Traefik: Difference between revisions

Latest revision as of 18:13, 18 February 2024

Traefik setup example

Install latest docker-ce:

sudo apt install docker-ce

Start the docker service and enable it to launch everytime at system boot.

systemctl start docker

systemctl enable docker

Check version of docker:

docker version

Additional: Running Docker for non-root user Docker container can be run under the non-root user. We just need to add the user to the docker group.

Add 'aleks' user.

useradd -m -s /bin/bash aleks

Now add the 'aleks' user to the docker group, then restart the docker service.

usermod -a -G docker aleks

systemctl restart docker

Test by running the docker hello-world.

docker run -it hello-world

Install Docker Compose

sudo apt install docker-compose

Check version:

docker-compose version

Create Custom Docker Network

Check the available docker network on the system.

docker network ls

Configuration

To configure traefik in docker you will need to set a docker compose file and a static + dynamic configuration.

Docker-Compose config:

set a basic config in the docker-compose.yml file to create the traefik container and map the host ports to it:

version: "3.5"

services:

  traefik:
    image: traefik:v2.10
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"

Add volumes into the container by mapping locations on the docker host into the traefik container(within the traefik block):

volumes:
      - /etc/traefik/traefik.yml:/etc/traefik/traefik.yml # maps the traefik.yml file which can be used to set the configuration of the traefik container
      - /var/run/docker.sock:/var/run/docker.sock # maps the docker socket to the traefik container so it can listen to the docker engine for dynamic configuration
      - /etc/traefik/letsencrypt:/letsencrypt # folder can be used for storing the lets encrypt certificates
      - /etc/traefik/certs:/etc/certs/ # folder that can be used for user generated and applyed certificates

Static + Dynamic configuration files

Configure the traefik configuration via files using the file provider. you can use the "traefik.yml" file mapped to the "/etc/traefik.traefik.yml" location in the container

Configure entrypoints in the file to map the ports exposed to the services that you will be running in the container:

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

Enable the api of traefik which is a built in service that will run the dashboard and other handy things:

api:
  dashboard: true
  insecure: true

Enable the providers that you will be using, eg docker for docker and file for configuration files:

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock" # where we mapped the docker host files in the container
    exposedByDefault: false
  file:
    filename: "/etc/traefik/traefik.yml" # where we mapped the .yml file in the container

Create servers that are required, this is an example of an http server to run a router:

http:
  routers: 
    rdsgateway_https: # name of router
      entrypoints: # entrypoint to use (name mapped to port in entrypints section)
      - websecure
      service: rdsgateway # service that the router will route to (created in the services section)
      rule: "Host(`<hostname that will be used to connect to server>`)"
      tls: true

Create the service that the router will route to:

services:
    rdsgateway:
      loadBalancer:
        servers:
          - url: "https://<internal ip address of server to route traffic to >:<port to use>"

Dashboard configuration

Configure the dashboard like you would another server, using a router to route traffic to it and add in the options you want to use.

http:
  routers:
    traefik_https: # name the router
      entryPoints: # set the entrypoint to use
      - web
      middlewares: # set the middleware to route the traffic before the service
      - traefik-auth
      service: api@internal # set the service to route the traffic to (api@internal is automatically run by traefik so does not need to be defined)
      rule: Host(`<hostname used for traefik container>`)
  middlewares: # create a middleware to handle authentication
    traefik-auth: # name the middleware
      basicAuth: #type of middleware
        users: # set the users for the basicAuth middleware 
        - <username>:<password hash generated by htpasswd>

