Pavel Derendyaev notes

Tags:

© 2022. All rights reserved.

Træfik on Docker Swarm mode cluster

2016-11-07

Træfɪk is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. Since 1.1.0-rc1 it supports Docker Swarm mode as backend. It means that Træfɪk will automatically create proxying frontends which will be binded to corresponding Docker Swarm services.

This post is based on Docker Swarm (mode) cluster example.

Assuming we have Docker Swarm mode cluster already, we will need to create an overlay network:

docker network create --driver=overlay traefik-net

Backends are the simple emilevauge/whoami services:

docker service create --name test1 --label traefik.port=80 --network traefik-net emilevauge/whoami
docker service create --name test2 --label traefik.port=80 --network traefik-net emilevauge/whoami

Træfɪk itself may be ran in rich variety of configurations.

1. HTTP only proxy

docker service create \
--name traefik \
--constraint=node.role==manager \
--publish 80:80 --publish 8080:8080 \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
--network traefik-net \
traefik:v1.1.0-rc3 \
--docker \
--docker.swarmmode \
--docker.domain=example.org \
--docker.watch \
--logLevel=DEBUG \
--web

Remarks:

2. HTTPS proxy with Let’s Encrypt certificate and HTTP to HTTPS redirection

docker service create \
--name traefik \
--constraint=node.role==manager \
--publish 80:80 --publish 443:443 --publish 8080:8080 \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,readonly \
--mount type=bind,source=/var/tmp,target=/etc/traefik/acme \
--network traefik-net \
traefik:v1.1.0-rc3 \
--entryPoints='Name:http Address::80 Redirect.EntryPoint:https' \
--entryPoints='Name:https Address::443 TLS' \
--defaultEntryPoints=http,https \
--acme.entryPoint=https \
--acme.email=owner@example.org \
--acme.storage=/etc/traefik/acme/acme.json \
--acme.domains=example.org \
--acme.onHostRule=true \
--docker \
--docker.swarmmode \
--docker.domain=example.org \
--docker.watch \
--web

3. HTTPS-only proxy with Let’s Encrypt certificate

docker service create \
--name traefik \
--constraint=node.role==manager \
--publish 443:443 --publish 8080:8080 \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,readonly \
--mount type=bind,source=/var/tmp,target=/etc/traefik/acme \
--network traefik-net \
traefik:v1.1.0-rc3 \
--entryPoints='Name:https Address::443 TLS' \
--defaultEntryPoints=https \
--acme.entryPoint=https \
--acme.email=owner@example.org \
--acme.storage=/etc/traefik/acme/acme.json \
--acme.domains=example.org \
--acme.onHostRule=true \
--docker \
--docker.swarmmode \
--docker.domain=example.org \
--docker.watch \
--logLevel=DEBUG \
--web

4. HTTPS-only proxy with Let’s Encrypt certificate and HTTPS web UI

docker service create \
--name traefik \
--constraint=node.role==manager \
--publish 443:443 --publish 8443:8443 \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,readonly \
--mount type=bind,source=/etc/pki/realms/domain,target=/etc/traefik/tls,readonly \
--mount type=bind,source=/var/tmp,target=/etc/traefik/acme \
--network traefik-net \
traefik:v1.1.0-rc3 \
--entryPoints='Name:https Address::443 TLS:/etc/traefik/tls/default.crt,/etc/traefik/tls/default.key' \
--defaultEntryPoints=https \
--acme.entryPoint=https \
--acme.email=owner@example.org \
--acme.storage=/etc/traefik/acme/acme.json \
--acme.domains=example.org \
--acme.onHostRule=true \
--docker \
--docker.swarmmode \
--docker.domain=example.org \
--docker.watch \
--logLevel=DEBUG \
--web.address=:8443 \
--web.certfile=/etc/traefik/tls/default.crt \
--web.keyfile=/etc/traefik/tls/default.key

5. For debugging purposes you can run Træfɪk without Docker

traefik -d \
--entryPoints='Name:http Address::8080 Redirect.EntryPoint:https' \
--entryPoints='Name:https Address::8443 TLS' \
--defaultEntryPoints=http,https \
--acme.entryPoint=https \
--acme.email=owner@example.org \
--acme.storage=acme.json \
--acme.domains=example.org
--logLevel=DEBUG \
--web

Links:

Tags:
comments powered by Disqus