Discourse behind Traefik v2

This is the simplest configuration for Traefik v2 with TLS Challenge
just edit this docker-composer file and run

docker-composer up

this configuration redirect all request to Https port 443 with a let's encrypt certificate auto generated with a TlsChallenge,

version: "3.3"

services:
  traefik:
    image: "traefik:2.1"
    container_name: traefik2
    command:
        #- "--log.level=DEBUG"
     - "--api.insecure=true"
      - "--providers.docker=true"
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - "--certificatesresolvers.leresolver.acme.tlschallenge=true"
        #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.leresolver.acme.email=email@yourdomain.it"
      - "--certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/yourhostpath/traefik/letsencrypt:/letsencrypt"
      - "/yourhostpath/traefik:/etc/traefik"

    labels:
      # Dashboard
      - "traefik.http.routers.traefik.rule=Host(`traefik.yourdomain.com`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=leresolver"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.middlewares=authtraefik"
      - "traefik.http.middlewares.authtraefik.basicauth.users=username:password" # user/password
      
      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    restart: always

when you have your traefik container up and working,  you are ready to deploy the Discourse container.

Edit your app.yml, expose container ports only and add a Labels section like this:

expose:
  - "80"   # http
  - "443" # https

labels:
  traefik.http.services.discourse.loadbalancer.server.port: 80
  traefik.http.routers.discourse.tls: true
  traefik.http.routers.discourse.tls.certresolver: leresolver
  traefik.http.routers.discourse.entrypoints: websecure
  traefik.http.routers.discourse.rule: Host(`forum.yourdomain.com`) || Host(`forum.yourdomain.org`) || Host(`forum.yourdomain.it`)
  
  #middlewares
  traefik.http.middlewares.redir-disc-com.redirectregex.regex: forum.yourdomain\.(it|org)(.*)
  traefik.http.middlewares.redir-disc-com.redirectregex.replacement: forum.yourdomain.com${2}
  traefik.http.middlewares.redir-disc-com.redirectregex.permanent: true
  traefik.http.routers.discourse.middlewares: redir-disc-com
  

this configuration use a middlewares for redirect all incoming request from multiples domain (.org, .it) to a .com domain

Buy me a coffeeBuy me a coffee