ansv7779/simple-docker-service
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Page: Home
Pages
Home
Clone
8
Home
Andreas Svanberg edited this page 2025-07-22 14:27:46 +02:00

  1. Install Docker

  2. Initiate Swarm mode with docker swarm init

    • docker swarm join-token worker to add workers (runs services) to the swarm
    • docker swarm join-token manager to add manager (manages workers?) to the swarm

  3. Create a overlay network for Traefik to use docker network create --driver overlay traefik

  4. Create a Traefik configuration file (static configuration)

    Example configuriation not final

    entryPoints:
  web: # name of the entrypoint
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: "websecure"
          scheme: "https"
          permanent: true
  websecure: # name of the entrypoint
    address: ":443"
    asDefault: true
    http:
      tls:
        certResolver: letsencrypt

certificatesResolvers:
  letsencrypt:
    acme:
      email: "root@dsv.su.se"
      storage: "/letsencrypt/acme.json"
      httpchallenge:
        entryPoint: web

providers:
  swarm:
    exposedByDefault: false # default true
    network: traefik # external overlay network

api:
  dashboard: true
  insecure: true

  5. Turn the configuration file into a config docker config create traefik_configuration ./traefik.yaml (3rd argument is name of the configuration, fourth is the file created in the previous step)

    Note

    To view a config docker config inspect <name> | jq -r '.[].Spec.Data' | base64 -d

  6. Create Traefik service

    docker service create \
  --name traefik \
  --publish 80:80 \
  --publish 443:443 \
  --publish 8080:8080 \
  --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
  --mount type=volume,source=letsencrypt,target=/letsencrypt \
  --config source=traefik_static_configuration,target=/etc/traefik/traefik.yml \
  --network traefik \
   traefik:v3.4

    Port 8080 is where the dashboard is available when using api.insecure=true

    Note

    To show a service's labels docker service inspect <name> | jq '.[].Spec.labels'

    To add/update labels docker service update --label-add "foo=bar" <name>

  7. Add web application services

    docker service create \
  --name <some name> \
  --network traefik \
  --label traefik.enable=true \
  --label traefik.http.routers.<some name>.rule=Host(`my.domain.example`) \
  --label traefik.http.services.<some name>.loadbalancer.server.port=<port your container is listening on> \
  <image>

    You must specify the port the container is listening since Traefik can't see the EXPOSE directive from the Dockerfile when running in Swarm mode. The rule can be anything you want, it is used to tell Traefik when to route traffic to the container. Add additional networks if necessary to communicate with other internal services.