Set up a local Traefik web proxy with DNS resolution on *.test domains.
Also sets up a local trusted Root CA and create a TLS certificate for using HTTPS in local (shout out to mkcert).
Enable the dnsmasq
service, pointing to your localhost.
nix-darwin:
{
services.dnsmasq = {
enable = true;
addresses."test" = "127.0.0.1";
bind = "127.0.0.1";
};
}
NixOS:
{
services.dnsmasq = {
enable = true;
extraConfig = ''
address=/test/127.0.0.1
'';
};
}
To verify this worked, cat /etc/resolver/test
should return (macOS specific)
port 53
nameserver 127.0.0.1
And ping this.test
should get a response from 127.0.0.1
(universal).
Note
I provide a convenience script,install.sh
, in this repo, which can handle the remaining steps. The steps below are for the manual installation.
Clone this repository
git clone https://github.com/nekowinston/traefik-local-nix.git
cd traefik-local/
We're using nix-shell
here, since these are not runtime dependencies.
nix-shell -p mkcert nssTools
mkcert -install
Local Root CA files are located under ~/Library/Application\ Support/mkcert
.
Look at the mkcert docs, if you need instructions to install them on another device.
You could add any domain you need ending by .lan or .test *.this.test will create a wildcard certificate so any subdomain in the form like.this.test will also work. Unfortunately you cannot create *.test wildcard certificate - your browser will not allow it.
mkcert -cert-file certs/local.crt -key-file certs/local.key "this.test" "*.this.test"
Create an external network called traefik
, all future containers which need to be exposed by domain name should use this network.
docker network create traefik
Start Traefik
docker-compose up -d
Go to https://traefik.this.test - You should have the Traefik web dashboard serve via HTTPS
In the docker-compose.yml
file in your project:
Add the external network web at the end of the file
networks:
default:
name: traefik
external: true
Add these labels on the container(s)
services:
my-frontend:
labels:
- traefik.enable=true
- traefik.http.routers.my-frontend.entrypoints=http,https
- traefik.http.routers.my-frontend.rule=Host(`my-frontend.this.test`) # You can use any domain allowed by your TLS certificate
- traefik.http.routers.my-frontend.tls=true
- traefik.http.routers.my-frontend.service=my-frontend
- traefik.http.services.my-frontend.loadbalancer.server.port=3636 # Adapt to the exposed port in the service
Note
For web applications, use the same origin domain for your frontend and backend to avoid cookies sharing issues. Example: https://this.test (frontend) and https://api.this.test (backend)
SushiFu for their excellent repository using Brew: traefik-local