Content posted here with the permission of the author Anil Kumar Maurya, who is currently employed at Josh Software. Original post available here.
Traefik is awesome reverse proxy & load balancer. If you are not using Traefik already then I recommend using it in your next project. I can guarantee that you will not regret.
Setting up SSL certificate on Traefik is a cakewalk. While adding SSL on traefik, I realised how it outshine other reverse proxy (Nginx , HAProxy).
Traefik use LetsEncrypt to automatically generate and renew SSL certificates.
Dockerfile
FROM traefik:v1.7-alpine COPY traefik_ecs.toml /etc/traefik/traefik.toml RUN touch /etc/traefik/acme.json RUN chmod +x /etc/traefik/acme.json
traefik_ecs.toml
defaultEntryPoints = ["https", "http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.bar]
address = ":8080"
[api]
entryPoint = "bar"
dashboard = true
[ecs]
clusters = ["YOUR_ECS_CLUSTER_NAME"]
watch = true
domain = "YOUR_DOMAIN_NAME"
autoDiscoverClusters = false
refreshSeconds = 15
exposedByDefault = true
region = "YOUR_AWS_REGION"
accessKeyID = "YOUR_AWS_ACCESS_KEY_ID"
secretAccessKey = "YOUR_AWS_SECRET_ACCESS_KEY"
[acme]
email = "YOUR_EMAIL"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
Replace YOUR_* values with actual, build image using Dockerfile and deploy it on ECS. That’s it, Traefik will take care of rest and SSL certificate will be added to your domain. Isn’t Traefik awesome ? Let me know what you think through comments below.
References:
- https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/
- https://blog.networkprofile.org/my-traefik-reverse-proxy-setup/
- https://github.com/netbears/traefik-cluster-ecs
Josh Software 