Merge duplicate page and add note about docker networking
parent
e92f2226fd
commit
b7f6f33b83
|
@ -1,22 +1,54 @@
|
||||||
Traefik is a reverse proxy software which sits in front of all running services on a server. It:
|
Traefik is a reverse proxy software which sits in front of all running services on a server. It integrates very nicely with docker and other orchestration tools. It looks at Docker container labels to determine routing rules, middleware definitions, and other configuraiton, meaning application-specific configuration can be kept together with the application and easily applied to any server which has a Traefik reverse proxy running, rather than tying it to a particular server's global configuration. It:
|
||||||
|
|
||||||
- [listens on port 80](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L2-L4), and [redirects any requests to https on port 443](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/docker-compose.yml#L26-L30)
|
- [listens on port 80](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L2-L4), and [redirects any requests to https on port 443](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/docker-compose.yml#L26-L30)
|
||||||
- [listens on port 443](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L5-L6) and either forwards that request to a configured service, or responds with a 404 if no matching service is configured
|
- [listens on port 443](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L5-L6) and either forwards that request to a configured service, or responds with a 404 if no matching service is configured
|
||||||
- [watches a static configuration file](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L30-L31) for routing rules.
|
- [watches a static configuration file](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L30-L31) for routing rules.
|
||||||
- [watches the docker service](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L26-L29) for routing rules configured through labels on containers. This allows us to keep the configuration for a service with the service, rather than tying it to a particular server's global configuration.
|
- [watches the docker service](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L26-L29) for routing rules configured through labels on containers.
|
||||||
- [Automatically acquires certificates](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L11-L23) for the configured services, either through HTTP or DNS (TXT record) validation.
|
- [Automatically acquires certificates](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L11-L23) for the configured services, either through HTTP or DNS (TXT record) validation.
|
||||||
|
|
||||||
To deploy services on a new server, see the instructions in the README for the [traefik config repository](https://git.tams.tech/TWS/traefik-config)
|
To deploy services on a new server, see the instructions in the README for the [traefik config repository](https://git.tams.tech/TWS/traefik-config)
|
||||||
|
|
||||||
To add a service to a server which uses Traefik as a reverse proxy, add labels to the container like
|
To add a service to a server which uses Traefik as a reverse proxy, ensure it is in the `web` network and add labels to the container like this:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
services:
|
services:
|
||||||
some service:
|
web-service:
|
||||||
...
|
# This service has some public-facing HTTP service listening on port 1312
|
||||||
|
labels:
|
||||||
|
traefik.http.routers.{SERVICE_NAME}.rule: Host(`example.com`) || Host(`example.net`) && !PathPrefix(`/service/prefix`)
|
||||||
|
# You don't need to specify the port like this unless the container has multiple exposed ports. This is just an example:
|
||||||
|
traefik.http.services.{SERVICE_NAME}.loadbalancer.server.port: 1312
|
||||||
|
traefik.http.routers.{SERVICE_NAME}.tls: true
|
||||||
|
traefik.http.routers.{SERVICE_NAME}.tls.certresolver: letsencrypt
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
- web
|
||||||
|
database:
|
||||||
|
# This is something the web-service depends on, but that shouldn't be publicly exposed
|
||||||
|
networks: [ internal ]
|
||||||
|
|
||||||
|
networks:
|
||||||
|
web:
|
||||||
|
external: true
|
||||||
|
internal:
|
||||||
|
internal: true
|
||||||
|
```
|
||||||
|
|
||||||
|
If the service stands on its own and doesn't require a dependent service, you don't need the extra internal network, but it still needs to be on the external network named `web`:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
services:
|
||||||
|
web-service:
|
||||||
labels:
|
labels:
|
||||||
traefik.http.routers.{SERVICE_NAME}.rule: Host(`example.com`) || Host(`example.net`) && !PathPrefix(`/service/prefix`)
|
traefik.http.routers.{SERVICE_NAME}.rule: Host(`example.com`) || Host(`example.net`) && !PathPrefix(`/service/prefix`)
|
||||||
traefik.http.routers.{SERVICE_NAME}.tls: true
|
traefik.http.routers.{SERVICE_NAME}.tls: true
|
||||||
traefik.http.routers.{SERVICE_NAME}.tls.certresolver: letsencrypt
|
traefik.http.routers.{SERVICE_NAME}.tls.certresolver: letsencrypt
|
||||||
|
networks: [ web ]
|
||||||
|
|
||||||
|
networks:
|
||||||
|
web:
|
||||||
|
external: true
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Of course, don't forget to point the configured host's DNS records at the server you're working with!
|
Of course, don't forget to point the configured host's DNS records at the server you're working with!
|
Loading…
Reference in a new issue