Traefik is a modern reverse proxy and load balancing server that supports layer 4 (TCP) and layer 7 (HTTP) load balancing. Its configuration can be defined in JSON, YML, or in TOML format. It consists of entry point (frontend), service (backend), router (rules), middlewares (optional features).

This article will demonstrate how to use Traefik load balancer in layer 7 (HTTP) mode.

Prerequisites

  1. Installed docker and docker-compose
  2. Internet connection to download docker images.
  3. DNS A record map to your domain to get Let’s Encrypt certificate (eg traefik.yourdomain.com)

Configuration

I will be running two backend servers (nginx container) and one Traefik container in the same Docker network zone. I am using traefik.yourdomain.com for the explanation. You need to have your own domain.

Let’s start by creating a directory in your home location.

$ mkdir traefik && cd traefik

Now create a docker network using the following command. This helps to reach the container from their name.

$ docker network create web_zone

Traefik.yaml configuration

First of all, create a file named traefik.yaml:

$ vim traefik.yaml

and paste the following content.

# Static configuration
entryPoints:
    unsecure:
        address: :80
    secure:
        address: :443

certificatesResolvers:
    myresolver:
        acme:
            email: [email protected]
            storage: acme.json
            httpChallenge:
                entryPoint: unsecure
            
providers:
      file:
      filename: tls.yaml
      watch: true

Explanation

  • Entry Points are like front end listing services and ports.
  • certificatesResolvers is to use an on demand letsencrypt certificate.
  • Providers are the file to define routers / middlewares and services

File provider configuration

Now, in the same directory create another file that we have defined in the provider section:

$ vim tls.yaml

and paste following yaml configuration.

http:
    routers:
        http_router:
            rule: "Host(`traefik.yourdomain.com`)"
            service: allbackend
        https_router:
            rule: "Host(`traefik.yourdomain.com`)"
            service: allbackend
            tls:
                certResolver: myresolver
                options: tlsoptions
    services:
        allbackend:
            loadBalancer:
                servers:
                    - url: "http://myserver1/"
                    - url: "http://myserver2/"
           
tls:
    options:
        tlsoptions:
            minVersion: VersionTLS12

Explanation

  • The router section is to define the route. We have two routes for http and https
  • Backends are defined in services, you can also specify load balancing algorithms.
  • tls to define TLS configuration and options.

As defined in the file create the following file to store Let’s Encrypt certificate.

$ touch acme.json
$ chmod 600 acme.json

Docker-compose for traefik

I’m going to create a container using docker compose and map 80, 443 port. You define your domain name. Create a file docker-compse.yml:

$ vim docker-compose.yml

and paste the following configuration:

version: '3'

services:

  traefik:
    image: traefik:latest
    command: --docker --docker.domain=yourdomain.com
    ports:
      - 80:80
      - 443:443
    networks:
      - web_zone
    volumes:
      - /run/docker.sock:/run/docker.sock
      - ./traefik.yaml:/traefik.yaml
      - ./tls.yaml:/tls.yaml
      - ./acme.json:/acme.json
    container_name: traefik
    restart: always
networks:
  web_zone:
      external: true

Backend server

Now lets run two backend servers using nginx image. Make a directory first,

$ mkdir ~/traefik/backend && cd ~/traefik/backend/

Create two index files as below.

echo "<h1> Hello server 1</h1>" > index-server1.html
echo "<h1> Hello server 2</h1>" > index-server2.html

Docker compose file to run two nginx backend servers

The following is the simple compose file that makes two nginx containers. Create docker-compse.yml file:

$ vim docker-compose.yml

and paste the following configuration:

version: '3'
services:
  myserver1:
    image: nginx
    container_name: nginx1
    restart: always
    volumes:
      - ./index-server1.html:/usr/share/nginx/html/index.html
    networks:
      - web_zone
  myserver2:
    image: nginx
    container_name: nginx2
    restart: always
    volumes:
      - ./index-server2.html:/usr/share/nginx/html/index.html
    networks:
      - web_zone
networks:
  web_zone:
        external: true

Start the Docker containers

Now run the container. First up the nginx backend container by using the following command.

$:~/traefik/backend$ docker compose up -d

Two containers must be running. Confirm it by executing the following command.

[email protected]:~/traefik/backend$ docker ps

Docker PS

Now, go back to the directory and run the following command to run traefik load balancer.

$:~/traefik$ docker compose up -d

Make sure the traefik container is up and running.

$:~/traefik$ docker ps

Traefik container is up

Browse the site

Open a browser and type your domain name http://traefik.yourdomain.com. You will get the response below.

Trafik load balancer is working

Also, if you refresh the page you will be routed to the second backend. This is the default routing algorithm in traefik.

Second server

You can also check that the certificate is issued by letsencrypt while the container is up. Just browse to https://traefik.yourdomain.com

SSL encryption

Conclusion

You learn how to use traefik as a load balancer for your docker container. You can explore more by visiting the official site https://doc.traefik.io/traefik/ . Thank you.

How to setup Traefik load balancer with Docker in Ubuntu 20.04

Karim Buzdar

About the Author: Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. You can reach Karim on LinkedIn