This image is the Traefik base. It comes from alpine-monit.
docker build -t rawmind/alpine-traefik:<version> .
1.7.18-0(Dockerfile)1.7.16-0(Dockerfile)1.7.14-0(Dockerfile)1.7.12-1(Dockerfile)1.7.12-0(Dockerfile)1.7.11-0(Dockerfile)1.7.10-0(Dockerfile)1.7.9-0(Dockerfile)1.7.8-0(Dockerfile)1.7.7-0(Dockerfile)1.7.6-0(Dockerfile)1.7.4-1(Dockerfile)1.7.3-1(Dockerfile)1.7.2-0(Dockerfile)1.7.0-0(Dockerfile)1.6.6-1(Dockerfile)1.6.5-2(Dockerfile)1.6.4-0(Dockerfile)1.6.3-0(Dockerfile)1.6.2-0(Dockerfile)1.6.1-0(Dockerfile)1.6.0-0(Dockerfile)1.5.4-0(Dockerfile)1.5.3-3(Dockerfile)1.5.2-0(Dockerfile)1.5.1-0(Dockerfile)1.5.0-5(Dockerfile)1.4.6-0(Dockerfile)1.4.5-3(Dockerfile)1.4.4-4(Dockerfile)1.4.3-0(Dockerfile)1.4.2-0(Dockerfile)1.4.1-2(Dockerfile)1.4.0-6(Dockerfile)1.3.8-4(Dockerfile)1.3.6(Dockerfile)1.3.5(Dockerfile)1.3.3(Dockerfile)1.3.2-2(Dockerfile)1.2.3-1(Dockerfile)1.2.1(Dockerfile)1.2.0-rc2-1(Dockerfile)1.1.2-1(Dockerfile)1.1.1-2(Dockerfile)1.0.3-1(Dockerfile)1.0.2-6(Dockerfile)1.0.1-4(Dockerfile)1.0.0(Dockerfile)1.0.0-rc3-3(Dockerfile)1.0.0-rc2-6(Dockerfile)1.0.0-beta.771(Dockerfile)1.0.0-beta.555-6(Dockerfile)
This image runs Traefik with monit. It is started with traefik user/group with 10001 uid/gid.
Besides, you can customize the configuration in several ways:
Traefik is installed with the default configuration and some parameters can be overrided with env variables:
TRAEFIK_HTTP_PORT=8080 |
http port > 1024 due to run as non privileged user |
TRAEFIK_HTTP_COMPRESSION="true" |
Enable http compression |
TRAEFIK_HTTPS_ENABLE="false" |
"true" enables https and http endpoints. "Only" enables https endpoints and redirect http to https. |
TRAEFIK_HTTPS_PORT=8443 |
https port > 1024 due to run as non privileged user |
TRAEFIK_HTTPS_MIN_TLS="VersionTLS12" |
Minimal allowed tls version to accept connections from |
TRAEFIK_HTTPS_COMPRESSION="true" |
Enable https compression |
TRAEFIK_TRUSTEDIPS="" |
Enable proxyProtocol and forwardHeaders for these IPs (eg: "172.0.0.0/16,192.168.0.1") |
TRAEFIK_ADMIN_ENABLE="false" |
"true" enables api, rest, ping and webui |
TRAEFIK_ADMIN_PORT=8000 |
admin port > 1024 due to run as non privileged user |
TRAEFIK_ADMIN_SSL=false |
"true" enables https on api, rest, ping and webui using TRAEFIK_SSL_CRT certificate |
TRAEFIK_ADMIN_STATISTICS=10 |
Enable more detailed statistics |
TRAEFIK_ADMIN_AUTH_METHOD="basic" |
Auth method to use on api, rest, ping and webui. basic |
TRAEFIK_ADMIN_AUTH_USERS="" |
Basic or digest users created with htpasswd or htdigest. |
TRAEFIK_CONSTRAINTS="" |
Traefik constraint param. EG: \\"tag==api\\" |
TRAEFIK_LOG_LEVEL="INFO" |
Log level |
TRAEFIK_DEBUG="false" |
Enable/disable debug mode |
TRAEFIK_INSECURE_SKIP="false" |
Enable/disable InsecureSkipVerify parameter |
TRAEFIK_LOG_FILE="/opt/traefik/log/traefik.log"} |
Log file. Redirected to docker stdout. |
TRAEFIK_ACCESS_FILE="/opt/traefik/log/access.log"} |
Access file. Redirected to docker stdout. |
TRAEFIK_SSL_PATH="/opt/traefik/certs" |
Path to search .key and .crt files |
TRAEFIK_SSL_KEY=<DEMO KEY> |
ssl key |
TRAEFIK_SSL_KEY_FILE=${TRAEFIK_SSL_PATH}"/"${SERVICE_NAME}".key" |
Default key file. |
TRAEFIK_SSL_CRT=<DEMO CRT> |
ssl cert |
TRAEFIK_SSL_CRT_FILE=${TRAEFIK_SSL_PATH}"/"${SERVICE_NAME}".crt"} |
Default crt file. |
TRAEFIK_ACME_ENABLE="false" |
Enable/disable traefik ACME feature. acme |
TRAEFIK_ACME_CHALLENGE="" |
Set http|dns to activate traefik acme challenge mode. |
TRAEFIK_ACME_CHALLENGE_HTTP_ENTRYPOINT="http" |
Set traefik acme http challenge entrypoint. acme http challenge |
TRAEFIK_ACME_CHALLENGE_DNS_PROVIDER="" |
Set traefik acme dns challenge provider. You need to manually add configuration env variables accordingly the dns provider you use. acme dns provider |
TRAEFIK_ACME_CHALLENGE_DNS_DELAY="" |
Set traefik acme dns challenge delayBeforeCheck. acme dns challenge |
TRAEFIK_ACME_EMAIL="test@traefik.io" |
Default email |
TRAEFIK_ACME_ONHOSTRULE="true" |
ACME OnHostRule parameter |
