Streamlined Deployment: Harnessing Docker Compose for Snipe-IT with Traefik and SSL

Self-hosted Applications
, ,
1

This Docker Compose configuration establishes a comprehensive environment utilizing Traefik as a reverse proxy, alongside two containerized applications: MySQL/MariaDB and Snipe-IT. Traefik serves as the primary entry point, managing SSL termination and directing traffic to the respective services based on predefined routing rules and labels.

Overview of Components

  • Traefik: Functions as the reverse proxy, facilitating dynamic service discovery and traffic management. It leverages Docker labels for configuration, enabling automatic routing based on service metadata.
  • **MySQL/MariaDB **: A relational database management system that provides data storage for the Snipe-IT application.
  • Snipe-IT: An open-source asset management system that operates within its own container, relying on MySQL for backend data storage.

Key Features

  1. SSL Termination: The configuration integrates Let’s Encrypt for automatic SSL certificate generation, ensuring secure HTTPS access to the Snipe-IT application.
  2. Centralized Traffic Management: By employing Traefik, this setup centralizes traffic handling, reducing complexity in managing multiple services.
  3. Dynamic Configuration: Traefik automatically detects service changes and updates routing configurations accordingly, minimizing manual intervention.

Configuration Details

The following Docker Compose file illustrates the setup:

version: '3'
services:
  # MySQL Database Service
  mysql:
    image: mariadb:11.4-noble
    container_name: snipe_mysql
    restart: always
    healthcheck:
      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
      interval: 5s
      timeout: 1s
      retries: 5
    volumes:
      - /volume1/docker/snipeit/db:/var/lib/mysql:rw
    environment:
      - MYSQL_ROOT_PASSWORD=test
      - MYSQL_USER=snipe
      - MYSQL_PASSWORD=test
      - MYSQL_DATABASE=snipe

  # Snipe-IT Application Service
  snipeit:
    image: linuxserver/snipe-it:latest
    container_name: snipeit
    depends_on:
      - mysql
    restart: unless-stopped
    healthcheck:
      test: curl -f http://localhost:80/ || exit 1
    volumes:
      - /volume1/docker/snipeit/config:/config:rw
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.snipeitrouter.rule=Host(`snipeit.yoursite.site`)"
      - "traefik.http.routers.snipeitrouter.entrypoints=websecure"
      - "traefik.http.routers.snipeitrouter.tls.certresolver=snipeitrouter-letsencrypt"
    environment:
      - APP_URL=https://snipeit.yoursite.site
      - APP_KEY=base64:ivoEDdeb+0ywdn/+d/lF8414TrIwbFOyz8DI187V8vo=
      - MYSQL_PORT_3306_TCP_ADDR=mysql
      - MYSQL_PORT_3306_TCP_PORT=3306
      - MYSQL_DATABASE=snipe
      - MYSQL_USER=snipe
      - MYSQL_PASSWORD=test
      - PGID=1000
      - PUID=1000

  # Traefik Reverse Proxy Service
  traefik:
    image: traefik:v2.10
    container_name: traefik
    ports:
      - 80:80
      - 443:443
      - 8080:8080  # Optional dashboard access; not recommended for production use.
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./volumes/traefik/letsencrypt:/letsencrypt
    command:
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--certificatesresolvers.snipeitrouter-letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.snipeitrouter-letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.snipeitrouter-letsencrypt.acme.email=<PUT YOUR E-MAIL HERE>"
      - "--certificatesresolvers.snipeitrouter-letsencrypt.acme.storage=/letsencrypt/acme.json" 
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`traefik.snipeit.yoursite.site`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.entrypoints=websecure"
      - "traefik.http.routers.api.tls.certresolver=snipeitrouter-letsencrypt"
    restart: unless-stopped

Considerations

  • Ensure to modify domain names, email addresses, and other relevant settings to align with your specific deployment requirements.
  • The Traefik dashboard provides an interface for monitoring routing configurations and service statuses, enhancing operational oversight.

This Docker Compose configuration exemplifies an efficient method to deploy Snipe-IT with robust SSL support and centralized traffic management via Traefik in a containerized architecture.