Bobcares

WeSupport

Call Us! 1-800-383-5193
Call Us! 1-800-383-5193
Call Us! 1-800-383-5193

Need Help?

Emergency Response Time custom

Our experts have had an average response time of 11.55 minutes in January 2021 to fix urgent issues.

We will keep your servers stable, secure and fast at all times for one fixed price.

Traefik Reverse Proxy for Docker Containers on Ubuntu 20.04

by | Jan 17, 2021

Need to set up Traefik Reverse Proxy for Docker Containers on Ubuntu 20.04?

At Bobcares we often handle similar requests from our customers as a part of our Server Management Services.

Today let’s see how our Support Engineers do this for our customers with ease.

How to set up Traefik Reverse Proxy for Docker Containers on Ubuntu 20.04

Before going into the steps to set up Traefik Reverse Proxy for Docker Containers, we will take a glimpse of Traefik.

What is Traefik Reverse Proxy?

Traefik is one of the methods used to set reverse proxy on Docker when we want to run multiple applications which results in the exposure of 80 and 443 ports.

And traefik has its own monitoring dashboard. It is easy to configure many services at the application container level due to the declarative configuration of Traefik.

Also, we will not have to restart the traefik container when a new application is added to proxy traffic. This is because Traefik monitors the Docket socket files and will notice the changes made to it.

traefik reverse proxy for docker

Steps to set up Traefik Reverse Proxy for Docker Containers on Ubuntu 20.04

We will check the steps that our Support Techs follow to set up Traefik Reverse Proxy for Docker.

Here will take a Docker container on Ubuntu 20.04 and use Traefik to route requests to two different web applications.

One of them will be a WordPress container and the other one will be an Adminer container, each communicating to a MySQL database.

We will configure Traefik to serve everything over HTTPS using Let’s Encrypt.

The following are the steps to follow for the set up:

1. Configuring Traefik

First, we need to create a configuration file and set up an encrypted password so we can access the monitoring dashboard.

We will use the htpasswd utility to create this encrypted password.

Install the utility with the following command:

$ sudo apt-get install apache2-utils

Then we can generate the password with htpasswd.

And substitute secure_password with the password we like to use for the Traefik admin user:

$ htpasswd -nb admin secure_password

We will get an output as shown below:

admin:$apr1$ruca84Hq$mbjdMZBAG.KWn7vfN/SNK/

We must copy the output we receive as we will use it in the Traefik configuration file to set up HTTP Basic Authentication for the Traefik health check and the monitoring dashboard.

Next we will create a configuration file called traefik.toml using the TOML format.

We will use three of Traefik’s available providers: api, docker, and acme. The last of these, acme supports TLS certificates using Let’s Encrypt.

Open the new file text editor:

$ nano traefik.toml

First, we need to add two named entry points, http and https,  to which all backends have access by default:

defaultEntryPoints = ["http", "https"]

Next,  access to a dashboard interface and paste the output from the htpasswd command:

...
[entryPoints]
[entryPoints.dashboard]
address = ":8080"
[entryPoints.dashboard.auth]
[entryPoints.dashboard.auth.basic]
users = ["admin:your_encrypted_password"]
[api]
entrypoint="dashboard"

We set the dashboard to run on port 8080.

We have defined our first entryPoint.

The entryPoints section configures the addresses that Traefik and the proxied containers get listed on.

We need to add these lines to the file

...
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
...

The HTTP entry point handles port 80, while the HTTPS entry point uses port 443 for TLS/SSL.

We automatically redirect all of the traffic on port 80 to the HTTPS entry point to force secure connections for all requests.

Next, add the below lines to configure Let’s Encrypt certificate support for Traefik:

...
[acme]
email = "your_email@your_domain"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"

Finally, we will configure the docker provider by adding these lines to the file:

...
[docker]
domain = "your_domain"
watch = true
network = "web"

The docker provider enables Traefik to act as a proxy in front of Docker containers.

Save the file and exit the editor.

[Facing difficulty to configure Traefik? We are happy to help you!]

2.  Running the Traefik Container

Next, we need to create a Docker network for the proxy to share with containers.

The following command can be used:

$ docker network create web

When the Traefik container starts, we will add it to this network.
Then we can add additional containers to this network for Traefik to proxy to.

