlsChallenge=true"
      - "--certificatesresolvers.alpn-staging.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.alpn-staging.acme.email=letsencrypt@mydomain.com"
      - "--certificatesresolvers.alpn-staging.acme.KeyType=EC256"
      - "--certificatesresolvers.alpn-staging.acme.storage=/letsencrypt/acme.json"
    environment:
      - CLOUDFLARE_EMAIL=cloudflare@mydomain.com
      - CLOUDFLARE_API_KEY=XYZABC123
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./conf:/etc/traefik/conf:ro"

[email protected] durch die E-Mail-Adresse ersetzen, unter der Zertifikate registriert werden sollen. Außerdem sicherstellen, dass dies geändert wird

cloudflare_env_vars.yml

- [email protected]
- CLOUDFLARE_API_KEY=XYZABC123

- CLOUDFLARE_EMAIL=cloudflare@mydomain.com
- CLOUDFLARE_API_KEY=XYZABC123

Optional ein Pilot-Token erstellen und setzen (nicht vergessen, die Zeile auszukommentieren) mit

pilot_token_example.txt

# - "--pilot.token=PILOT_TOKEN_HERE"

# - "--pilot.token=PILOT_TOKEN_HERE"

Nun den Dienst beim Booten automatisch starten (und sofort starten) mit der in docker-compose systemd .service-Generator beschriebenen Methode: Folgendes in /opt/traefik ausführen

create_docker_compose_service.sh

curl -fsSL https://techoverflow.net/scripts/create-docker-compose-service.sh | sudo bash /dev/stdin

curl -fsSL https://techoverflow.net/scripts/create-docker-compose-service.sh | sudo bash /dev/stdin

In Folgebeiträgen wird beschrieben, wie der Zugriff auf die Traefik-API erfolgt.

Check out similar posts by category: Networking, Traefik

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee