Stats
Actions
Tags
From brnby
Generate Docker and Traefik deployment configurations for any application (Node.js, Python, Go, Rust, Java). Creates Dockerfile, docker-compose.yml, docker-compose.for-traefik.yml overlay, and .env.sample with production best practices. Use when: dockerize app, containerize, add Docker, deploy with Traefik, reverse proxy setup, HTTPS/SSL, Let's Encrypt certificates, production deployment, docker-compose setup. Requires: Docker, docker-compose.
How this skill is triggered — by the user, by Claude, or both
Slash command
/brnby:app-docker-deploy-with-traefikThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Generate production-ready Docker deployment configurations with Traefik reverse proxy integration, automatic HTTPS via Let's Encrypt.
Generate production-ready Docker deployment configurations with Traefik reverse proxy integration, automatic HTTPS via Let's Encrypt.
This skill creates a deployment configuration following a proven pattern:
Before generating configurations, understand the project:
Detect the project type by examining:
package.json → Node.js/TypeScriptrequirements.txt / pyproject.toml / Pipfile → Pythongo.mod → GoCargo.toml → Rustpom.xml / build.gradle → JavaIdentify the application port from:
Check for existing Docker files - Don't overwrite without asking
Create a multi-stage Dockerfile appropriate for the project type. See DOCKERFILES.md for templates.
Key principles:
:latest)Base configuration with:
./data/<service>:/path)${VARIABLE})unless-stoppedservices:
app:
build: .
restart: unless-stopped
volumes:
- ./data/app:/app/data
environment:
- NODE_ENV=${NODE_ENV}
- PORT=${PORT}
depends_on:
- db
labels:
- 'com.centurylinklabs.watchtower.enable=true'
- 'com.centurylinklabs.watchtower.scope=${WATCHTOWER_SCOPE}'
db:
image: postgres:17-alpine
restart: unless-stopped
volumes:
- ./data/postgres:/var/lib/postgresql/data
environment:
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
healthcheck:
test: pg_isready -U "$$POSTGRES_USER" -d "$$POSTGRES_DB"
interval: 10s
timeout: 2s
retries: 10
Traefik overlay that can be composed with the base file:
services:
app:
networks:
- default
- traefik
labels:
- 'traefik.enable=true'
- 'traefik.docker.network=traefik'
# Service (internal port)
- 'traefik.http.services.${SERVICE_NAME}.loadbalancer.server.port=${PORT}'
# HTTPS Router
- 'traefik.http.routers.${SERVICE_NAME}.rule=Host(`${DOMAIN}`)'
- 'traefik.http.routers.${SERVICE_NAME}.entrypoints=websecure'
- 'traefik.http.routers.${SERVICE_NAME}.tls=true'
- 'traefik.http.routers.${SERVICE_NAME}.tls.certResolver=webcert'
- 'traefik.http.routers.${SERVICE_NAME}.service=${SERVICE_NAME}'
db:
networks:
- default
networks:
traefik:
external: true
Template for required environment variables:
# Domain and Deployment
DOMAIN=myapp.example.com
PORT=3000
# Database
POSTGRES_DB=myapp
POSTGRES_USER=myapp
POSTGRES_PASSWORD=change-me-in-production
# Application
NODE_ENV=production
# Auto-updates (optional)
WATCHTOWER_SCOPE=myapp
Include in the output:
# Development (without Traefik)
docker compose up -d
# Production (with Traefik)
docker compose -f docker-compose.yml -f docker-compose.for-traefik.yml up -d
# Create external traefik network (first time only)
docker network create traefik
| Label | Purpose |
|---|---|
traefik.enable=true | Enable Traefik routing for this container |
traefik.docker.network=traefik | Specify which network Traefik should use |
traefik.http.services.NAME.loadbalancer.server.port=PORT | Container's internal port |
traefik.http.routers.NAME.rule=Host(\domain`)` | Domain routing rule |
traefik.http.routers.NAME.entrypoints=websecure | Use HTTPS entrypoint |
traefik.http.routers.NAME.tls=true | Enable TLS |
traefik.http.routers.NAME.tls.certResolver=webcert | Use Let's Encrypt |
traefik.http.routers.NAME.service=NAME | Link router to service |
For admin panels or protected routes:
labels:
# Define middleware
- 'traefik.http.middlewares.myapp-auth.basicauth.users=${USERNAME}:${HASHED_PASSWORD}'
# Apply to router
- 'traefik.http.routers.myapp.middlewares=myapp-auth@docker'
Generate password hash: htpasswd -nb username password
# API subdomain
- 'traefik.http.routers.myapp-api.rule=Host(`api.${DOMAIN}`)'
- 'traefik.http.routers.myapp-api.entrypoints=websecure'
- 'traefik.http.routers.myapp-api.tls=true'
- 'traefik.http.routers.myapp-api.tls.certResolver=webcert'
- 'traefik.http.routers.myapp-api.service=myapp'
:latest in productionLocated in the scripts/ directory:
Generate password hashes for Traefik basic auth:
./scripts/generate-htpasswd.sh admin mypassword
Validate docker-compose files for common issues:
python scripts/validate-compose.py docker-compose.yml docker-compose.for-traefik.yml
Requires: pip install pyyaml
Check if the traefik network exists (and optionally create it):
./scripts/check-network.sh # Check only
./scripts/check-network.sh --create # Create if missing
Located in the templates/ directory. Copy and customize:
| Template | Description |
|---|---|
Dockerfile.node | Node.js multi-stage build |
Dockerfile.python | Python with uv package manager |
docker-compose.yml | Base compose with app + PostgreSQL |
docker-compose.for-traefik.yml | Traefik routing overlay |
.dockerignore | Optimized Docker build context |
.env.sample | Environment variables template |
Replace placeholders: {{SERVICE_NAME}}, {{PORT}}, {{NODE_VERSION}}, etc.
webcert certificate resolver)traefik network: docker network create traefikProvides behavioral guidelines to reduce common LLM coding mistakes, focusing on simplicity, surgical changes, assumption surfacing, and verifiable success criteria.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
npx claudepluginhub yorch/claude-skills --plugin brnby