Traefik setup example
Install latest docker-ce:
sudo apt install docker-ce
Start the docker service and enable it to launch everytime at system boot.
systemctl start docker
systemctl enable docker
Check version of docker:
docker version
Additional: Running Docker for non-root user Docker container can be run under the non-root user. We just need to add the user to the docker group.
Add 'aleks' user.
useradd -m -s /bin/bash aleks
Now add the 'aleks' user to the docker group, then restart the docker service.
usermod -a -G docker aleks
systemctl restart docker
Test by running the docker hello-world.
docker run -it hello-world
Install Docker Compose
sudo apt install docker-compose
Check version:
docker-compose version
Create Custom Docker Network
Check the available docker network on the system.
docker network ls
Configuration
To configure traefik in docker you will need to set a docker compose file and a static + dynamic configuration.
Docker-Compose config:
set a basic config in the docker-compose.yml file to create the traefik container and map the host ports to it:
version: "3.5"
services:
traefik:
image: traefik:v2.10
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "8080:8080"
Add volumes into the container by mapping locations on the docker host into the traefik container(within the traefik block):
volumes:
- /etc/traefik/traefik.yml:/etc/traefik/traefik.yml # maps the traefik.yml file which can be used to set the configuration of the traefik container
- /var/run/docker.sock:/var/run/docker.sock # maps the docker socket to the traefik container so it can listen to the docker engine for dynamic configuration
- /etc/traefik/letsencrypt:/letsencrypt # folder can be used for storing the lets encrypt certificates
- /etc/traefik/certs:/etc/certs/ # folder that can be used for user generated and applyed certificates
Static + Dynamic configuration files
Configure the traefik configuration via files using the file provider. you can use the "traefik.yml" file mapped to the "/etc/traefik.traefik.yml" location in the container
Configure entrypoints in the file to map the ports exposed to the services that you will be running in the container:
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
Enable the api of traefik which is a built in service that will run the dashboard and other handy things:
api:
dashboard: true
insecure: true
Enable the providers that you will be using, eg docker for docker and file for configuration files:
providers:
docker:
endpoint: "unix:///var/run/docker.sock" # where we mapped the docker host files in the container
exposedByDefault: false
file:
filename: "/etc/traefik/traefik.yml" # where we mapped the .yml file in the container
Create servers that are required, this is an example of an http server to run a router:
http:
routers:
rdsgateway_https: # name of router
entrypoints: # entrypoint to use (name mapped to port in entrypints section)
- websecure
service: rdsgateway # service that the router will route to (created in the services section)
rule: "Host(`<hostname that will be used to connect to server>`)"
tls: true
Create the service that the router will route to:
services:
rdsgateway:
loadBalancer:
servers:
- url: "https://<internal ip address of server to route traffic to >:<port to use>"
Dashboard configuration
Configure the dashboard like you would another server, using a router to route traffic to it and add in the options you want to use.
http:
routers:
traefik_https: # name the router
entryPoints: # set the entrypoint to use
- web
middlewares: # set the middleware to route the traffic before the service
- traefik-auth
service: api@internal # set the service to route the traffic to (api@internal is automatically run by traefik so does not need to be defined)
rule: Host(`<hostname used for traefik container>`)
middlewares: # create a middleware to handle authentication
traefik-auth: # name the middleware
basicAuth: #type of middleware
users: # set the users for the basicAuth middleware
- <username>:<password hash generated by htpasswd>