Tutorial: Setting Up Traefik with Portainer for Docker Management

Complete Guide: Work Management Virtual Machine from Scratch

This tutorial will guide you through setting up Traefik as a reverse proxy and Portainer for Docker container management. The tutorial assumes you have a Linux server with Docker and Docker Compose installed.

---

Step 1: Prepare the Directory Structure

Organize your setup for easy management by creating directories for Traefik and Portainer.

sudo mkdir -p /srv/traefik /srv/portainer

---

Step 2: Configure Traefik

2.1: Create the Traefik Configuration Files

Navigate to the Traefik directory:

cd /srv/traefik

Create the traefik.yml file for Traefik's static configuration:

sudo nano traefik.yml

Paste the following configuration:

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

api:
  dashboard: true

providers:
  file:
    directory: "/etc/traefik/dynamic/"
    watch: true

certificatesResolvers:
  letsencrypt:
    acme:
      email: "your-email@example.com"  # Replace with your email
      storage: "/acme.json"
      httpChallenge:
        entryPoint: web

Save and exit (Ctrl+O, Enter, Ctrl+X).

Create the dynamic directory and a dynamic configuration file:

sudo mkdir dynamic
sudo nano dynamic/dynamic.yml

Paste this content:

http:
  routers:
    traefik-dashboard:
      rule: "Host(`traefik.example.com`)"  # Replace with your domain
      service: api@internal
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt

Save and exit.

Create the acme.json file for SSL certificates and set proper permissions:

sudo touch acme.json
sudo chmod 600 acme.json

---

2.2: Create the Traefik docker-compose.yml

Create the docker-compose.yml file:

sudo nano docker-compose.yml

Paste the following content:

version: "3.8"
services:
  traefik:
    image: traefik:v2.10
    container_name: traefik
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./traefik.yml:/etc/traefik/traefik.yml"
      - "./dynamic:/etc/traefik/dynamic"
      - "./acme.json:/acme.json"
    networks:
      - web

networks:
  web:
    external: true

---

2.3: Create the External Docker Network

Create a shared external network for Traefik and Portainer:

docker network create web

---

2.4: Start Traefik

Bring up the Traefik container:

docker compose up -d

Verify Traefik is running:

docker ps

Access the Traefik dashboard:

https://traefik.example.com

---

Step 3: Configure Portainer

3.1: Create the Portainer docker-compose.yml

Navigate to the Portainer directory:

cd /srv/portainer

Create the docker-compose.yml file:

sudo nano docker-compose.yml

Paste the following content:

version: "3.8"
services:
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    restart: always
    ports:
      - "9000:9000"  # Optional for direct access
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./data:/data"
    networks:
      - web

networks:
  web:
    external: true

---

3.2: Start Portainer

Bring up the Portainer container:

docker compose up -d

Verify Portainer is running:

docker ps

---

Step 4: Configure Traefik to Route to Portainer

Edit the dynamic.yml file in /srv/traefik/dynamic:

sudo nano /srv/traefik/dynamic/dynamic.yml

Add the following configuration:

http:
  routers:
    portainer:
      rule: "Host(`portainer.example.com`)"  # Replace with your domain
      service: portainer
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt

  services:
    portainer:
      loadBalancer:
        servers:
          - url: "http://portainer:9000"

Save and exit.

---

Step 5: Restart Traefik

Restart the Traefik container to apply the updated configuration:

docker compose -f /srv/traefik/docker-compose.yml down
docker compose -f /srv/traefik/docker-compose.yml up -d

---

Step 6: Access Portainer

1. Open your browser and navigate to:

    https://portainer.example.com
   

2. Complete the initial setup by creating an admin username and password.

---

Step 7: Secure the Traefik and Portainer Dashboards

To add basic authentication to Portainer and Traefik, update the dynamic.yml file to include middlewares.

Example:

http:
  middlewares:
    dashboard-auth:
      basicAuth:
        users:
          - "admin:$2y$05$hashedPasswordForTraefik"

    portainer-auth:
      basicAuth:
        users:
          - "adminPortainer:$2y$05$hashedPasswordForPortainer"

  routers:
    traefik-dashboard:
      rule: "Host(`traefik.example.com`)"
      service: api@internal
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt
      middlewares:
        - dashboard-auth

    portainer:
      rule: "Host(`portainer.example.com`)"
      service: portainer
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt
      middlewares:
        - portainer-auth

Restart Traefik:

docker compose -f /srv/traefik/docker-compose.yml down
docker compose -f /srv/traefik/docker-compose.yml up -d

---

Step 8: Verify Everything

1. Traefik Dashboard: Visit:

    https://traefik.example.com
   

2. Portainer Dashboard: Visit:

    https://portainer.example.com
   

---

This completes the setup of Traefik with Portainer for managing Docker containers! 🚀