@@ Line 1: / Line 1: @@
 ===Traefik setup example===
 [https://www.howtoforge.com/tutorial/ubuntu-docker-traefik-proxy/ Guide For setting up Traefik]
-Install latest docker-ce:
+Install latest docker-ce:<syntaxhighlight lang="bash">
-*sudo apt install docker-ce
+sudo apt install docker-ce
+</syntaxhighlight>
 Start the docker service and enable it to launch everytime at system boot.
-*systemctl start docker
+<syntaxhighlight lang="bash">systemctl start docker</syntaxhighlight>
-*systemctl enable docker
+<syntaxhighlight lang="bash">systemctl enable docker</syntaxhighlight>
 Check version of docker:
-*docker version
+<syntaxhighlight lang="bash">docker version</syntaxhighlight>
 Additional: Running Docker for non-root user
@@ Line 16: / Line 17: @@
 Add 'aleks' user.
-*useradd -m -s /bin/bash aleks
+<syntaxhighlight lang="bash">useradd -m -s /bin/bash aleks</syntaxhighlight>
 Now add the 'aleks' user to the docker group, then restart the docker service.
-*usermod -a -G docker aleks
+<syntaxhighlight lang="bash">usermod -a -G docker aleks</syntaxhighlight>
-*systemctl restart docker
+<syntaxhighlight lang="bash">systemctl restart docker</syntaxhighlight>
 Test by running the docker hello-world.
-*docker run -it hello-world
+<syntaxhighlight lang="bash">docker run -it hello-world</syntaxhighlight>
 Install Docker Compose
-*sudo apt install docker-compose
+<syntaxhighlight lang="bash">sudo apt install docker-compose</syntaxhighlight>
 Check version:
-*docker-compose version
+<syntaxhighlight lang="bash">docker-compose version</syntaxhighlight>
 Create Custom Docker Network
 Check the available docker network on the system.
-*docker network ls
+<syntaxhighlight lang="bash">docker network ls</syntaxhighlight>
+== Configuration ==
+To configure traefik in docker you will need to set a docker compose file and a static + dynamic configuration.
+=== Docker-Compose config: ===
+set a basic config in the docker-compose.yml file to create the traefik container and map the host ports to it:<syntaxhighlight lang="yaml">
+version: "3.5"
+services:
+  traefik:
+    image: traefik:v2.10
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+</syntaxhighlight>Add volumes into  the container by mapping locations on the docker host into the traefik container(within the traefik block):<syntaxhighlight lang="yaml">
+volumes:
+      - /etc/traefik/traefik.yml:/etc/traefik/traefik.yml # maps the traefik.yml file which can be used to set the configuration of the traefik container
+      - /var/run/docker.sock:/var/run/docker.sock # maps the docker socket to the traefik container so it can listen to the docker engine for dynamic configuration
+      - /etc/traefik/letsencrypt:/letsencrypt # folder can be used for storing the lets encrypt certificates
+      - /etc/traefik/certs:/etc/certs/ # folder that can be used for user generated and applyed certificates
+</syntaxhighlight>
+== Static + Dynamic configuration files ==
+Configure the traefik configuration via files using the file provider. you can use the "traefik.yml" file mapped to the  "/etc/traefik.traefik.yml" location in the container
+Configure entrypoints in the file to map the ports exposed to the services that you will be running in the container:<syntaxhighlight lang="yaml">
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+</syntaxhighlight>Enable the api of traefik which is a built in service that will run the dashboard and other handy things:<syntaxhighlight lang="yaml">
+api:
+  dashboard: true
+  insecure: true
+</syntaxhighlight>Enable the providers that you will be using, eg docker for docker and file for configuration files:<syntaxhighlight lang="yaml">
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock" # where we mapped the docker host files in the container
+    exposedByDefault: false
+  file:
+    filename: "/etc/traefik/traefik.yml" # where we mapped the .yml file in the container
+</syntaxhighlight>Create  servers that are required, this is an example of an http server to run a router:<syntaxhighlight lang="yaml">
+http:
+  routers:
+    rdsgateway_https: # name of router
+      entrypoints: # entrypoint to use (name mapped to port in entrypints section)
+      - websecure
+      service: rdsgateway # service that the router will route to (created in the services section)
+      rule: "Host(`<hostname that will be used to connect to server>`)"
+      tls: true
+</syntaxhighlight>Create the service that the router will route to:<syntaxhighlight lang="yaml">
+services:
+    rdsgateway:
+      loadBalancer:
+        servers:
+          - url: "https://<internal ip address of server to route traffic to >:<port to use>"
+</syntaxhighlight>
+== Dashboard configuration ==
+Configure the dashboard like you would another server, using a router to route  traffic to it and add in the options you want to use.<syntaxhighlight lang="yaml">
+http:
+  routers:
+    traefik_https: # name the router
+      entryPoints: # set the entrypoint to use
+      - web
+      middlewares: # set the middleware to route the traffic before the service
+      - traefik-auth
+      service: api@internal # set the service to route the traffic to (api@internal is automatically run by traefik so does not need to be defined)
+      rule: Host(`<hostname used for traefik container>`)
+  middlewares: # create a middleware to handle authentication
+    traefik-auth: # name the middleware
+      basicAuth: #type of middleware
+        users: # set the users for the basicAuth middleware
+        - <username>:<password hash generated by htpasswd>
+</syntaxhighlight>