Skip to content

Commit 3f8c567

Browse files
korridorkorridor
committed
Added SSL support for local development
1 parent fd6db9e commit 3f8c567

File tree

4 files changed

+66
-1
lines changed

4 files changed

+66
-1
lines changed

.gitignore

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
certificates/acme.json
1+
certificates/*
22
.idea
33
docker-compose.yml
44
configs

configs-local/dynamic/tls.yml

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
tls:
2+
options:
3+
default:
4+
minVersion: VersionTLS12
5+
mintls13:
6+
minVersion: VersionTLS13
7+
8+
stores:
9+
default:
10+
defaultCertificate:
11+
certFile: /certs/local.cert.pem
12+
keyFile: /certs/local.key.pem

docker-compose.local.yml

+2
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,10 @@ services:
1212
container_name: reverse_proxy_traefik
1313
ports:
1414
- 80:80
15+
- 443:443
1516
volumes:
1617
- /var/run/docker.sock:/var/run/docker.sock
18+
- ./certificates:/certs:ro
1719
- ./configs/traefik.yml:/etc/traefik/traefik.yml
1820
- ./configs/dynamic:/etc/traefik/dynamic
1921
networks:

readme.md

+51
Original file line numberDiff line numberDiff line change
@@ -235,6 +235,57 @@ services:
235235
- "traefik.http.services.someservice.loadbalancer.server.port=8080"
236236
```
237237
238+
### Enable SSL locally
239+
240+
1. Install [mkcert](https://github.com/FiloSottile/mkcert)
241+
242+
For example on macOS:
243+
244+
```bash
245+
brew install mkcert
246+
brew install nss # if you use Firefox
247+
```
248+
249+
Now install the local CA:
250+
251+
```bash
252+
mkcert -install
253+
```
254+
255+
3. Generate certificate
256+
257+
Replace `someservice` with the domains that you are using for local development.
258+
259+
```bash
260+
cd certificates
261+
mkcert -key-file local.key.pem -cert-file local.cert.pem "*.local" "*.test" "*.someservice.test" "*.someservice.local"
262+
```
263+
264+
### Enable SSL in the docker-compose file
265+
266+
```yaml
267+
version: '3.7'
268+
networks:
269+
frontend:
270+
external:
271+
name: reverse-proxy-docker-traefik_routing
272+
services:
273+
someservice:
274+
restart: always
275+
# ...
276+
labels:
277+
- ...
278+
# http
279+
- ...
280+
# https
281+
- "traefik.http.routers.someservice-https.rule=Host(`someservice.test`)"
282+
- "traefik.http.routers.someservice-https.entrypoints=websecure"
283+
- "traefik.http.routers.someservice-https.tls=true"
284+
networks:
285+
- frontend
286+
- ...
287+
```
288+
238289
## Credits
239290
240291
I used the following resources to create this setup:

0 commit comments

Comments
 (0)