In this tutorial we will be setting up Traefik v2 as our reverse proxy with port 80 and 443 enabled, and then hook up a example application behind the application load balancer, and route incoiming requests via host headers.
What is Traefik
Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices super easy by making use of docker labels to route your traffic based on host headers, path prefixes etc. Please check out their website to find out more about them.
Use Case
In our example we want to route traefik from http://app.selfhosted.co.za to hit our proxy on port 80, then we want traefik to redirect port 80 to the 443 port configured on the proxy which is configured with letsencrypt and reverse proxy the connection to our application.
The application is being configured via docker labels, which we will get into later.
Our Environment
I will be using the domain selfhosted.co.za, so if you are following along, you can just replace this domain with yours.
For this demonstration I have spun up a VM at Civo as you can see below:
From the provided public IP address, we will be creating a DNS A record for our domain, and then create a wildcard entry to CNAME to our initial dns name:
You might not want to point all the subdomains to that entry, but to simplify things, every application that needs to be routed via traefik, I can manage from a traefik config level, since my dns is already pointing to the public ip where traefik is running on.
So if I spin up a new container, lets say bitwarden, I can just set bitwarden.selfhosted.co.za in the labels of that container and due to the dns already pointing to traefik, traefik will route the connection to the correct container.
Pre-Requisites
In order to follow along you will need docker and docker-compose to be installed, and can be validated using:
12345
docker -v
Docker version 20.10.7, build f0df350
docker-compose -v
docker-compose version 1.28.6, build 5db8d86f
Traefik on Docker
We will have one docker-compose.yml file which has the proxy and the example application. Be sure to change the following to suite your environment:
- traefik.http.routers.api.rule=Host()'
- --certificatesResolvers.letsencrypt.acme.email=youremail@yourdomain.net
The certificate process might take anything from 5-30s in my experience.
Test the Application
Now that our webapp container is running, make a http request using curl against the configured host rule, which is app.selfhosted.co.za on http so that we can validate if traefik is doing a redirect to https:
If we access our webapp service in our web browser, we will see the following:
We can also validate that the certificate is valid:
We can also access the traefik dashboard using the configured domain, in this case traefik.selfhosted.co.za, and you should see the pretty traefik dashboard:
Future Posts
In future posts I will be using this post as the base setup on getting traefik up and running, and future posts that uses traefik will be tagged under #traefik.
Thank You
Thanks for reading, if you like my content, check out my website or follow me at @ruanbekker on Twitter.