Introduction
Traefik and LetsEncrypt
Read this first
It is highly recommended that you run Dokemon in your private network and access it via a VPN or Bastion Host.
There might be cases where you may not have private access to your servers and the only option is to access Dokemon over the Internet, for example when using a low-cost VPS. In such cases, we recommend that you use Dokemon behind an SSL enabled reverse proxy and set a strong password for your Dokemon user. This guide shows you how to use LetsEncrypt SSL enabled Traefik instance as a reverse proxy.
Note that this is a sample configuration and it is your responsibility to modify it as per your requirements and implement appropriate security measures on your infrastructure.
To run Dokemon behind Traefik and enable LetsEncrypt SSL certificates, follow the below steps.
- Create a file named
compose.yaml
and copy paste the YAML definition provided below. Modify the definition as per your requirements. - Run
mkdir ./letsencrypt && mkdir ./dokemondata
- Run
docker compose up -d
version: '3.3'
services:
traefik:
image: 'traefik:v2.10'
container_name: 'traefik'
command:
- '--log.level=DEBUG'
- '--accesslog=true'
- '--api.insecure=true'
- '--providers.docker=true'
- '--providers.docker.exposedbydefault=false'
- '--entrypoints.websecure.address=:443'
- '--certificatesresolvers.dokemon.acme.tlschallenge=true'
- '--certificatesresolvers.dokemon.acme.email=your.email@example.com'
- '--certificatesresolvers.dokemon.acme.storage=/letsencrypt/dokemon.json'
ports:
- '443:443'
- '8080:8080'
volumes:
- './letsencrypt:/letsencrypt'
- '/var/run/docker.sock:/var/run/docker.sock:ro'
dokemon:
image: productiveops/dokemon:latest
container_name: dokemon
restart: unless-stopped
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.dokemon.rule=Host(`dokemon.example.com`)'
- 'traefik.http.routers.dokemon.entrypoints=websecure'
- 'traefik.http.routers.dokemon.tls.certresolver=dokemon'
ports:
- 9090:9090
volumes:
- ./dokemondata:/data
- /var/run/docker.sock:/var/run/docker.sock