Docker Guide: Installing Traefik – a Modern Reverse Proxy for Microservices
Traefik is a modern HTTP reverse proxy and load balancer for microservices. Traefik makes all microservices deployment easy, integrated with existing infrastructure components such as Docker, Swarm Mode, Kubernetes, Amazon ECS, Rancher, Etcd, Consul etc.
Traefik serves as a router for all your microservices applications, routing all client requests to correct microservices destination.
In this tutorial, I will show you step by step how to install and configure Traefik modern reverse proxy as a Docker container on Ubuntu 18.04 LTS (Bionic Beaver).
Prerequisites
- Ubuntu 18.04
- Root privileges
What we will do?
- Install Docker on Ubuntu 18.04
- Install Docker Compose
- Create Custom Docker Network
- Install and Configure Traefik
- Testing
Step 1 – Install Docker on Ubuntu 18.04
For this guide, we will be using the latest docker version that can be installed from the official docker repository.
Add the docker key and repository using the command below.
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add –
sudo add-apt-repository \
“deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable”
The ‘add-apt-repository’ command will automatically update all repositories.
Now install the latest docker-ce.
sudo apt install docker-ce
After the installation is complete, start the docker service and enable it to launch everytime at system boot.
systemctl start docker
systemctl enable docker
The docker community-edition has been installed on Ubuntu 18.04 system, check the installed docker version.
docker version
Additional: Running Docker for non-root user
Docker container can be run under the non-root user. We just need to add the user to the docker group.
Add ‘mohammad’ user.
useradd -m -s /bin/bash mohammad
Now add the ‘mohammad’ user to the docker group, then restart the docker service.
usermod -a -G docker mohammad
systemctl restart docker
Test by running the docker hello-world.
docker run -it hello-world
And following is the result.
Step 2 – Install Docker Compose
Docker-Compose is a command line tool for defining and managing multi-container docker applications.
Docker Compose is a python script, it can be installed with the python pip command or with the apt command from Ubuntu repository easily. With compose, we can run multiple Docker containers with a single command.
Install docker compose from the repository using the apt command below.
sudo apt install docker-compose
After the installation is complete, check the docker compose version.
docker-compose version
The docker compose 1.17 has been installed on Ubuntu 18.04.
Step 3 – Create Custom Docker Network
In this tutorial, the traefik container will be running on the docker custom network. So we need to create a new docker custom network on the server.
Check the available docker network on the system.
docker network ls
Now create a new custom network named ‘proxy’ for the traefik container.
docker network create proxy
And you will get a random string of the network container name. Check again the available network.
docker network ls
Shown below is the result.
The custom docker network named ‘proxy’ for traefik has been created.
Step 4 – Install and Configure Traefik Reverse Proxy
In this step, we will create the traefik container with HTTPS letsencrypt enabled (using a domain name ‘traefik.hakase-labs.io), and automatically redirect HTTP to HTTPS on traefik.
Traefik Pre-Installation
Before creating all traefik configuration, we need to install ‘apache2-utils’ for generating the encrypted htpasswd password and creating the new traefik directory.
Install ‘apache2-utils’ using the apt command below.
sudo apt install apache2-utils -y
Now run the htpasswd command below to generate a new password for traefik dashboard authentication.
htpasswd -nb mohammad password
Keep the result in your note.
mohammad:$apr1$hEgpZUN2$OYG3KwpzI3T1FqIg9LIbi.
Next, login to the ‘mohammad’ user.
su – mohammad
Create a new directory named ‘traefik’ for all traefik configuration.
mkdir -p traefik/
cd traefik/
Create Traefik Configuration
Go to the ‘traefik’ directory and create a new configuration file ‘traefik.toml’ using vim editor.
cd traefik/
vim traefik.toml
Paste the configuration below.
#Traefik Global Configuration debug = false checkNewVersion = true logLevel = "ERROR" #Define the EntryPoint for HTTP and HTTPS defaultEntryPoints = ["https","http"] #Enable Traefik Dashboard on port 8080 #with basic authentication method #mohammad and password [web] address = ":8080" [web.auth.basic] users = ["mohammad:$apr1$hEgpZUN2$OYG3KwpzI3T1FqIg9LIbi."] #Define the HTTP port 80 and #HTTPS port 443 EntryPoint #Enable automatically redirect HTTP to HTTPS [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] #Enable retry sending a request if the network error [retry] #Define Docker Backend Configuration [docker] endpoint = "unix:///var/run/docker.sock" domain = "traefik.hakase-labs.io" watch = true exposedbydefault = false #Letsencrypt Registration #Define the Letsencrypt ACME HTTP challenge [acme] email = "[email protected]" storage = "acme.json" entryPoint = "https" OnHostRule = true [acme.httpChallenge] entryPoint = "http"
Save and exit.
Note:
All information about the configuration is in the comment section ‘#…‘.
Create Traefik Docker Compose Script
Now create the docker-compose yml script.
vim docker-compose.yml
Paste the configuration below.
version: '3' services: traefik: image: traefik:latest command: --docker --docker.domain=hakase-labs.io ports: - 80:80 - 443:443 networks: - proxy volumes: - /var/run/docker.sock:/var/run/docker.sock - ./traefik.toml:/traefik.toml - ./acme.json:/acme.json labels: - "traefik.frontend.rule=Host:traefik.hakase-labs.io" - "traefik.port=8080" container_name: traefik restart: always networks: proxy: external: true
Save and exit.
Note:
- We’re creating a new container named ‘traefik’ based on the ‘traefik:latest’ docker image.
- The ‘traefik’ container will be running on the custom docker network named ‘proxy’ and expose external ports HTTP 80 and HTTPS 443.
- The container will mount traefik configuration ‘traefik.toml’ and ‘acme.json’, including the docker sock file.
- Label configuration for traefik, the frontend domain name, and the traefik port.
Letsencrypt ACME Configuration
The acme configuration on ‘traefik.toml’ is used for automatically generate the SSL letsencrypt. And it’s required for the storage file ‘acme.json’.
Create a new JSON file ‘acme.json’ and change the permission to ‘600’.
touch acme.json
chmod 600 acme.json
All logs about SSL letsencrypt info will be saved in the file.
Build Traefik Container
Now we’re ready to build our own traefik container using the above configuration files.
cd traefik/
ls -lah
All configuration ‘traefik.toml’, ‘docker-compose.yml’, and ‘acme.json’ files.
Build the container using docker compose command below.
docker-compose up -d
When it’s complete, check the running container.
docker-compose ps
And you will get the Traefik container up and running, expose the external ports HTTP and HTTPS.
Step 5 – Testing
Open your web browser and type the traefik domain name on the address bar. Mine is:
http://traefik.hakase-labs.io/
You will be redirected to the HTTPS connection and will be asked for the username and password authentication.
Log in with the user ‘mohammad’ and password is ‘password’.
And you will get the Traefik dashboard as below.
Traefik Health status page.
Traefik modern HTTP reverse-proxy has been installed as a Docker container on Ubuntu 18.04.