TRAEFIK_ACME_CASERVER="https://acme-v02.api.letsencrypt.org/directory" |
ACME caServer parameter |
TRAEFIK_ACME_KEYTYPE=RSA4096 |
Acme keytype to use. Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192". acme keytype |
TRAEFIK_FILE_ENABLE="false" |
Enable/disable file backend |
TRAEFIK_FILE_NAME="${SERVICE_HOME}/etc/rules.toml" |
File name for file backend |
TRAEFIK_K8S_ENABLE="false" |
Enable/disable traefik K8S integration |
TRAEFIK_RANCHER_ENABLE="false" |
Enable/disable traefik RANCHER integration |
TRAEFIK_RANCHER_REFRESH=15 |
Rancher poll refresh seconds |
TRAEFIK_RANCHER_MODE="api" |
Rancher integration mode. api|metadata |
TRAEFIK_RANCHER_DOMAIN="rancher.internal" |
Rancher domain |
TRAEFIK_RANCHER_EXPOSED="false" |
Rancher ExposedByDefault |
TRAEFIK_RANCHER_HEALTHCHECK="false" |
Rancher EnableServiceHealthFilter |
TRAEFIK_RANCHER_INTERVALPOLL="false" |
Rancher enable/disable intervalpoll |
TRAEFIK_RANCHER_PREFIX="/2016-07-29" |
Rancher metadata prefix |
TRAEFIK_DOCKER_ENABLE="false" |
Enable/disable traefik DOCKER backend |
TRAEFIK_DOCKER_ENTRYPOINT="unix:///var/run/docker.sock" |
Set docker backend (unix socket or TCP). BEWARE: if you set a unix socket traefik has to be started as root! |
TRAEFIK_USAGE_ENABLE="false" |
Enable/disable send Traefik anonymous usage collection |
TRAEFIK_METRICS_ENABLE="false" |
Enable/disable traefik metrics |
TRAEFIK_METRICS_EXPORTER="" |
Metrics exporter prometheus|datadog|statsd|influxdb |
TRAEFIK_METRICS_PUSH="10" |
Metrics exporter push interval (s). (for datadog or statsd or influxdb) |
TRAEFIK_METRICS_ADDRESS="" |
Metrics exporter address. d(for datadog or statsd or influxdb)b |
TRAEFIK_METRICS_PROMETHEUS_BUCKETS="[0.1,0.3,1.2,5.0]" |
Metrics buckets for prometheus |
TRAEFIK_TIMEOUT_READ="0" |
respondingTimeouts readTimeout |
TRAEFIK_TIMEOUT_WRITE="0" |
respondingTimeouts writeTimeout |
TRAEFIK_TIMEOUT_IDLE="180" |
respondingTimeouts idleTimeout |
TRAEFIK_TIMEOUT_DIAL="30" |
forwardingTimeouts dialTimeout |
TRAEFIK_TIMEOUT_HEADER="0" |
forwardingTimeouts responseHeaderTimeout |
TRAEFIK_TIMEOUT_GRACE="10" |
lifeCycle graceTimeOut |
TRAEFIK_TIMEOUT_ACCEPT="0" |
lifeCycle requestAcceptGraceTimeout |
CATTLE_URL="" |
Rancher API url |
CATTLE_ACCESS_KEY="" |
Rancher access key |
CATTLE_SECRET_KEY="" |
Rancher secret key |
Traefik is installed under /opt/traefik and make use of /opt/traefik/etc/traefik.toml and /opt/traefik/etc/rules.toml.
You can edit or overwrite this files in order to customize your own configuration or certificates.
You could also include FROM rawmind/alpine-traefik at the top of your Dockerfile, and add your custom config.
Added SSL configuration. Set TRAEFIK_HTTPS_ENABLE="< true || only >" to enable it.
SSL certificates are located by default in /opt/traefik/certs.
You need to provide .key AND .crt files to that directory, in order Traefik gets automatically configured with ssl.
If you put more that one key/crt files in the certs directory, Traefik gets sni enabled and configured. You also could map you cert storage volume to Traefik and mount it in $TRAEFIK_SSL_PATH value.
You could also include FROM rawmind/alpine-traefik at the top of your Dockerfile, and add your custom ssl files.
If you need to let legacy tls versions connect to traefik then setting TRAEFIK_HTTPS_MIN_TLS will set minVersion on the https Entrypoint.
See the Traefik documentation for allowed values. Default is VersionTLS12.
If you enable SSL configuration, you could enable Traefik Let's Encrypt support as well (ACME).
To do it, set TRAEFIK_ACME_ENABLE="true".
If you are running it in rancher, you could use in 2 ways:
- Traefik built rancher integration. Add
env TRAEFIK_RANCHER_ENABLE=true - You could run rancher-traefik as a sidekick to get dynamic configuration.
See rancher-example, that run a Traefik lb in all infrastructure servers and publish ${TRAEFIK_HTTP_PORT}, ${TRAEFIK_HTTPS_PORT} and ${TRAEFIK_ADMIN_PORT} throught them.
Add sni automation to the Traefik.