mTLS

Images are clickable.

Manifests

networks:
  millau:
    external: true
services:
  website:
    image: ${IMAGE}
    deploy:
      mode: replicated
      replicas: 3
      labels:
        - "millau.enabled=true"
        - "millau.hosts=website.com www.website.com"
        - "millau.port=3000"
        - "millau.key=${KEY}"
        - "millau.cert=${CERT}"
      restart_policy:
        condition: on-failure
    networks:
    - millau

Features

Provisioning

To encrypt traffic between Cloudflare and website.com service, Cloudflare issues a long-lived wildcard TLS certificate. After the certificate is issued, the private key and certificate are saved as key.txt and cert.txt respectively, in base64 format.

Templating

Export the TLS certificate files as environment variables KEY and CERT. These variables are then replaced in the Docker Swarm stack during deployment docker stack deploy.