Tutorial

Docker Guide: Installing Traefik – a Modern Reverse Proxy for Microservices

Traefik

Traefik is a modern HTTP reverse proxy and load balancer for microservices. Traefik makes all microservices deployment easy, integrated with existing infrastructure components such as Docker, Swarm Mode, Kubernetes, Amazon ECS, Rancher, Etcd, Consul etc.

Traefik serves as a router for all your microservices applications, routing all client requests to correct microservices destination.Ezoic

In this tutorial, I will show you step by step how to install and configure Traefik modern reverse proxy as a Docker container on Ubuntu 18.04 LTS (Bionic Beaver).

Prerequisites

  • Ubuntu 18.04
  • Root privileges

What we will do?

  1. Install Docker on Ubuntu 18.04
  2. Install Docker Compose
  3. Create Custom Docker Network
  4. Install and Configure Traefik
  5. Testing

Step 1 – Install Docker on Ubuntu 18.04

For this guide, we will be using the latest docker version that can be installed from the official docker repository.

Add the docker key and repository using the command below.

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"

The ‘add-apt-repository’ command will automatically update all repositories.

Now install the latest docker-ce.

sudo apt install docker-ce

After the installation is complete, start the docker service and enable it to launch everytime at system boot.

systemctl start docker
systemctl enable docker

The docker community-edition has been installed on Ubuntu 18.04 system, check the installed docker version.

docker version

Additional: Running Docker for non-root user

Docker container can be run under the non-root user. We just need to add the user to the docker group.

Add ‘mohammad’ user.

useradd -m -s /bin/bash mohammad

Now add the ‘mohammad’ user to the docker group, then restart the docker service.

usermod -a -G docker mohammad
systemctl restart docker

Test by running the docker hello-world.

docker run -it hello-world

And following is the result.

Step 2 – Install Docker Compose

Docker-Compose is a command line tool for defining and managing multi-container docker applications.

Docker Compose is a python script, it can be installed with the python pip command or with the apt command from Ubuntu repository easily. With compose, we can run multiple Docker containers with a single command.

Install docker compose from the repository using the apt command below.

sudo apt install docker-compose

After the installation is complete, check the docker compose version.

docker-compose version

The docker compose 1.17 has been installed on Ubuntu 18.04.

Step 3 – Create Custom Docker Network

In this tutorial, the traefik container will be running on the docker custom network. So we need to create a new docker custom network on the server.

Check the available docker network on the system.

docker network ls

Now create a new custom network named ‘proxy’ for the traefik container.

docker network create proxy

And you will get a random string of the network container name. Check again the available network.

docker network ls

Shown below is the result.

The custom docker network named ‘proxy’ for traefik has been created.

Step 4 – Install and Configure Traefik Reverse Proxy

In this step, we will create the traefik container with HTTPS letsencrypt enabled (using a domain name ‘traefik.hakase-labs.io), and automatically redirect HTTP to HTTPS on traefik.

Traefik Pre-Installation

Before creating all traefik configuration, we need to install ‘apache2-utils’ for generating the encrypted htpasswd password and creating the new traefik directory.

Install ‘apache2-utils’ using the apt command below.

sudo apt install apache2-utils -y

Now run the htpasswd command below to generate a new password for traefik dashboard authentication.

htpasswd -nb mohammad password

Keep the result in your note.AdvertisementEzoic

mohammad:$apr1$hEgpZUN2$OYG3KwpzI3T1FqIg9LIbi.

Next, login to the ‘mohammad’ user.

su - mohammad

Create a new directory named ‘traefik’ for all traefik configuration.

mkdir -p traefik/
cd traefik/

Create Traefik Configuration

Go to the ‘traefik’ directory and create a new configuration file ‘traefik.toml’ using vim editor.

cd traefik/
vim traefik.toml

Paste the configuration below.

#Traefik Global Configuration
debug = false
checkNewVersion = true
logLevel = "ERROR"

#Define the EntryPoint for HTTP and HTTPS
defaultEntryPoints = ["https","http"]

#Enable Traefik Dashboard on port 8080
#with basic authentication method
#mohammad and password
[web]
address = ":8080"
[web.auth.basic]
users = ["mohammad:$apr1$hEgpZUN2$OYG3KwpzI3T1FqIg9LIbi."]

#Define the HTTP port 80 and
#HTTPS port 443 EntryPoint
#Enable automatically redirect HTTP to HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]

#Enable retry sending a request if the network error
[retry]

#Define Docker Backend Configuration
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "traefik.hakase-labs.io"
watch = true
exposedbydefault = false

#Letsencrypt Registration
#Define the Letsencrypt ACME HTTP challenge
[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"

Save and exit.

Note:

All information about the configuration is in the comment section ‘#…‘.

Create Traefik Docker Compose Script

Now create the docker-compose yml script.

vim docker-compose.yml

Paste the configuration below.Ezoic

version: '3'

services:

  traefik:
    image: traefik:latest
    command: --docker --docker.domain=hakase-labs.io
    ports:
      - 80:80
      - 443:443
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.toml:/traefik.toml
      - ./acme.json:/acme.json
    labels:
      - "traefik.frontend.rule=Host:traefik.hakase-labs.io"
      - "traefik.port=8080"
    container_name: traefik
    restart: always

networks:
  proxy:
    external: true

Save and exit.

Note:

  1. We’re creating a new container named ‘traefik’ based on the ‘traefik:latest’ docker image.
  2. The ‘traefik’ container will be running on the custom docker network named ‘proxy’ and expose external ports HTTP 80 and HTTPS 443.
  3. The container will mount traefik configuration ‘traefik.toml’ and ‘acme.json’, including the docker sock file.
  4. Label configuration for traefik, the frontend domain name, and the traefik port.

Letsencrypt ACME Configuration

The acme configuration on ‘traefik.toml’ is used for automatically generate the SSL letsencrypt. And it’s required for the storage file ‘acme.json’.

Create a new JSON file ‘acme.json’ and change the permission to ‘600’.

touch acme.json
chmod 600 acme.json

All logs about SSL letsencrypt info will be saved in the file.

Build Traefik Container

Now we’re ready to build our own traefik container using the above configuration files.

cd traefik/
ls -lah

All configuration ‘traefik.toml’, ‘docker-compose.yml’, and ‘acme.json’ files.

Build the container using docker compose command below.

docker-compose up -d

When it’s complete, check the running container.

docker-compose ps

And you will get the Traefik container up and running, expose the external ports HTTP and HTTPS.

Step 5 – Testing

Open your web browser and type the traefik domain name on the address bar. Mine is:

http://traefik.hakase-labs.io/

You will be redirected to the HTTPS connection and will be asked for the username and password authentication.

Log in with the user ‘mohammad’ and password is ‘password’.

And you will get the Traefik dashboard as below.

Traefik Health status page.

Ezoic

Traefik modern HTTP reverse-proxy has been installed as a Docker container on Ubuntu 18.04.

Reference

Đăng ký liền tay Nhận Ngay Bài Mới

Subscribe ngay

Cám ơn bạn đã đăng ký !

Lỗi đăng ký !

Tags

Add Comment

Click here to post a comment

Đăng ký liền tay
Nhận Ngay Bài Mới

Subscribe ngay

Cám ơn bạn đã đăng ký !

Lỗi đăng ký !