It looks like you’ve got Traefik standing in front of your containers, handling the TLS termination. From there, you’ve got it piped into the Docker socket and able to observe labels applied to various containers to drive the configuration.
If you’ve got this already working for other containers, then it is probably just a matter of setting up your label configuration for Ignition. It looks like your certificate resolver configured in Traefik is called letsencrypt, so I’d think this set of labels should get you close:
labels:
- ...
// "websecure" should match the name of your entrypoint listening on 443 in Traefik.
- "traefik.http.routers.ignition.entrypoints=websecure"
// "letsencrypt" should match the configuration for your ACME resolver in Traefik.
- "traefik.http.routers.ignition.tls.certresolver=letsencrypt"
// You need to probably explicitly configure your service port target, so lets point it at 8088 (i.e. standard http behind Traefik's TLS termination)
- "traefik.http.services.ignition.loadbalancer.server.port=8088"
// And finally, a rule to match against for the DNS name you want to pipe into this gateway container
- "traefik.http.routers.ignition.rule=Host(`my-ignition.dev`)"
If you’re on 8.1.6+, then you won’t need the path rewrite discussed here.
Hopefully this helps a bit…