Traefik + Let's Encrypt
Expose your apps with https certificates from Let's Encrypt
Traefik and Let's Encrypt is a modern reverse proxy that securely exposes your applications
Traefik + Let's Encrypt Docker Compose example
Self-host Traefik + Let's Encrypt on your own server, homelab, or VPS starting from this Docker Compose example.
It runs Traefik + Let's Encrypt in Docker containers using the official traefik:latest image, with persistent volumes and automatic restarts preconfigured.
Review the environment variables and adjust them to your setup, save the file as compose.yml (or docker-compose.yml), and start the stack with docker compose up -d.
services:
traefik:
image: traefik:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
command:
# EntryPoints
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.http.tls=true"
# Providers
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=app_traefik_web"
# Observability
- "--log.level=ERROR"
- "--accesslog=false"
# Let's Encrypt configuration
- "--certificatesresolvers.le.acme.email=notifications@localhost"
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
- "--entrypoints.websecure.http.tls.certresolver=le"
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- letsencrypt:/letsencrypt
networks:
- app_traefik_web
volumes:
letsencrypt:
networks:
app_traefik_web:
external: true Prefer a managed setup? WinterFlow installs, configures, and updates Traefik + Let's Encrypt for you using this same Docker Compose configuration.