Voronenko · May 2, 2023 13:18
diff --git a/.env1 b/.env1
 MY_DOMAIN1=<domain for Traefik1's dashboard>
 TRAEFIK1_NET=traefik1_net
 CF_API_EMAIL=<your CF API email>
 CF_ZONE_API_TOKEN=<your Zone API Token>
 CF_DNS_API_TOKEN=-<your DNS token>
 TRAEFIK2_DNS_MAPPER=traefik2:<static ip of traefik2 in NET1>

 TAEAFIK2_HOST_SNI=`traefik.<Traefik2's dashboard domain>`
 TRAEFIK2_NET1_ADDRESS=traefik2:443
diff --git a/.env2 b/.env2
 MY_DOMAIN2=<domain for Traefik2's dashboard>
 TRAEFIK1_NET=traefik1_net
 TRAEFIK2_NET=traefik2_net
 TRAEFIK2_NET1_IPV4=<static ip of traefik2 in NET1>
diff --git a/.env_traefik2 b/.env_traefik2
 # this .env file should not be used for substitution in docker-compose.yml as the environment variables will only be available in the running container
 CF_API_EMAIL=<your CF API email>
 CF_ZONE_API_TOKEN=<your Zone API Token>
 CF_DNS_API_TOKEN=-<your DNS token>
diff --git a/Readme.md b/Readme.md
diff --git a/docker-compose-traefik1.yaml b/docker-compose-traefik1.yaml
 version: "3.3"

 services:
  traefik1:
    image: "traefik:v2.6.1"
    container_name: "traefik1"
    restart: "always"
    hostname: "traefik1"
    ports:
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./dynamic.yml:/dynamic.yml:ro"
      - "./traefik.yml:/traefik.yml:ro"
      - "./acme.json:/acme.json"
    labels:
      - "my.zone=zone1"
      - "traefik.enable=true"
      - "traefik.http.routers.traefik1.entrypoints=websecure"
      - "traefik.http.routers.traefik1.tls.certresolver=lets-encr"
      - "traefik.http.routers.traefik1.tls.domains[0].main=traefik.$MY_DOMAIN1"
      - "traefik.http.routers.traefik1.rule=Host(`traefik1.$MY_DOMAIN1`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.traefik1.service=api@internal"
    # adding DNS mapping to /etc/hosts in order to avoid Traefik issues in case of wrong container starting order
    extra_hosts:
      - "$TRAEFIK2_DNS_MAPPER"
    # used to pass environment variables into the container in order to support environment substition in traefik files
    env_file:
      - ".env1"

 networks:
  default:
    external:
      name: $TRAEFIK1_NET
diff --git a/docker-compose-traefik2.yml b/docker-compose-traefik2.yml
 version: '3.3'
 services:
  traefik2:
    image: "traefik:v2.6.1"
    container_name: "traefik2"
    restart: "always"
    hostname: "treafik2"
    env_file:
      - ".env_traefik2"
    ports:
      - "443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik.yml:/traefik.yml:ro"
      - "./acme.json:/acme.json"
    labels:
      - "my.zone=zone2"
      - "traefik.enable=true"
      - "traefik.http.routers.traefik2.entrypoints=websecure"
      - "traefik.http.routers.traefik2.tls.certresolver=lets-encr"
      - "traefik.http.routers.traefik2.tls.domains[0].main=traefik.$MY_DOMAIN2"
      - "traefik.http.routers.traefik2.rule=Host(`traefik.$MY_DOMAIN2`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.traefik2.service=api@internal"
    networks:
      traefik1_net:
        ipv4_address: $TRAEFIK2_NET1_IPV4
      traefik2_net: null

 networks:
  traefik1_net:
    external:
      name: $TRAEFIK1_NET
  traefik2_net:
    external:
      name: $TRAEFIK2_NET
diff --git a/dynamic.yaml b/dynamic.yaml
 tcp:
  routers:
    to_traefik2:
      entrypoints:
        - "websecure"
      rule: HostSNI({{ env "TRAEFIK2_HOST_SNI" }})
      tls:
        passthrough: true
      service: traefik2

  services:
    traefik2:
      loadBalancer:
        servers:
          - address: {{ env "TRAEFIK2_NET1_ADDRESS" }}
diff --git a/traefik1.yml b/traefik1.yml
 ## STATIC CONFIGURATION
 log:
  level: INFO

 api:
  insecure: false
  dashboard: true

 entryPoints:
  websecure:
    address: ":443"

 providers:
  file:
    filename: dynamic.yml
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    constraints: Label(`my.zone`, `zone1`)

 certificatesResolvers:
  lets-encr:
    acme:
      email: <your email>
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
diff --git a/traefik2.yml b/traefik2.yml
 ## STATIC CONFIGURATION
 log:
  level: INFO

 api:
  insecure: false
  dashboard: true

 entryPoints:
  websecure:
    address: ":443"

 providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    constraints: Label(`my.zone`, `zone2`)

 certificatesResolvers:
  lets-encr:
    acme:
      email: <your email>
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
	MY_DOMAIN1=<domain for Traefik1's dashboard>
	TRAEFIK1_NET=traefik1_net
	CF_API_EMAIL=<your CF API email>
	CF_ZONE_API_TOKEN=<your Zone API Token>
	CF_DNS_API_TOKEN=-<your DNS token>
	TRAEFIK2_DNS_MAPPER=traefik2:<static ip of traefik2 in NET1>

	TAEAFIK2_HOST_SNI=`traefik.<Traefik2's dashboard domain>`
	TRAEFIK2_NET1_ADDRESS=traefik2:443
	MY_DOMAIN2=<domain for Traefik2's dashboard>
	TRAEFIK1_NET=traefik1_net
	TRAEFIK2_NET=traefik2_net
	TRAEFIK2_NET1_IPV4=<static ip of traefik2 in NET1>
	# this .env file should not be used for substitution in docker-compose.yml as the environment variables will only be available in the running container
	CF_API_EMAIL=<your CF API email>
	CF_ZONE_API_TOKEN=<your Zone API Token>
	CF_DNS_API_TOKEN=-<your DNS token>
	version: "3.3"

	services:
	traefik1:
	image: "traefik:v2.6.1"
	container_name: "traefik1"
	restart: "always"
	hostname: "traefik1"
	ports:
	- "443:443"
	volumes:
	- "/var/run/docker.sock:/var/run/docker.sock:ro"
	- "./dynamic.yml:/dynamic.yml:ro"
	- "./traefik.yml:/traefik.yml:ro"
	- "./acme.json:/acme.json"
	labels:
	- "my.zone=zone1"
	- "traefik.enable=true"
	- "traefik.http.routers.traefik1.entrypoints=websecure"
	- "traefik.http.routers.traefik1.tls.certresolver=lets-encr"
	- "traefik.http.routers.traefik1.tls.domains[0].main=traefik.$MY_DOMAIN1"
	- "traefik.http.routers.traefik1.rule=Host(`traefik1.$MY_DOMAIN1`) && (PathPrefix(`/api`) \|\| PathPrefix(`/dashboard`))"
	- "traefik.http.routers.traefik1.service=api@internal"
	# adding DNS mapping to /etc/hosts in order to avoid Traefik issues in case of wrong container starting order
	extra_hosts:
	- "$TRAEFIK2_DNS_MAPPER"
	# used to pass environment variables into the container in order to support environment substition in traefik files
	env_file:
	- ".env1"

	networks:
	default:
	external:
	name: $TRAEFIK1_NET
	version: '3.3'
	services:
	traefik2:
	image: "traefik:v2.6.1"
	container_name: "traefik2"
	restart: "always"
	hostname: "treafik2"
	env_file:
	- ".env_traefik2"
	ports:
	- "443"
	volumes:
	- "/var/run/docker.sock:/var/run/docker.sock:ro"
	- "./traefik.yml:/traefik.yml:ro"
	- "./acme.json:/acme.json"
	labels:
	- "my.zone=zone2"
	- "traefik.enable=true"
	- "traefik.http.routers.traefik2.entrypoints=websecure"
	- "traefik.http.routers.traefik2.tls.certresolver=lets-encr"
	- "traefik.http.routers.traefik2.tls.domains[0].main=traefik.$MY_DOMAIN2"
	- "traefik.http.routers.traefik2.rule=Host(`traefik.$MY_DOMAIN2`) && (PathPrefix(`/api`) \|\| PathPrefix(`/dashboard`))"
	- "traefik.http.routers.traefik2.service=api@internal"
	networks:
	traefik1_net:
	ipv4_address: $TRAEFIK2_NET1_IPV4
	traefik2_net: null

	networks:
	traefik1_net:
	external:
	name: $TRAEFIK1_NET
	traefik2_net:
	external:
	name: $TRAEFIK2_NET
	tcp:
	routers:
	to_traefik2:
	entrypoints:
	- "websecure"
	rule: HostSNI({{ env "TRAEFIK2_HOST_SNI" }})
	tls:
	passthrough: true
	service: traefik2

	services:
	traefik2:
	loadBalancer:
	servers:
	- address: {{ env "TRAEFIK2_NET1_ADDRESS" }}
	## STATIC CONFIGURATION
	log:
	level: INFO

	api:
	insecure: false
	dashboard: true

	entryPoints:
	websecure:
	address: ":443"

	providers:
	file:
	filename: dynamic.yml
	docker:
	endpoint: "unix:///var/run/docker.sock"
	exposedByDefault: false
	constraints: Label(`my.zone`, `zone1`)

	certificatesResolvers:
	lets-encr:
	acme:
	email: <your email>
	storage: acme.json
	dnsChallenge:
	provider: cloudflare
	resolvers:
	- "1.1.1.1:53"
	- "8.8.8.8:53"