Jump to content

Traefik Docker Wordpress Setup


buzzkillb
 Share

Recommended Posts

I really like this guide I found so just rewriting pieces of it and adding some more stuff. Very good blog so check it out.

https://tech.aufomm.com/2020/04/16/deploy-wordpress-with-docker-and-traefik-2/

Install Docker and docker-compose. Then we want to generate a hashed password for the traefik panel.

sudo apt-get install apache2-utils

then we get the user:hashedpassword like this

htpasswd -nbB <USER> "<PASSWORD>"

example for the above

htpasswd -nbB admin "StrongPasswordHere"

Copy somewhere to use for setting up traefik shortly.

Start setting up the system.

touch docker-compose.yml
mkdir data
mkdir data/configurations
touch data/traefik.yml
touch data/acme.json
touch data/configurations/dynamic.yml
chmod 600 data/acme.json

~/docker-compose.yml

edit traefik.yourdomain to whatever subdomain you want to use to access the control panel like traefik.example.com

version: '3.3'

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    security_opt:
      - no-new-privileges:true
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
      # Add folder with dynamic configuration yml
      - ./data/configurations:/configurations
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.yourdomain`)"
      - "[email protected]"
      - "[email protected]"
      
networks:
  proxy:
    external: true

~/data/traefik.yml

update your email address below.

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
  https:
    address: ":443"
    http:
      middlewares:
        - [email protected]
      tls:
        certResolver: letsencrypt
              
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /configurations/dynamic.yml

certificatesResolvers:
  letsencrypt:
    acme:
      email: [email protected]
      storage: acme.json
      keyType: EC384
      httpChallenge:
        entryPoint: http
        
  buypass:
    acme:
      email: [email protected]
      storage: acme.json
      caServer: https://api.buypass.com/acme/directory 
      keyType: EC256
      httpChallenge:
        entryPoint: http

~/data/configurations/dynamic.yml

in the users: line change to your user:hashedpassword copied earlier

# Dynamic configuration
http:
  middlewares:
    secureHeaders:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000        
        
    user-auth:
      basicAuth:
        users:
          - "admin:$apr1$tm53ra6x$FntXd6jcvxYM/YH0P2hcc1"
          
tls:
  options:
    default:
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
      minVersion: VersionTLS12

Now make a directory like ~/blog or ~/wordpressblog or something where your wordpress data folder will be stored. I will use ~/blog since that's pretty simple to type.

~/blog/docker-compose.yml

version: '3.7'

services:
  db:
    image: mariadb
    container_name: wp-db
    volumes:
      - db-data:/var/lib/mysql
    networks:
      - default
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: supersecretpassword
      MYSQL_DATABASE: db
      MYSQL_USER: dbuser
      MYSQL_PASSWORD: dbpassword

  wordpress:
    depends_on:
      - db
    image: wordpress:latest
    container_name: wordpress
    environment:
      WORDPRESS_DB_HOST: db:3306
      WORDPRESS_DB_NAME: db
      WORDPRESS_DB_USER: dbuser
      WORDPRESS_DB_PASSWORD: dbpassword
    volumes:
      - ./wp-data:/var/www/html
    networks:
      - proxy
      - default
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.wordpress-secure.entrypoints=https"
      - "traefik.http.routers.wordpress-secure.rule=Host(`blog.yourdomain`)"
      # - "traefik.http.routers.wordpress-secure.service=wordpress-service"
      # - "traefik.http.services.wordpress-service.loadbalancer.server.port=80"

volumes:
  db-data:
    name: wp-db-data
networks:
  proxy:
    external: true

Change the passwords and usernames to whatever you want. And also change blog.yourdomain to example -> blog.example.com

The above will store your wordpress data folder in the same docker-compose.yml folder.

The trick to adding a second wordpress is make another folder like ~/blog2 and stick the same docker-compose.yml in. Then modify the container names, user, passwords, the volumes: / db-data: / name to the new container name. And then modify this line per wordpress.

- "traefik.http.routers.wordpress-blog2-secure.rule=Host(`blog2.example.com`)"

Now to spin everything up. Go back to your ~/ directory and type

docker-compose up -d

We get a network error like this.

docker-compose up -d
ERROR: Network proxy declared as external, but could not be found. Please create the network manually using `docker network create proxy` and try again.

Start the network.

docker network create proxy

Run docker-compose again to start traefik.

docker-compose up -d

Now try your traefik subdomain.

Then spin up your docker-compose.yml in the blog folder.

docker-compose up -d

And that's it.

 

  • The D 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...