I D H A M .
Published

Setting Up Traefik on a VPS as Reverse Proxy + SSL

Authors

3 min read

Traefik is a modern reverse proxy and load balancer that's perfect for Docker environments. In this guide, you'll learn how to set up Traefik on a VPS to act as a reverse proxy and automatically provide SSL using Let's Encrypt.

๐Ÿ“ 1. Directory Structure

First, prepare a clean directory structure for Traefik configuration on your VPS.

/var/www/traefik/
โ”œโ”€โ”€ traefik.yml
โ”œโ”€โ”€ docker-compose.yml
โ””โ”€โ”€ acme.json

๐Ÿ“ 2. File Configuration

a. traefik.yml

This file contains the core configuration for Traefik, including entry points, dashboard settings, Docker provider, and Let's Encrypt setup.

entryPoints:

  web:

    address: ':80'

  websecure:

    address: ':443'



api:

  dashboard: true



providers:

  docker:

    exposedByDefault: false



certificatesResolvers:

  myresolver:

    acme:

      email: your@email.com

      storage: /acme.json

      httpChallenge:

        entryPoint: web

Replace the email with a valid address.

b. docker-compose.yml

This file runs Traefik as a container, exposing ports 80 and 443 on your VPS.

version: '3.8'



services:

  traefik:

    image: traefik:v2.10

    container_name: traefik

    restart: always

    ports:

      - '80:80'

      - '443:443'

    volumes:

      - /var/run/docker.sock:/var/run/docker.sock:ro

      - ./traefik.yml:/etc/traefik/traefik.yml

      - ./acme.json:/acme.json

    networks:

      - proxy

    labels:

      - 'traefik.enable=true'

      - 'traefik.http.routers.traefik.rule=Host(`traefik.yourdomain.com`)'

      - 'traefik.http.routers.traefik.service=api@internal'

      - 'traefik.http.routers.traefik.entrypoints=websecure'

      - 'traefik.http.routers.traefik.tls.certresolver=myresolver'



networks:

  proxy:

    external: true

c. Certificate File

Create and secure the acme.json file used to store SSL certificates.

touch /var/www/traefik/acme.json

chmod 600 /var/www/traefik/acme.json

๐Ÿš€ 3. Run Traefik

Start the container and create the Docker network.

cd /var/www/traefik

docker network create proxy

docker compose up -d

๐ŸŒ 4. Access Dashboard

Open your browser to:

https://traefik.yourdomain.com

Check logs if it doesn't show up:

docker logs traefik

๐Ÿงช 5. Use with Other Applications

Ensure your app is in the proxy network and label it for Traefik.

labels:

  - 'traefik.enable=true'

  - 'traefik.http.routers.myapp.rule=Host(`app.yourdomain.com`)'

  - 'traefik.http.routers.myapp.entrypoints=websecure'

  - 'traefik.http.routers.myapp.tls.certresolver=myresolver'

โœ… Conclusion

With this setup, you have a powerful reverse proxy with automatic SSL.

Good luck and have fun! ๐Ÿš€