Docker Compose local dev environment with Traefik reverse proxy and automatic HTTPS

Configurare noua (How To)

Situatie

Summary

We’ll create a docker-compose.yml with Traefik v2 as the edge proxy that routes service1.localhost and service2.localhost to containers and obtains TLS certs using the local Traefik ACME (for public domains you’d use real DNS; for local dev we’ll use --docker provider + self-signed or mkcert).

Note: Browsers block Let’s Encrypt on *.localhost. For true HTTPS locally use mkcert + mount certs, or use traefik with TLS using mkcert certificates.

Solutie

Files

  • docker-compose.yml

  • traefik/traefik.yml

  • traefik/acme.json

  • service1/Dockerfile, service2/Dockerfile

Example docker-compose.yml

version: "3.8"
services:
traefik:
image: traefik:v2.10
command:
- --providers.docker=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --certificatesresolvers.localresolver.acme.httpchallenge=true
- --certificatesresolvers.localresolver.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.localresolver.acme.email=you@example.com
- --certificatesresolvers.localresolver.acme.storage=/letsencrypt/acme.json
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik/acme.json:/letsencrypt/acme.json
labels:
- "traefik.enable=true"service1:
build: ./service1
labels:
“traefik.http.routers.service1.rule=Host(`service1.local`)”
“traefik.http.routers.service1.entrypoints=websecure”
“traefik.http.routers.service1.tls.certresolver=localresolver”
expose:
“8080”

service2:
build: ./service2
labels:
“traefik.http.routers.service2.rule=Host(`service2.local`)”
“traefik.http.routers.service2.entrypoints=websecure”
“traefik.http.routers.service2.tls.certresolver=localresolver”
expose:
“3000”

Quick steps

  1. Create acme.json and set permissions

mkdir -p traefik
touch traefik/acme.json
chmod 600 traefik/acme.json

  1. Create simple services (e.g., minimal Node or Python apps)
    service1/Dockerfile (example Python Flask):

FROM python:3.11-slim
WORKDIR /app
RUN pip install flask
COPY app.py .
CMD ["python","app.py"]

service1/app.py:

from flask import Flask
app = Flask(__name__)
@app.route("/")
def hello(): return "service1 OK"
if __name__ == "__main__": app.run(host="0.0.0.0", port=8080)

  1. Map local hostnames to 127.0.0.1
    Edit /etc/hosts (sudo) and add:

127.0.0.1 service1.local service2.local

  1. Start

docker compose up --build -d

  1. Open https://service1.local/ (if using real certs) — for local dev use mkcert to generate certs and mount them into Traefik and configure TLS in traefik.yml.

Troubleshooting & notes

  • Let’s Encrypt cannot issue certs for *.local; use mkcert or use a public DNS/mapped domain for real TLS

  • If Traefik fails to start, check logs: docker compose logs traefik

  • For advanced routing add middleware labels (rate-limit, basic auth)

  • This pattern scales to many services and matches production reverse-proxy behavior.

Tip solutie

Permanent

Voteaza

Up Down
(0 din 0 persoane apreciaza acest articol)
Share
Tweet
Share

Despre Autor

Leave A Comment?