Introduction to Traefik

3 min read Original article ↗

  • Introduction to Traefik #idi2019 Bologna Giovanni Toraldo @gionn

  • ➔ Open Source enthusiast ➔ software developer / devops ➔

    writer ➔ speaker ➔ aiming 2 euro coin at 36 meters with medieval crossbow ➔ Lead Developer & Co-Founder https://cloudesire.com

  • https://demo.cloudesire.com

  • Why ANOTHER reverse-proxy?

  • Static configuration in a dynamic environment infrastructure and microservices

  • HTTPS everywhere rsync certificates and pkey everywhere

  • Metrics & Monitoring

  • Lack of API

  • modern HTTP reverse proxy and load balancer

  • Project overview

  • None

  • Architecture

  • None

  • None

  • Plot twist Configuration hierarchy is going to change https://blog.containo.us/traefik-spoile r-season-episode-1-3dbcb1f5d8b9

    (Nov 2018)

  • Static configuration (TOML syntax)

  • Basic configuration - Entrypoints [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect]

    entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [[entryPoints.https.tls.certificates]] certFile = "https/snitest.com.cert" keyFile = "https/snitest.com.key" [[entryPoints.https.tls.certificates]] certFile = "https/snitest.org.cert" keyFile = "https/snitest.org.key"

  • Basic configuration - Frontends [frontends] [frontends.frontend1] backend = "backend2" [frontends.frontend1.routes.test_1]

    rule = "Host:test.localhost,test2.localhost" [frontends.frontend2] backend = "backend1" [frontends.frontend2.routes.test_1] rule = "HostRegexp:localhost,{subdomain:[a-z]+}.localhost" [frontends.frontend3] backend = "backend2" [frontends.frontend3.routes.test_1] rule = "Host:test3.localhost;Path:/test"

  • Basic configuration - Backends [backends] [backends.backend1] [backends.backend1.servers.server1] url = "http://172.17.0.2:80"

    weight = 10 [backends.backend1.servers.server2] url = "http://172.17.0.3:80" weight = 1 [backends.backend2] [backends.backend2.servers.server1] url = "https://172.17.0.4:443" weight = 1 [backends.backend2.servers.server2] url = "https://172.17.0.5:443" weight = 2

  • docker run -p 80:80 -p 443:443 -v ./traefik.toml:/traefik.toml traefik:latest -c

    /traefik.toml

  • Dynamic configuration Let magic happen

  • Backends real-time discovery • Docker / Docker Swarm • Kubernetes

    / Rancher • Mesos / Marathon • Consul Catalog • Eureka (Netflix) • Amazon ECS • Azure Service Fabric • Rest API • Plain File

  • Docker backend # Enable Docker Provider. [docker] # Docker server

    endpoint. Can be a tcp or a unix socket endpoint. # # Required # endpoint = "unix:///var/run/docker.sock" # Default base domain used for the frontend rules. # # Required # domain = "docker.localhost"

  • Shared configuration (cluster mode) K/V store: Consul / Etcd /

    Zookeeper / BoltDB / DynamoDB

  • Traefik storeconfig -c traefik.toml

  • traefik --consul --consul.endpoint=127.0.0.1:8500 Cluster mode enabled

  • Real-life example OwnCloud + Docker-compose + Letsencrypt https://github.com/gionn/owncloud-traefik-example

  • Real-life example - traefik.toml logLevel = "INFO" defaultEntryPoints = ["https","http"]

    [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [acme] email = "[email protected]" storage = "acme.json" entryPoint = "https" onHostRule = true [acme.httpChallenge] entryPoint = "http"

  • Real-life example - docker-compose.yml services: reverse-proxy: image: traefik command: --api

    --docker -c /etc/traefik.toml ports: - "80:80" - "443:443" - "8080:8080" # The Web UI (enabled by --api) volumes: - /var/run/docker.sock:/var/run/docker.sock # Listen on Docker events - ./traefik.toml:/etc/traefik.toml - ./acme.json:/acme.json

  • Real-life example - docker-compose.yml (2) services: owncloud: image: owncloud/server:${OWNCLOUD_VERSION} ...

    labels: - "traefik.frontend.rule=Host:owncloud.gionn.net" db: image: webhippie/mariadb:latest ... labels: - "traefik.enable=false"

  • Docker-compose up -d profit

  • Native status & monitoring UI

  • None

  • None

  • Prometheus/InfluxDB/Statsd

  • None

  • Load balancing wrr: Weighted Round Robin drr: Dynamic Round Robin

  • Dynamic Round Robin examples [backends] [backends.backend1] [backends.backend1.circuitbreaker] expression = "NetworkErrorRatio()

    > 0.5" #expression = "ResponseCodeRatio(500, 600, 0, 600) > 0.5" #expression = "LatencyAtQuantileMS(50.0) > 50" [backends.backend1.servers.server1] url = "http://172.17.0.2:80" weight = 10 [backends.backend1.servers.server2] url = "http://172.17.0.3:80" weight = 1

  • Health checks GET /endpoint to validate backend

  • Health check example [backends] [backends.backend1] [backends.backend1.healthcheck] path = "/ping" interval

    = "10s" scheme = "http"

  • Introducing Traefik Enterprise Edition (Dec 2018)

  • Recap • Distributed as alpine-based docker image (22 MB!) •

    Configuration auto-reload • Dynamic backend discovery • Letsencrypt HTTPS with autopilot ◦ HTTP token challenge ◦ DNS challenge (wildcard certificates) • First-class load balancing with circuit-breakers, active health checks • Shared configuration (Cluster mode) with K/V store • Native metrics & status UI • TraefikEE: native raft (no K/V store), operator CLI

  • THANKS