Traefik is a modern reverse proxy and load balancing server that supports layer 4 (TCP) and layer 7 (HTTP) load balancing. Its configuration can be defined in JSON, YML, or in TOML format. It consists of entry point (frontend), service (backend), router (rules), middlewares (optional features).
This article will demonstrate how to use Traefik load balancer in layer 7 (HTTP) mode.
Prerequisites
- Installed docker and docker-compose
- Internet connection to download docker images.
- DNS A record map to your domain to get Let’s Encrypt certificate (eg traefik.yourdomain.com)
Configuration
I will be running two backend servers (nginx container) and one Traefik container in the same Docker network zone. I am using traefik.yourdomain.com for the explanation. You need to have your own domain.
Let’s start by creating a directory in your home location.
$ mkdir traefik && cd traefik
Now create a docker network using the following command. This helps to reach the container from their name.
$ docker network create web_zone
Traefik.yaml configuration
First of all, create a file named traefik.yaml:
$ vim traefik.yaml
and paste the following content.
# Static configuration entryPoints: unsecure: address: :80 secure: address: :443 certificatesResolvers: myresolver: acme: email: [email protected] storage: acme.json httpChallenge: entryPoint: unsecure providers: file: filename: tls.yaml watch: true
Explanation
- Entry Points are like front end listing services and ports.
- certificatesResolvers is to use an on demand letsencrypt certificate.
- Providers are the file to define routers / middlewares and services
File provider configuration
Now, in the same directory create another file that we have defined in the provider section:
$ vim tls.yaml
and paste following yaml configuration.
http: routers: http_router: rule: "Host(`traefik.yourdomain.com`)" service: allbackend https_router: rule: "Host(`traefik.yourdomain.com`)" service: allbackend tls: certResolver: myresolver options: tlsoptions services: allbackend: loadBalancer: servers: - url: "http://myserver1/" - url: "http://myserver2/" tls: options: tlsoptions: minVersion: VersionTLS12
Explanation
- The router section is to define the route. We have two routes for http and https
- Backends are defined in services, you can also specify load balancing algorithms.
- tls to define TLS configuration and options.
As defined in the file create the following file to store Let’s Encrypt certificate.
$ touch acme.json
$ chmod 600 acme.json
Docker-compose for traefik
I’m going to create a container using docker compose and map 80, 443 port. You define your domain name. Create a file docker-compse.yml:
$ vim docker-compose.yml
and paste the following configuration:
version: '3' services: traefik: image: traefik:latest command: --docker --docker.domain=yourdomain.com ports: - 80:80 - 443:443 networks: - web_zone volumes: - /run/docker.sock:/run/docker.sock - ./traefik.yaml:/traefik.yaml - ./tls.yaml:/tls.yaml - ./acme.json:/acme.json container_name: traefik restart: always networks: web_zone: external: true
Backend server
Now lets run two backend servers using nginx image. Make a directory first,
$ mkdir ~/traefik/backend && cd ~/traefik/backend/
Create two index files as below.
echo "<h1> Hello server 1</h1>" > index-server1.html
echo "<h1> Hello server 2</h1>" > index-server2.html
Docker compose file to run two nginx backend servers
The following is the simple compose file that makes two nginx containers. Create docker-compse.yml file:
$ vim docker-compose.yml
and paste the following configuration:
version: '3' services: myserver1: image: nginx container_name: nginx1 restart: always volumes: - ./index-server1.html:/usr/share/nginx/html/index.html networks: - web_zone myserver2: image: nginx container_name: nginx2 restart: always volumes: - ./index-server2.html:/usr/share/nginx/html/index.html networks: - web_zone networks: web_zone: external: true
Start the Docker containers
Now run the container. First up the nginx backend container by using the following command.
$:~/traefik/backend$ docker compose up -d
Two containers must be running. Confirm it by executing the following command.
nimesh@LinuxWays:~/traefik/backend$ docker ps
Now, go back to the directory and run the following command to run traefik load balancer.
$:~/traefik$ docker compose up -d
Make sure the traefik container is up and running.
$:~/traefik$ docker ps
Browse the site
Open a browser and type your domain name http://traefik.yourdomain.com. You will get the response below.
Also, if you refresh the page you will be routed to the second backend. This is the default routing algorithm in traefik.
You can also check that the certificate is issued by letsencrypt while the container is up. Just browse to https://traefik.yourdomain.com
Conclusion
You learn how to use traefik as a load balancer for your docker container. You can explore more by visiting the official site https://doc.traefik.io/traefik/ . Thank you.