Setup Reverse-Proxy with Docker + Traefik + Nginx + PHP + MySQL + Mosquitto + phpMyAdmin + Basic Authentication

This article serves to explain how to make a sub-domain point to a particular container in a simple and efficient way. I am writing it because I came across a lot of difficulties when I tried to do it.

For example, I used something like: https://example.org (web), https://example.org:8080 (phpMyAdmin), wss://example.org: 1884 (mosquito), etc. My goal was to simplify and start using something like: https://example.org (web), https://pma.example.org (phpMyAdmin), wss://example.org/mqtt (mosquitto), etc.

That is, in addition to pointing a subdomain to a particular container, I also wanted to use the same port for different protocols.

That’s when I discovered Traefik. In addition to satisfying my needs in a very simple way, it also generates SSL certificates for all required domains/sub-domains.

For everything to work as expected, we only need the following files, just changing the email, domain and subdomains in the traefik.toml and docker-compose.yml files.

acme.json

touch acme.json
sudo chmod 600 acme.json

nginx.conf

server {
listen 80;
listen [::]:80;

mosquitto.conf

# Config file for mosquitto
#
# See mosquitto.conf(5) for more information.
#
# Default values are shown, uncomment to change.
#
# Use the # character to indicate a comment, but only if it is the
# very first character on the line.

traefik.toml

defaultEntryPoints = ["http", "https"]

docker-compose.yml

version: "3"

app/index.php

<?php echo 'Hello!' ?>

After creating these files, just run the command:

docker-compose up -d

Now when you access the configured URL you will receive the message “Hello!”. You can also use the URL configured in the Traefik container to check the current status of your containers.

To try out Mosquitto, you only need to use a MQTT client (for example MQTT.js), subscribe to a topic and publish anything to that same topic, for example:

mqtt sub -t 'test' -h 'example.org/mqtt' -v
mqtt pub -t 'test' -h 'example.org/mqtt' -m 'Hello!'

Basic Authentication

If you want to add an extra layer of security to your application, you just need to add the following to your traefik.toml file:

[entryPoints.https.auth.basic]
users = ["user:password"]

traefik.toml

defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.https.auth.basic]
users = ["user:password"]
[web]
address = ":8080"
[acme]
email = "email@example.org"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[[acme.domais]]
main = "example.org"
sans = ["monitor.example.org", "pma.example.org"]

Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate them. (Eg http://www.htaccesstools.com/htpasswd-generator/)

MQTT

mqtt sub -t 'teste' -h 'user:password@example.org/mqtt' -v
mqtt pub -t 'teste' -h 'user:password@example.org/mqtt' -m 'Olá!'

Full Stack Web Developer

Full Stack Web Developer