Skip to content

SSL Termination with Traefik for Martini Server Runtime

Traefik serves as a dynamic reverse proxy for Martini Server Runtime, enabling seamless SSL termination. This guide will walk you through configuring Traefik to automatically manage SSL certificates through Let's Encrypt, ensuring secure HTTPS connections. You'll learn how to set up routing rules, handle encrypted traffic, and integrate Traefik with your Martini server, enhancing your application's security and simplifying deployment with minimal configuration.

Prerequisites

  • Traefik: Ensure you have Traefik installed on your server.
  • Docker Engine: Ensure you have Docker Engine installed on your server.

Configuration

Assuming you have Traefik installed and have your DNS configured you may follow the steps below to configure SSL Termination. Make sure to replace placeholders your-domain.com to your actual domain name.

1. Create a docker-compose.yml

Go to your desired directory where Traefik and Martini Server Runtime persistant volumes will be installed and create a docker-compose.yml:

1
nano docker-compose.yml

Paste this configuration to your newly created compose file:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
services:
  traefik:
    image: traefik:latest
    networks:
      - proxy
    command:
      - "--api.insecure=true" # Optional: Enable Traefik dashboard (not for production)
      - "--providers.docker=true" # Enable Docker provider
      - "--entrypoints.web.address=:80" # HTTP
      - "--entrypoints.websecure.address=:443" # HTTPS
      - "--certificatesresolvers.myresolver.acme.httpChallenge.entryPoint=web" # Challenge type
      - "--certificatesresolvers.myresolver.acme.email=your-email@example.com" # Change to your email
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" # Storage for certificates
    ports:
      - "80:80"     # HTTP
      - "443:443"   # HTTPS
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock" # Traefik can listen to Docker events
      - "./traefik/letsencrypt:/letsencrypt" # Storage for certificates

  martini-runtime:
    image: toroio/martini-runtime
    networks:
      - proxy
    volumes:
      - "./martini-runtime:/data"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.myservice.rule=Host(`your-domain.com`)"
      - "traefik.http.routers.myservice.entrypoints=websecure"
      - "traefik.http.routers.myservice.tls.certresolver=myresolver"
      - "traefik.http.services.myservice.loadbalancer.server.port=8080"

networks:
  proxy:
    external: true
  • For TLS challenges refer here
  • For HTTP challenges refer here
  • For DNS challenges refer here

Note

Using traefik you do not need to expose ports as it uses internal port mappings.

2. Create a docker network

1
docker network create proxy

3. Run your docker-compose.yml

1
docker compose up -d

4. Verify

Visit https://your-domain.com in your web browser to verify that your configuration is working.

Additional Security Settings

You may want to add some security headers or tweak your SSL settings. Here’s a basic example on adding header labels to your docker compose file:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
services:
  martini-runtime:
    image: toroio/martini-runtime
    volumes:
      - "./martini-runtime:/data"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.myservice.rule=Host(`your-domain.com`)"
      - "traefik.http.routers.myservice.entrypoints=websecure"
      - "traefik.http.routers.myservice.tls.certresolver=myresolver"
      - "traefik.http.middlewares.hsts.headers.customresponseheaders.Strict-Transport-Security=max-age=31536000; includeSubDomains; preload" # HSTS header
      - "traefik.http.routers.myservice.middlewares=hsts"
      - "traefik.http.services.myservice.loadbalancer.server.port=8080"

To know more about headers refer to Traefik documentation: Headers