Set up a local Traefik web proxy with DNS resolution on *.test domains.

Also sets up a local trusted Root CA and create a TLS certificate for using HTTPS in local (shout out to mkcert).

• Docker for Mac or enabled on NixOS
• Nix-Darwin or NixOS

Enable the dnsmasq service, pointing to your localhost.

nix-darwin:

{
  services.dnsmasq = {
    enable = true;
    addresses."test" = "127.0.0.1";
    bind = "127.0.0.1";
  };
}

NixOS:

{
  services.dnsmasq = {
    enable = true;
    extraConfig = ''
      address=/test/127.0.0.1
    '';
  };
}

To verify this worked, cat /etc/resolver/test should return (macOS specific)

port 53
nameserver 127.0.0.1

And ping this.test should get a response from 127.0.0.1 (universal).

Note
I provide a convenience script, install.sh, in this repo, which can handle the remaining steps. The steps below are for the manual installation.

Clone this repository

git clone https://github.com/nekowinston/traefik-local-nix.git
cd traefik-local/

We're using nix-shell here, since these are not runtime dependencies.

nix-shell -p mkcert nssTools

mkcert -install

Local Root CA files are located under ~/Library/Application\ Support/mkcert. Look at the mkcert docs, if you need instructions to install them on another device.

You could add any domain you need ending by .lan or .test *.this.test will create a wildcard certificate so any subdomain in the form like.this.test will also work. Unfortunately you cannot create *.test wildcard certificate - your browser will not allow it.

mkcert -cert-file certs/local.crt -key-file certs/local.key "this.test" "*.this.test"

Create an external network called traefik, all future containers which need to be exposed by domain name should use this network.

docker network create traefik

Start Traefik

docker-compose up -d

Go to https://traefik.this.test - You should have the Traefik web dashboard serve via HTTPS

In the docker-compose.yml file in your project:

Add the external network web at the end of the file

networks:
  default:
    name: traefik
    external: true

Add these labels on the container(s)

services:
  my-frontend:
    labels:
      - traefik.enable=true
      - traefik.http.routers.my-frontend.entrypoints=http,https
      - traefik.http.routers.my-frontend.rule=Host(`my-frontend.this.test`) # You can use any domain allowed by your TLS certificate
      - traefik.http.routers.my-frontend.tls=true
      - traefik.http.routers.my-frontend.service=my-frontend
      - traefik.http.services.my-frontend.loadbalancer.server.port=3636 # Adapt to the exposed port in the service

Note
For web applications, use the same origin domain for your frontend and backend to avoid cookies sharing issues. Example: https://this.test (frontend) and https://api.this.test (backend)

SushiFu for their excellent repository using Brew: traefik-local