TWS/meta
9
0
Fork 1
Code Issues 17 Pull requests 2 Packages Projects 2 Releases Wiki Activity

Merge duplicate page and add note about docker networking

scott 2023-08-18 16:54:43 +00:00
parent e92f2226fd
commit b7f6f33b83
1 changed files with 37 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
Traefik-Global-configuration.md

@ -1,22 +1,54 @@
Traefik is a reverse proxy software which sits in front of all running services on a server. It: Traefik is a reverse proxy software which sits in front of all running services on a server. It integrates very nicely with docker and other orchestration tools. It looks at Docker container labels to determine routing rules, middleware definitions, and other configuraiton, meaning application-specific configuration can be kept together with the application and easily applied to any server which has a Traefik reverse proxy running, rather than tying it to a particular server's global configuration. It:
- [listens on port 80](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L2-L4), and [redirects any requests to https on port 443](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/docker-compose.yml#L26-L30) - [listens on port 80](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L2-L4), and [redirects any requests to https on port 443](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/docker-compose.yml#L26-L30)
- [listens on port 443](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L5-L6) and either forwards that request to a configured service, or responds with a 404 if no matching service is configured - [listens on port 443](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L5-L6) and either forwards that request to a configured service, or responds with a 404 if no matching service is configured
- [watches a static configuration file](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L30-L31) for routing rules. - [watches a static configuration file](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L30-L31) for routing rules.
- [watches the docker service](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L26-L29) for routing rules configured through labels on containers. This allows us to keep the configuration for a service with the service, rather than tying it to a particular server's global configuration. - [watches the docker service](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L26-L29) for routing rules configured through labels on containers.
- [Automatically acquires certificates](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L11-L23) for the configured services, either through HTTP or DNS (TXT record) validation. - [Automatically acquires certificates](https://git.tams.tech/TWS/traefik-config/src/commit/d4f6eb139c3a4f60d94bb5aa712d2a96becda7ac/traefik.yaml#L11-L23) for the configured services, either through HTTP or DNS (TXT record) validation.
To deploy services on a new server, see the instructions in the README for the [traefik config repository](https://git.tams.tech/TWS/traefik-config) To deploy services on a new server, see the instructions in the README for the [traefik config repository](https://git.tams.tech/TWS/traefik-config)
To add a service to a server which uses Traefik as a reverse proxy, add labels to the container like To add a service to a server which uses Traefik as a reverse proxy, ensure it is in the `web` network and add labels to the container like this:
```yaml ```yaml
services: services:
some service: web-service:
... # This service has some public-facing HTTP service listening on port 1312
labels:
traefik.http.routers.{SERVICE_NAME}.rule: Host(`example.com`) || Host(`example.net`) && !PathPrefix(`/service/prefix`)
# You don't need to specify the port like this unless the container has multiple exposed ports. This is just an example:
traefik.http.services.{SERVICE_NAME}.loadbalancer.server.port: 1312
traefik.http.routers.{SERVICE_NAME}.tls: true
traefik.http.routers.{SERVICE_NAME}.tls.certresolver: letsencrypt
networks:
- internal
- web
database:
# This is something the web-service depends on, but that shouldn't be publicly exposed
networks: [ internal ]
networks:
web:
external: true
internal:
internal: true
```
If the service stands on its own and doesn't require a dependent service, you don't need the extra internal network, but it still needs to be on the external network named `web`:
```yaml
services:
web-service:
labels: labels:
traefik.http.routers.{SERVICE_NAME}.rule: Host(`example.com`) || Host(`example.net`) && !PathPrefix(`/service/prefix`) traefik.http.routers.{SERVICE_NAME}.rule: Host(`example.com`) || Host(`example.net`) && !PathPrefix(`/service/prefix`)
traefik.http.routers.{SERVICE_NAME}.tls: true traefik.http.routers.{SERVICE_NAME}.tls: true
traefik.http.routers.{SERVICE_NAME}.tls.certresolver: letsencrypt traefik.http.routers.{SERVICE_NAME}.tls.certresolver: letsencrypt
networks: [ web ]
networks:
web:
external: true
``` ```
Of course, don't forget to point the configured host's DNS records at the server you're working with! Of course, don't forget to point the configured host's DNS records at the server you're working with!