Skip to content

Traefik

Traefik architecture

Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. Pointing Traefik at your orchestrator should be the only configuration step you need.

Categories

Custom entry point

아래와 같이 여러 종류의 진입점을 설정할 수 있다. 

[entryPoints]
  ## Local area.
  [entryPoints.local-https]
  address = ":10443"
    [entryPoints.local-https.tls]
      [[entryPoints.local-https.tls.certificates]]
      certFile = "/traefik-data/traefik.crt"
      keyFile = "/traefik-data/traefik.key"

  ## Wide area.
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"

  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

Docker Compose에서 위의 Entry-point를 지정할 수 있다. ("traefik.web.frontend.entryPoints=local-https" 라벨을 주목) 

version: '3.3'

services:
  api:
    #image: sonatype/nexus3
    image: "${DOCKER_IMAGE_NAME:?err}:${DOCKER_IMAGE_TAG:?err}"
    deploy:
      replicas: 1
      restart_policy:
        condition: any
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik-net"
        - "traefik.web.port=8081"
        - "traefik.web.frontend.rule=Host:${FRONTEND_HOST:?err}"
        - "traefik.web.frontend.entryPoints=local-https"
    ports:
      - "${EXTENSION_PUBLISH_PORT:?err}:${EXTENSION_PUBLISH_PORT:?err}"
    networks:
      - traefik-net
    volumes:
      - data:/nexus-data

volumes:
  data:

networks:
  traefik-net:
    external: true

File config example 

[backends]
  [backends.file-mycompany]
    [backends.file-mycompany.servers.server0]
    url = "https://192.168.0.8"
    weight = 1

[frontends]
  [frontends.frontend-Host-file-mycompany-project-com]
  backend = "file-mycompany"
  passHostHeader = true
    [frontends.frontend-Host-file-mycompany-project-com.headers.customrequestheaders]
    Host = "file.mycompany-project.com"
    [frontends.frontend-Host-file-mycompany-project-com.routes.route0]
    rule = "Host:file.mycompany-project.com"

BasicAuth htaccess 

# Declaring the user list
#
# Note: when used in docker-compose.yml all dollar signs in the hash need to be doubled for escaping.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
#
# Also note that dollar signs should NOT be doubled when they not evaluated (e.g. Ansible docker_container module).
labels:
  - "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"

Configuration Options

Passwords must be hashed using MD5, SHA1, or BCrypt.

Tip

Use htpasswd to generate the passwords

users
권한이 부여된 사용자의 배열입니다. 각 사용자는 name:hashed-password 형식을 사용하여 선언해야 합니다. 구분자는 콤마(,)입니다.

Nginx with Traefik 

$ docker service create \
    --network=traefik-net \
    -l traefik.backend=webapp \
    -l traefik.port=80 \
    -l traefik.frontend.rule=Host:www.server-project.com \
    nginx

docker-compose

Troubleshooting

Unable to obtain ACME certificate 

time="2018-12-06T01:53:04Z" level=error msg="Unable to obtain ACME certificate for domains \"docker.bogo.local\" detected thanks to rule \"Host:docker.bogo.local\" : cannot obtain certificates: acme: Error 400 - urn:ietf:params:acme:error:malformed - Error creating new order :: Name does not end in a public suffix"

Gateway timeout

Swarm으로 작업할 경우 Traefik-Network로 연결되지 않을 가능성이 높다.

See also

Favorite site

with kubernetes