Table of contents

• Docker swarm init

• Create a traefik network

• Create a htpasswd password

• Create folders

  • for Traefik
  • for Swarmpit
  • for Portainer

• Traefik docker compose yml

• Swarmpit Docker compose

• Portainer

Docker swarm init

1docker swarm init --advertise-addr 10.0.0.3

Create a traefik network

1docker network create --driver overlay traefik-public

Create a htpasswd password

1docker run --rm httpd:2.4-alpine htpasswd -nbB admin <password> | cut -d ":" -f 2

Escape the $ sign in the password by adding one more $

Create folders

for Traefik

create a folder and set 600 as permission.

1mkdir /home/docker-login/data/traefik
2touch /home/docker-login/data/traefik/acme.json
3chmod 600 /home/docker-login/data/traefik/acme.json

for Swarmpit

1mkdir /home/docker-login/data/db-data
2mkdir /home/docker-login/data/influx-data

for Portainer

1mkdir /mnt/volume2/portainer

Traefik docker compose yml

Sample yml

1version: "3.3"
2
3services:
4  traefik:
5    image: "traefik:v2.1.4"
6    command:
7      - --log.level=INFO
8      - --entrypoints.web.address=:80
9      - --entrypoints.websecure.address=:443
10      - --providers.docker
11      - --providers.docker.exposedbydefault=false
12      - --providers.docker.swarmmode=true
13      - --providers.docker.network=traefik-public
14      - --api
15      - --api.dashboard=true
16      - --certificatesresolvers.leresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
17      # update your email here
18      - --certificatesresolvers.leresolver.acme.email=youremail@test.com
19      # Make sure the this file is available and permission is set correctly
20      - --certificatesresolvers.leresolver.acme.storage=/le/acme.json
21      - --certificatesresolvers.leresolver.acme.tlschallenge=true
22    ports:
23      - "80:80"
24      - "443:443"
25    networks:
26      - traefik-public
27    volumes:
28      - "/var/run/docker.sock:/var/run/docker.sock:ro"
29      # Make sure the volume folder is created
30      - "/home/docker-login/data/traefik/acme.json:/le/acme.json"
31    deploy:
32      labels:
33        # Dashboard
34        - "traefik.enable=true"
35        # Change the host url here
36        - "traefik.http.routers.traefik.rule=Host(`traefik.example.com`)"
37        - "traefik.http.routers.traefik.service=api@internal"
38        - "traefik.http.services.traefik.loadbalancer.server.port=8080"
39        - "traefik.http.routers.traefik.tls.certresolver=leresolver"
40        - "traefik.http.routers.traefik.entrypoints=websecure"
41        - "traefik.http.routers.traefik.middlewares=authtraefik"
42        # Change the auth password here
43        - "traefik.http.middlewares.authtraefik.basicauth.users=admin:yournewpassword" # user/password
44
45        # global redirect to https
46        - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
47        - "traefik.http.routers.http-catchall.entrypoints=web"
48        - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
49
50        # middleware redirect
51        - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
52
53  my-app:
54    image: containous/whoami:v1.3.0
55    networks:
56      - traefik-public
57    command:
58      - --port=8082 # Our service listens on 8082
59    deploy:
60      labels:
61        - "traefik.enable=true"
62        # Change the host url here
63        - "traefik.http.routers.my-app.rule=Host(`whoami.example.com`)"
64        - "traefik.http.services.my-app.loadbalancer.server.port=8082"
65        - "traefik.http.routers.my-app.middlewares=auth"
66        - "traefik.http.routers.my-app.entrypoints=websecure"
67        - "traefik.http.routers.my-app.tls=true"
68        - "traefik.http.routers.my-app.tls.certresolver=leresolver"
69        # Change the password here
70        - "traefik.http.middlewares.auth.basicauth.users=admin:changeme" # user/password
71
72networks:
73  traefik-public:
74    external: true

Swarmpit Docker compose

Make sure the service name for swarmpit is "app"

1version: "3.3"
2
3services:
4  app:
5    image: swarmpit/swarmpit:latest
6    environment:
7      - SWARMPIT_DB=http://db:5984
8      - SWARMPIT_INFLUXDB=http://influxdb:8086
9    volumes:
10      - /var/run/docker.sock:/var/run/docker.sock:ro
11    networks:
12      - traefik-public
13    deploy:
14      labels:
15        - "traefik.enable=true"
16        # change the host name here
17        - "traefik.http.routers.app.rule=Host(`swarm.example.com`)"
18        - "traefik.http.services.app.loadbalancer.server.port=8080"
19        - "traefik.http.routers.app.tls=true"
20        - "traefik.http.routers.app.tls.certresolver=leresolver"
21        - "traefik.docker.network=traefik-public"
22      resources:
23        limits:
24          cpus: "0.50"
25          memory: 1024M
26        reservations:
27          cpus: "0.25"
28          memory: 512M
29      placement:
30        constraints:
31          - node.role == manager
32
33  db:
34    image: couchdb:2.3.0
35    volumes:
36      # make sure the folder is available
37      - /home/docker-login/data/db-data:/opt/couchdb/data
38    networks:
39      - traefik-public
40    deploy:
41      resources:
42        limits:
43          cpus: "0.30"
44          memory: 256M
45        reservations:
46          cpus: "0.15"
47          memory: 128M
48
49  influxdb:
50    image: influxdb:1.7
51    volumes:
52      # make sure the folder is available
53      - /home/docker-login/data/influx-data:/var/lib/influxdb
54    networks:
55      - traefik-public
56    deploy:
57      resources:
58        limits:
59          cpus: "0.60"
60          memory: 512M
61        reservations:
62          cpus: "0.30"
63          memory: 128M
64
65  agent:
66    image: swarmpit/agent:latest
67    environment:
68      - DOCKER_API_VERSION=1.35
69    volumes:
70      - /var/run/docker.sock:/var/run/docker.sock:ro
71    networks:
72      - traefik-public
73    deploy:
74      mode: global
75      labels:
76        swarmpit.agent: "true"
77      resources:
78        limits:
79          cpus: "0.10"
80          memory: 64M
81        reservations:
82          cpus: "0.05"
83          memory: 32M
84
85networks:
86  traefik-public:
87    external: true

Portainer

1version: "3.2"
2
3services:
4  agent:
5    image: portainer/agent
6    volumes:
7      - /var/run/docker.sock:/var/run/docker.sock
8      - /var/lib/docker/volumes:/var/lib/docker/volumes
9    networks:
10      - traefik-public
11    deploy:
12      mode: global
13      placement:
14        constraints: [node.platform.os == linux]
15
16  portainer:
17    image: portainer/portainer
18    command: -H tcp://tasks.agent:9001 --tlsskipverify
19    volumes:
20      - /var/run/docker.sock:/var/run/docker.sock
21      # make sure the folder is available
22      - /mnt/volume2/portainer:/data
23    networks:
24      - traefik-public
25    deploy:
26      labels:
27        - "traefik.enable=true"
28        # change the host here
29        - "traefik.http.routers.portainer.rule=Host(`admin.example.com`)"
30        - "traefik.http.services.portainer.loadbalancer.server.port=9000"
31        - "traefik.http.routers.portainer.entrypoints=websecure"
32        - "traefik.http.routers.portainer.tls=true"
33        - "traefik.http.routers.portainer.tls.certresolver=leresolver"
34      mode: replicated
35      placement:
36        constraints: [node.role == manager]
37
38networks:
39  traefik-public:
40    external: true