Traefik: Difference between revisions

From Piszczynski
VisualWikitext
No edit summary
 
Line 36: Line 36:
Check the available docker network on the system.
Check the available docker network on the system.
<syntaxhighlight lang="bash">docker network ls</syntaxhighlight>
<syntaxhighlight lang="bash">docker network ls</syntaxhighlight>
== Configuration ==
To configure traefik in docker you will need to set a docker compose file and a static + dynamic configuration.
=== Docker-Compose config: ===
set a basic config in the docker-compose.yml file to create the traefik container and map the host ports to it:<syntaxhighlight lang="yaml">
version: "3.5"
services:
  traefik:
    image: traefik:v2.10
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
</syntaxhighlight>Add volumes into  the container by mapping locations on the docker host into the traefik container(within the traefik block):<syntaxhighlight lang="yaml">
volumes:
      - /etc/traefik/traefik.yml:/etc/traefik/traefik.yml # maps the traefik.yml file which can be used to set the configuration of the traefik container
      - /var/run/docker.sock:/var/run/docker.sock # maps the docker socket to the traefik container so it can listen to the docker engine for dynamic configuration
      - /etc/traefik/letsencrypt:/letsencrypt # folder can be used for storing the lets encrypt certificates
      - /etc/traefik/certs:/etc/certs/ # folder that can be used for user generated and applyed certificates
</syntaxhighlight>
== Static + Dynamic configuration files ==
Configure the traefik configuration via files using the file provider. you can use the "traefik.yml" file mapped to the  "/etc/traefik.traefik.yml" location in the container
Configure entrypoints in the file to map the ports exposed to the services that you will be running in the container:<syntaxhighlight lang="yaml">
entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
</syntaxhighlight>Enable the api of traefik which is a built in service that will run the dashboard and other handy things:<syntaxhighlight lang="yaml">
api:
  dashboard: true
  insecure: true
</syntaxhighlight>Enable the providers that you will be using, eg docker for docker and file for configuration files:<syntaxhighlight lang="yaml">
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock" # where we mapped the docker host files in the container
    exposedByDefault: false
  file:
    filename: "/etc/traefik/traefik.yml" # where we mapped the .yml file in the container
</syntaxhighlight>Create  servers that are required, this is an example of an http server to run a router:<syntaxhighlight lang="yaml">
http:
  routers:
    rdsgateway_https: # name of router
      entrypoints: # entrypoint to use (name mapped to port in entrypints section)
      - websecure
      service: rdsgateway # service that the router will route to (created in the services section)
      rule: "Host(`<hostname that will be used to connect to server>`)"
      tls: true
</syntaxhighlight>Create the service that the router will route to:<syntaxhighlight lang="yaml">
services:
    rdsgateway:
      loadBalancer:
        servers:
          - url: "https://<internal ip address of server to route traffic to >:<port to use>"
</syntaxhighlight>
== Dashboard configuration ==
Configure the dashboard like you would another server, using a router to route  traffic to it and add in the options you want to use.<syntaxhighlight lang="yaml">
http:
  routers:
    traefik_https: # name the router
      entryPoints: # set the entrypoint to use
      - web
      middlewares: # set the middleware to route the traffic before the service
      - traefik-auth
      service: api@internal # set the service to route the traffic to (api@internal is automatically run by traefik so does not need to be defined)
      rule: Host(`<hostname used for traefik container>`)
  middlewares: # create a middleware to handle authentication
    traefik-auth: # name the middleware
      basicAuth: #type of middleware
        users: # set the users for the basicAuth middleware
        - <username>:<password hash generated by htpasswd>
</syntaxhighlight>

Latest revision as of 18:13, 18 February 2024

Traefik setup example

Guide For setting up Traefik

Install latest docker-ce:

sudo apt install docker-ce

Start the docker service and enable it to launch everytime at system boot. 

systemctl start docker

systemctl enable docker

Check version of docker: 

docker version

Additional: Running Docker for non-root user Docker container can be run under the non-root user. We just need to add the user to the docker group.

Add 'aleks' user. 

useradd -m -s /bin/bash aleks

Now add the 'aleks' user to the docker group, then restart the docker service. 

usermod -a -G docker aleks

systemctl restart docker

Test by running the docker hello-world. 

docker run -it hello-world

Install Docker Compose 

sudo apt install docker-compose

Check version: 

docker-compose version

Create Custom Docker Network

Check the available docker network on the system. 

docker network ls

Configuration

To configure traefik in docker you will need to set a docker compose file and a static + dynamic configuration.

Docker-Compose config:

set a basic config in the docker-compose.yml file to create the traefik container and map the host ports to it:

version: "3.5"

services:

  traefik:
    image: traefik:v2.10
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"

Add volumes into the container by mapping locations on the docker host into the traefik container(within the traefik block):

volumes:
      - /etc/traefik/traefik.yml:/etc/traefik/traefik.yml # maps the traefik.yml file which can be used to set the configuration of the traefik container
      - /var/run/docker.sock:/var/run/docker.sock # maps the docker socket to the traefik container so it can listen to the docker engine for dynamic configuration
      - /etc/traefik/letsencrypt:/letsencrypt # folder can be used for storing the lets encrypt certificates
      - /etc/traefik/certs:/etc/certs/ # folder that can be used for user generated and applyed certificates

Static + Dynamic configuration files

Configure the traefik configuration via files using the file provider. you can use the "traefik.yml" file mapped to the "/etc/traefik.traefik.yml" location in the container

Configure entrypoints in the file to map the ports exposed to the services that you will be running in the container:

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

Enable the api of traefik which is a built in service that will run the dashboard and other handy things:

api:
  dashboard: true
  insecure: true

Enable the providers that you will be using, eg docker for docker and file for configuration files:

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock" # where we mapped the docker host files in the container
    exposedByDefault: false
  file:
    filename: "/etc/traefik/traefik.yml" # where we mapped the .yml file in the container

Create servers that are required, this is an example of an http server to run a router:

http:
  routers: 
    rdsgateway_https: # name of router
      entrypoints: # entrypoint to use (name mapped to port in entrypints section)
      - websecure
      service: rdsgateway # service that the router will route to (created in the services section)
      rule: "Host(`<hostname that will be used to connect to server>`)"
      tls: true

Create the service that the router will route to:

services:
    rdsgateway:
      loadBalancer:
        servers:
          - url: "https://<internal ip address of server to route traffic to >:<port to use>"

Dashboard configuration

Configure the dashboard like you would another server, using a router to route traffic to it and add in the options you want to use.

http:
  routers:
    traefik_https: # name the router
      entryPoints: # set the entrypoint to use
      - web
      middlewares: # set the middleware to route the traffic before the service
      - traefik-auth
      service: api@internal # set the service to route the traffic to (api@internal is automatically run by traefik so does not need to be defined)
      rule: Host(`<hostname used for traefik container>`)
  middlewares: # create a middleware to handle authentication
    traefik-auth: # name the middleware
      basicAuth: #type of middleware
        users: # set the users for the basicAuth middleware 
        - <username>:<password hash generated by htpasswd>
Retrieved from ‘http://piszczynski.com/index.php?title=Traefik&oldid=977
Last modified
This page was last modified on 18 February 2024, at 18:13.