Create an empty file that will hold our Let’s Encrypt information.
We will share this into the container by using the following command:

$ touch acme.json
The root user inside of the container must have unique read and write access to it so that Traefik can use it. 
We can change the permission using the following command:
$ chmod 600 acme.json

Once the file moves to Docker, the owner gets changed to root automatically inside the container.

Finally, we will create the Traefik container with this command:


$ docker run -d \
$ -v /var/run/docker.sock:/var/run/docker.sock \
$ -v $PWD/traefik.toml:/traefik.toml \
$ -v $PWD/acme.json:/acme.json \
$ -p 80:80 \
$ -p 443:443 \
$ -l traefik.frontend.rule=Host:monitor.your_domain \
$ -l traefik.port=8080 \
$ --network web \
$ --name traefik \
$ traefik:1.7-alpine

Now that the container is running we will have a dashboard to access and monitor the health of the containers.

We can access the monitoring dashboard by pointing the browser to https://monitor.your_domain.

By using the admin login credentials we will be able to see the dashboard. But we can see contents only after adding containers.

3. Adding Containers to Traefik

Now that we have our Traefik proxy running, configured to work with Docker, and ready to monitor other Docker containers

We will add the below containers for Traefik to proxy.

1. A blog using the official WordPress image.
2. A database management server using the official Adminer image.

We will manage both of these applications with Docker Compose using a docker-compose.yml file.

First, create and open the docker-compose.yml file in your editor:

$ nano docker-compose.yml

Then we need to add the following lines to specify the version and the networks we use:

version: "3"

networks:
web:
external: true
internal:
external: false

Here we will use the Docker Compose version 3 as it’s the newest major version of the Compose file format.

Next, we will define the services of the blog container, which is based on an official WordPress image.

Add these lines to the bottom of the configuration file:

...
services:
blog:
image: wordpress:4.9.8-apache
environment:
WORDPRESS_DB_PASSWORD:
labels:
- traefik.backend=blog
- traefik.frontend.rule=Host:blog.your_domain
- traefik.docker.network=web
- traefik.port=80
networks:
- internal
- web
depends_on:
- mysql

Now all traffic to our Docker host’s port 80 will be routed to the blog container.

We will assign this container to two different networks so that Traefik can find it via the web network and can communicate with the database container through the internal network.

Lastly, the depends_on key tells Docker Compose that this container needs to start after its dependencies are running.

Since WordPress needs a database to run, we must run our MySQL container before starting our blog container.

After that we can configure the MySQL service by adding the following lines to the bottom of the configuration file:

...
mysql:
image: mysql:5.7
environment:
MYSQL_ROOT_PASSWORD:
networks:
- internal
labels:
- traefik.enable=false

Finally, we can add this configuration to the bottom of the configuration file to define the Adminer container:

...
adminer:
image: adminer:4.6.3-standalone
labels:
- traefik.backend=adminer
- traefik.frontend.rule=Host:db-admin.your_domain
- traefik.docker.network=web
- traefik.port=8080
networks:
- internal
- web
depends_on:
- mysql

Save the file and exit.

Next, we will set values in the shell for the WORDPRESS_DB_PASSWORD and MYSQL_ROOT_PASSWORD variables before starting the containers:

$ export WORDPRESS_DB_PASSWORD=secure_database_password
$ export MYSQL_ROOT_PASSWORD=secure_database_password

We can substitute secure_database_password with the desired database password.

But we must use the same password for both WORDPRESS_DB_PASSWORD and MYSQL_ROOT_PASSWORD.

Finally, we can run the containers using docker-compose:

$ docker-compose up -d

Both sites will be working, and we can use the Traefik dashboard for monitoring the containers.

[Need assistance to use Traefik? We are here for you!]

Conclusion

To conclude, we saw how to set up traefik reverse proxy for docker on ubuntu 20.04. Also, saw the method followed by our Support Engineers to set this up.

 

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

1 Comment

Submit a Comment

Your email address will not be published. Required fields are marked *

Docker Support

Spend time on your business, not on your servers.

Managing a server is time consuming. Whether you are an expert or a newbie, that is time you could use to focus on your product or service. Leave your server management to us, and use that time to focus on the growth and success of your business.

TALK TO US Or click here to learn more.

Categories:

Tags: