Dockerized NGINX with Traefik

Question

Hello, I’m totally new to Linux and web hosting. I’ve been trying to setup a nginx static website on my Ubuntu 20.4 droplet. By following a tutorial, I set up docker, and Traefik using a traefik.yml like this:

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  http:
    acme:
      email: email@email.com
      storage: acme.json
      httpChallenge:
        entryPoint: http

And then docker-compose this file:

version: '3'

services:
  traefik:
    image: traefik:v2.0
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/traefik.yml:ro
      - ./acme.json:/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`monitor.domain.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=admin:secret_password"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`monitor.domain.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true

I successfully set up a portainer:

version: '3'

services:
  portainer:
    image: portainer/portainer:latest
    container_name: portainer
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.entrypoints=http"
      - "traefik.http.routers.portainer.rule=Host(`manage.domain.com`)"
      - "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
      - "traefik.http.routers.portainer-secure.entrypoints=https"
      - "traefik.http.routers.portainer-secure.rule=Host(`manage.domain.com`)"
      - "traefik.http.routers.portainer-secure.tls=true"
      - "traefik.http.routers.portainer-secure.tls.certresolver=http"
      - "traefik.http.routers.portainer-secure.service=portainer"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
      - "traefik.docker.network=proxy"

networks:
  proxy:
    external: true

So far so good, and everything secured by Let’s Encrypt. Then I tried a bunch of different stuff to deploy a nginx container on a subdomain wiki.domain.com (I did already create that subdomain on my DNS), but not much success. Everything works with a simple command like: $ docker run --name some-nginx -d -p 8888:80 nginx But then I can only access through myip:8888. I’ve tried doing a few different docker-compose similar to the portainer one, but to no success.

version: '3'

services:
  wiki:
    image: nginx:latest
    container_name: wiki
    networks:
      - proxy
    ports:
      - 8888:80
    volumes:
      - "./data:/usr/share/nginx/html:ro"
      - "./nginx.conf:/etc/nginx/nginx.conf:ro"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.wiki.entrypoints=http"
      - "traefik.http.routers.wiki.rule=Host(`wiki.domain.com`)"
      - "traefik.http.middlewares.wiki-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.wiki.middlewares=wiki-https-redirect"
      - "traefik.http.routers.wiki-secure.entrypoints=https"
      - "traefik.http.routers.wiki-secure.rule=Host(`wiki.domain.com`)"
      - "traefik.http.routers.wiki-secure.tls=true"
      - "traefik.http.routers.wiki-secure.tls.certresolver=http"
      - "traefik.http.routers.wiki-secure.service=wiki"
      - "traefik.http.services.wiki.loadbalancer.server.port=8888"
      - "traefik.docker.network=proxy"
    command: [nginx-debug, '-g', 'daemon off;']

networks:
  proxy:
    external: true

Anyone can tell me how to use trafik and nginx to map my website to wiki.domain.com? After I manage do that, I plan on doing a little wiki-like thingy on angularjs, just for learning.

mikethrussell · Answer

Amazingly this question is the top result on Google for “nginx traefik docker” - so I thought I’d post the answer here after fighting with this for far too long…

Final piece of the puzzle found here https://forums.docker.com/t/nginx-php-fpm-traefik-bad-gateway-504/100361/7

Changing the version “3” to “3.7” immediately fixes the nginx bad gate error. You also need to remove the ports, as they override traefik’s config.

version: '3.7'
services:

  #Nginx Service
  webserver:
    image: nginx:alpine
    container_name: webserver
    restart: unless-stopped
    tty: true
    volumes:
      - ./:/var/www
      - ./nginx/conf.d/:/etc/nginx/conf.d/
    networks:
      - app-network
      - traefik
    labels:
      - traefik.http.routers.webserver.rule=Host(`app.domain.tld`)
      - traefik.http.routers.webserver.tls=true
      - traefik.http.routers.webserver.tls.certresolver=lets-encrypt
      - traefik.port=80

#Docker Networks
networks:
  app-network:
    driver: bridge
  traefik:
    external:
      true

Related

Question

Dockerized NGINX with Traefik

Related