Adding section to generate SSL certificats with Traefik

basecamp · Nov 14, 2023 · 651a072 · 651a072
1 parent c86e8e1
commit 651a072
Showing 1 changed file with 43 additions and 0 deletions.
diff --git a/_docs/configuration.md b/_docs/configuration.md
@@ -579,6 +579,49 @@ traefik:
     entrypoints.otherentrypoint.address: ':9000'
 ```
 
+## Generate SSL certificats with Letsencrypt
+
+You can use Traefik to generate SSL certificats automatically with [Letsencrypt](https://letsencrypt.org/):
+
+```yaml
+# Deploy to these servers.
+servers:
+  web:
+    hosts:
+      - 192.168.0.1
+    options:
+      "add-host": host.docker.internal:host-gateway
+    labels:
+      traefik.http.routers.hey-web.entrypoints: websecure
+      traefik.http.routers.hey-web.rule: Host(`example.com`)
+      traefik.http.routers.hey-web.tls.certresolver: letsencrypt
+
+# Configure custom arguments for Traefik
+traefik:
+  options:
+    publish:
+      - "443:443"
+    volume:
+      - "/letsencrypt/acme.json:/letsencrypt/acme.json"
+  args:
+    entryPoints.web.address: ":80"
+    entryPoints.websecure.address: ":443"
+    entryPoints.web.http.redirections.entryPoint.to: websecure
+    entryPoints.web.http.redirections.entryPoint.scheme: https
+    entryPoints.web.http.redirections.entrypoint.permanent: true
+    certificatesResolvers.letsencrypt.acme.email: "example@hey.com"
+    certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json"
+    certificatesResolvers.letsencrypt.acme.httpchallenge: true
+    certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web
+```
+
+Also, create the `acme.json` file and give it correct permissions on each hosts:
+```bash
+$ mkdir -p /letsencrypt && touch /letsencrypt/acme.json && chmod 600 /letsencrypt/acme.json
+```
+
+Now you can access your app throught `https`.
+
 ## Configuring build args for new images
 
 Build arguments that aren't secret can also be configured: