Edge routing using Traefik
I've been following the development of Traefik for some time, since it was originally inducted into the CNCF foundation. They recently released version 2 so I figured I'd give it a go to deploy some infrastructure that I use, namely Matomo and Drone.
I usually use Nginx as a reverse proxy installed on the host operating system and configure it as a reverse proxy to my containers. However I was reading over the Traefik docs and it seems to provide an even easier way to configure routing.
To get started I'm gonna create a new
docker-compose.yml file to store my configuration. if you want to follow along at home, create a new folder with the following structure:
my-example-project |- reverse-proxy | |- docker-compose.yml |- hello-world | |- docker-compose.yml
Now place this
docker-compose.yml file in
version: "3" services: reverse-proxy: image: traefik:v2.2 command: #- "--log.level=DEBUG" #- "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web" # - "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - "--firstname.lastname@example.org" - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" ports: # The HTTP port - "80:80" - "443:443" # The Web UI (enabled by --api.insecure=true) #- "8080:8080" volumes: # So that Traefik can listen to the Docker events - /var/run/docker.sock:/var/run/docker.sock # Persist the letsencrypt config to disk (e.g. certs, etc.) - ./letsencrypt:/letsencrypt # Connect to the external network called "shared" # needs to be manually created first networks: default: external: name: shared
This configures Traefik to run as a reverse proxy exposed on 80 (for http) and 443 (for https). Make sure to replace the ACME email with the domain name you want to use.
Next we will create another docker-compose file containing a simple "hello world" docker container, which we will expose through Traefik.
Place this in
version: "3" services: hello-world: image: strm/helloworld-http labels: - "traefik.enable=true" - "traefik.http.services.drone.loadbalancer.server.port=80" - "traefik.http.routers.drone.rule=Host(`hello.example.com`)" - "traefik.http.routers.drone.entrypoints=websecure" - "traefik.http.routers.drone.tls.certresolver=letsencrypt" # Connect to the external network called "shared" # needs to be manually created first networks: default: external: name: shared
Make sure to replace
hello.example.com with your domain name.
Before this will work you need to create an Docker network that is to be shared between docker-compose stacks, use the following command:
docker network create shared
Now we can bring the stacks up, start with the Traefik stack first, then bring up the Hello World stack
cd reverse-proxy && docker-compose up -d && cd .. cd hello-world && docker-compose up -d && cd ..
Now you should be able to access the container from