This repo contains template files for configuration of new web servers exposing services with Docker Compose and Traefik reverse proxy.
The easiest way to get started is using the automated initialization script:
# Clone this repository
git clone <repository-url>
cd docker-web-template
# Run the initialization script
chmod +x init-docker.sh
./init-docker.shThe script will:
- ✅ Detect your OS (Ubuntu/Debian)
- ✅ Install Docker if needed
- ✅ Configure the Docker environment
- ✅ Create the t2_proxy network
- ✅ Set up Traefik with proper permissions
- ✅ Let you select from optional Traefik plugins
- ✅ Let you select from 11+ pre-configured services
- ✅ Generate your docker-compose.yml
Choose from these pre-configured services during setup:
- Portainer - Docker management UI
- Grafana - Monitoring & visualization
- Nextcloud - Personal cloud storage
- WikiJS - Modern wiki platform
- Heimdall - Application dashboard
- Uptime Kuma - Uptime monitoring
- Vaultwarden - Password manager
- Jellyfin - Media server
- PhotoPrism - AI-powered photo management
- Prometheus - Monitoring system
- Code Server - VS Code in browser
See templates/README.md for detailed information about each service.
The installation script supports optional Traefik plugins for enhanced security and functionality:
- geoblock - Geographic blocking based on IP location
- totp - Two-factor authentication using TOTP
- apikey - API key authentication middleware
- passkey - WebAuthn/Passkey authentication
- threat - Threat detection and IP blocking
To add a new plugin to the available list, edit plugins.conf:
# Format: PLUGIN_NAME|GITHUB_REPO|MODULE_NAME|DESCRIPTION
myPlugin|https://github.com/owner/repo|github.com/owner/repo|Plugin descriptionThe script will automatically:
- Clone the plugin repository to
~/dockers/traefik/plugins/ - Add the volume mount to
docker-compose.yml - Configure
traefik.ymlwith the plugin settings
If you run the script when a configuration already exists, you'll be prompted to:
- Add new plugins
- Add new services
- Add both plugins and services
- Exit without changes
- A Linux-based server (Ubuntu/Debian)
- Root or sudo access (sudo will be auto-detected)
- Domain name pointed to your server's IP address
- Quick Start (Automated)
- Available Service Templates
- Traefik Plugin Support
- Manual Installation
- Managing Services
# Update package index
sudo apt-get update
# Install required packages
sudo apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release
# Add Docker's official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# Set up the stable repository
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Install Docker Engine
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
# Verify installation
sudo docker --version# Add your user to the docker group (optional, to run docker without sudo)
sudo usermod -aG docker $USER
# Enable Docker to start on boot
sudo systemctl enable docker
sudo systemctl start docker
# Verify Docker is running
sudo systemctl status dockerDocker Compose is included with Docker Desktop for Windows and Mac. For Linux, install it separately:
# Download Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# Apply executable permissions
sudo chmod +x /usr/local/bin/docker-compose
# Verify installation
docker-compose --versiongit clone <repository-url>
cd docker-web-template- Create an
acme.jsonfile for Let's Encrypt certificates:
touch traefik/acme.json
chmod 600 traefik/acme.json-
Edit
traefik/traefik.ymlto configure your domain and email:- Update the email address for Let's Encrypt notifications
- Configure your certificate resolver settings
-
Edit
traefik/dynamic.ymlif you need custom routing rules or middlewares
Create a .env file in the root directory with your specific configuration:
# Domain configuration
DOMAIN=example.com
# Email for Let's Encrypt
ACME_EMAIL=admin@example.com
# Traefik Dashboard
TRAEFIK_DASHBOARD_AUTH=admin:$$apr1$$... # Use htpasswd to generateGenerate password hash for Traefik dashboard:
# Install apache2-utils if not already installed
sudo apt-get install apache2-utils
# Generate password (replace 'secure_password' with your password)
htpasswd -nb admin secure_passwordTo add new services:
- Create a new directory under
services/(e.g.,services/myapp/) - Add your service configuration to
docker-compose.yml - Configure Traefik labels for routing and SSL
# Start services in detached mode
docker-compose up -d
# View logs
docker-compose logs -f
# Check running containers
docker-compose psAccess the Traefik dashboard at: https://traefik.yourdomain.com
# Stop all services
docker-compose down
# Restart a specific service
docker-compose restart <service-name>
# View logs for a specific service
docker-compose logs -f <service-name>
# Pull latest images
docker-compose pull
# Rebuild and restart services
docker-compose up -d --build
# Remove all containers and volumes
docker-compose down -v# Pull the latest changes
git pull
# Pull new images
docker-compose pull
# Restart services with new configuration
docker-compose up -ddocker-compose logs <service-name>docker inspect <container-name># List networks
docker network ls
# Inspect network
docker network inspect docker-web-template_defaultIf Let's Encrypt certificates are not being issued:
- Verify your domain DNS is correctly configured
- Check Traefik logs:
docker-compose logs traefik - Ensure port 80 and 443 are open and accessible
- Delete
traefik/acme.jsonand restart Traefik to retry
- Keep Docker and Docker Compose updated
- Use strong passwords for all services
- Regularly update container images
- Use secrets management for sensitive data
- Configure firewall rules appropriately
- Monitor logs for suspicious activity
- Keep
acme.jsonpermissions at 600
.
├── README.md
├── init-docker.sh # Automated setup script
├── plugins.conf # Plugin configuration (easily editable)
├── docker-compose.yml # Base compose file
├── .env.example # Environment variables template
├── .gitignore
├── traefik/ # Traefik reverse proxy config
│ ├── traefik.yml
│ ├── dynamic.yml
│ └── acme.json
├── templates/ # Service templates (11+ services)
│ ├── README.md
│ ├── portainer.yml
│ ├── grafana.yml
│ ├── nextcloud.yml
│ ├── wikijs.yml
│ └── ... (and more)
└── services/
└── whoami/ # Example service
- Color-coded output for easy reading
- Step-by-step progress indicators
- Clear success/warning/error messages
- Automatic HTTPS with Let's Encrypt
- Traefik reverse proxy for all services
- Proper file permissions (acme.json)
- No-new-privileges security option
- Auto-detects OS (Ubuntu/Debian)
- Checks for sudo requirements
- Validates Docker installation
- Network configuration assistance
- 11+ pre-configured services
- Easy to add custom templates
- Traefik labels included
- Environment variable management
- Optional Traefik plugin installation
- Easy plugin configuration via plugins.conf
- Automatic plugin cloning and setup
- Add plugins to existing installations
This template is provided as-is for use in setting up Docker-based web servers.