Many IT solutions are offered from companies based outside of the EU.
To fully comply with the GDPR, I'm always looking for solutions offered by companies within the EU.
Bunny.net is an European based content delivery platform for web traffic, that is compliant with the GDPR.
In this article, I will show you how I set up a reverse proxy with Traefik, BunnyDNS and Docker (compose).
Prerequisites
- Docker (compose) installed on the server
- A bunny.net account
- The name servers of your domain name should be pointing towards kiki.bunny.net and coco.bunny.net
Bunny.net
First of all you will need to get a bunny.net API key. This can be obtained from your bunny.net account.https://dash.bunny.net/account/api-key
Secondly, you will need to create a zone in your bunny.net account. For this example we will use the domain "it-m.art".
You can achieve this by clicking the DNS button on the left side in your dashboard and using the "Add DNS zone" button in the top.
Once you have added the zone (using the domain name) you will be able to add records to the DNS configuration. Add the A or AAAA record towards your server's IP address.
Server setup
We'll setup two docker containers. One for the reverse proxy (Traefik) and one for a website that we use in this example.
Traefik
First of all, we will create a directory for our reverse proxy. You can call it whatever you like, but I would suggest something like "traefik".
Next, we will create a file called "docker-compose.yml" in this directory.
The file should look like this:
services:
traefik:
image: traefik:v3.0
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
environment:
- TZ=Europe/Amsterdam # Change this to your timezone
- BUNNY_API_KEY=xxxxxxxxxxx*
- "--log.level=DEBUG"
networks:
- traefik-internal
- traefik-external
ports:
- 80:80 # HTTP entryPoints
- 443:443 # HTTPS entryPoints
- 8080:8080 # Dashbaord WebGui
volumes:
- ./traefik.yml:/traefik.yml:ro
- ./logs:/var/log/traefik
- traefik-certs:/certs
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
traefik-certs:
name: traefik-certs
networks:
traefik-internal:
traefik-external:
name: network_traefik_external
external: true
*Be sure to replace xxxxxxxxxxx with your bunny.net API key.
Next, we will create a file called "traefik.yml" in this same directory.
log:
level: DEBUG # Log level, options: ERROR, WARN, INFO, DEBUG
filePath: "/var/log/traefik/traefik.log"
maxBackups: 3
accessLog:
filePath: "/var/log/traefik/access.log"
bufferingSize: 100
filters:
statusCodes: ["200-399"]
format: json
api:
dashboard: true # Optional can be disabled
insecure: true # Optional can be disabled
debug: true # Optional can be Enabled if needed for troubleshooting
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: proxy # Optional; Only use the "proxy" Docker network, even if containers are on multiple networks.
certificatesResolvers:
bunny:
acme:
email: [email protected] # Change this to your email
storage: /certs/acme.json
caServer: https://acme-v02.api.letsencrypt.org/directory
dnsChallenge:
provider: bunny
delayBeforeCheck: 90
Be sure to enter your email address rather than the example one.
Create a folder called logs in the same directory as the docker-compose.yml file.
Website
Now we will create a directory for our website. You can call it whatever you like, but I would suggest something like "website".
Next, we will create a file called "docker-compose.yml" in this directory.
The file should could like this, but mind the traefik labels:
services:
php:
build: php
expose:
- 9000
volumes:
- ./php/www:/var/www/html
apache2:
image: webdevops/apache:latest
args:
- PHP_SOCKET=php:9000
volumes:
- ./php/www:/var/www/html
links:
- php
labels:
- "traefik.enable=true"
- "traefik.http.routers.mywebsite.rule=Host(`it-m.art`)"
- "traefik.http.routers.mywebsite.entrypoints=websecure"
- "traefik.http.routers.mywebsite.tls=true"
- "traefik.http.routers.mywebsite.tls.certresolver=bunny"
- "traefik.http.routers.mywebsite.service=service-mywebsite"
- "traefik.http.services.service-mywebsite.loadbalancer.server.port=80"
- "traefik.docker.network=network_traefik_external"
networks:
- webserver
- traefik
restart: always
volumes:
mysql_vol:
external: false
networks:
webserver:
traefik:
external: true
name: network_traefik_external
Next, we will create a folder called "php" in the website directory.
Run
Now we can spin up both containers. First, run the following command: docker-compose up -d in the website directory where the docker-compose.yml file is located as well.
Next, we can run the same command in the Traefik directory: docker-compose up -d
Debug
You can run `docker compose logs -f` in any of the two folders to check for errors in the output. Also, you can check the Traefik dashboard at http://serverip:8080/.
In addition, you can check the logs of traefik using `tail -f logs/traefik.log` or `tail -f logs/access.log` in the Traefik folder.
Bunny CDN Configuration
In the bunny dashboard, head over to the DNS tab. Click the name where the domain is the one that you have set up. If all went well, you should be able to access your website at https://it-m.art/. However, the SSL might not be fully working yet.
To achieve this, in the bunny dashboard, head over to the CDN tab. Click the name where the domain is the one that you have set up.
You now have to enable the SSL feature. Once this is done, you should be able to access your website at https://it-m.art/.
Github
https://github.com/Marthaarman/bunny-docker-traefik