Adding SSL certificate to Traefik on ECS
--
Traefik v2 is released, published another blog to setup Traefik v2 on ECS https://dev.to/anilmaurya/traefik-v2-with-lets-encrypt-on-amazon-s-elastic-container-service-ecs-1h4h
Traefik is awesome reverse proxy & load balancer. If you are not using Traefik already then I recommend using it in your next project. I can guarantee that you will not regret.
Setting up SSL certificate on Traefik is a cakewalk. While adding SSL on traefik, I realised how it outshine other reverse proxy (Nginx , HAProxy).
Traefik use LetsEncrypt to automatically generate and renew SSL certificates.
Dockerfile
FROM traefik:v1.7-alpineCOPY traefik_ecs.toml /etc/traefik/traefik.toml
RUN touch /etc/traefik/acme.json
RUN chmod +x /etc/traefik/acme.json
traefik_ecs.toml
defaultEntryPoints = ["https", "http"][entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.bar]
address = ":8080"[api]
entryPoint = "bar"
dashboard = true[ecs]
clusters = ["YOUR_ECS_CLUSTER_NAME"]
watch = true
domain = "YOUR_DOMAIN_NAME"
autoDiscoverClusters = false
refreshSeconds = 15
exposedByDefault = true
region = "YOUR_AWS_REGION"
accessKeyID = "YOUR_AWS_ACCESS_KEY_ID"
secretAccessKey = "YOUR_AWS_SECRET_ACCESS_KEY"
[acme]
email = "YOUR_EMAIL"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
Replace YOUR_* values with actual, build image using Dockerfile and deploy it on ECS. That’s it, Traefik will take care of rest and SSL certificate will be added to your domain. Isn’t Traefik awesome ? Let me know what you think through comments below.
References:
