Introduction
In this guide, we will walk through the steps to deploy Traefik, a popular open-source reverse proxy and load balancer, locally using mkcert to generate SSL certificates for secure HTTPS connections.
Mkcert:
mkcert is a simple tool that makes it easy to create locally-trusted development certificates. It automatically creates and installs a local CA in the system root store, and generates locally-trusted certificates. This is particularly useful for local development environments where you want to test HTTPS without dealing with self-signed certificates that browsers typically distrust.
Prerequisites
Before we begin, ensure you have the following prerequisites in place:- A local machine with Docker installed.
- mkcert installed for generating local SSL certificates.
- Basic knowledge of Docker and Traefik.
Logical Diagram
Step 1: Generate Local SSL Certificates with mkcert
a. Install mkcert if you haven’t already. Follow the instructions on the mkcert GitHub page. b. Generate a local CA (Certificate Authority):traefik.local):
traefik.local.pem (certificate) and traefik.local-key.pem (private key).
Step 2: Deploy Traefik with Docker
a. Create adocker-compose.yml file to define the Traefik service:
traefik.yml file in that traefik-data directory. This file will contain the static configuration for Traefik:
traefik.yml file:
certs directory:
3. Autometic Renewal of mkcert Certificates
mkcert certificates do not have an automatic renewal mechanism like Let’s Encrypt. However, you can set up a cron job to regenerate the certificates periodically. Here’s how you can do it: a. Open the crontab file for editing:Step 3: Access the Traefik Dashboard
a. Open your web browser and navigate tohttps://traefik.local (or your chosen local domain).
b. You should see the Traefik dashboard login prompt. Enter the username and password you configured in the docker-compose.yml file.
c. Once logged in, you can monitor and manage your Traefik instance.