Because I want to install a service and spend as little time as possible on maintaining it, I try to avoid complicated hand-made configurations. That is why , I find containers pretty cool and use them for different stuff: I stumbled over traefik which makes my life very easy.
Keeping life simple:
I hate to touch millions of configuration files and investing night after night into the maintenance of my services. Some of them are my blog, my ownCloud, and my monitoring system.
I rent a little server at scaleway.com for my sevice purposes. And decided to go with docker-compose for deployments until i hop on the kubernetes train.
I went through testing several scenarios for setting up my services. Deploying on vms, having different vhosts for webapplications and so on. All of that is imho frustrating to install and maintain.
A little while ago i then came across a handy little helper called traefik. It is not just a loadbalancer but also a reverse proxy written in go-lang and with minimal configuration efforts i was able to get my services up and running even with valid ssl certificates obtained by letsencrypt.
Create Traefik service
To achieve this i created this docker-compose.yml
I used mydomain.com as placeholder domains, you will want to change any occurence of that when you see it.
version: '3'
services:
traefik:
image: traefik:latest
command: --docker --docker.domain=mydomain.com
ports:
- 80:80
- 443:443
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
labels:
- traefik.enable=true
- traefik.port=8080
- traefik.backend=traefik
- traefik.docker.network=proxy
- traefik.frontend.rule=Host:traefik.mydomain.com
container_name: traefik
restart: always
networks:
proxy:
external: true
And configured My Traefik in the traefik.toml
#Traefik Global Configuration
debug = false
checkNewVersion = true
logLevel = "ERROR"
#Define the EntryPoint for HTTP and HTTPS
defaultEntryPoints = ["https","http"]
#Enable automatically redirect HTTP to HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
#Enable retry sending a request if the network error
[retry]
#Define Docker Backend Configuration
[docker]
endpoint = "unix:///var/run/docker.sock"
#domain = "mydomain.com"
watch = true
exposedbydefault = true
#Letsencrypt Registration
#Define the Letsencrypt ACME HTTP challenge
[acme]
email = "me@mydomain.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
# Domains list.
[[acme.domains]]
main = "mydomain.com"
[[acme.domains]]
main = "mysidedomain.com"
Before starting any containers I need to define a network for them to communicate with.
docker network create proxy
Then I start traefik with:
docker-compose up -d
Create service with https and proxied by traefik
After that I am ready to start a service, in this case, drone-ci with:
version: '3.4'
networks:
proxy:
external: true
internal:
external: false
services:
drone-server:
image: drone/drone:1.1.0
volumes:
- drone-server-data:/var/lib/drone/
restart: always
environment:
- DRONE_OPEN=true
- DRONE_HOST=drone.jonaka.de
- DRONE_GITHUB=true
- DRONE_ADMIN=mygithubname
- DRONE_GITHUB_CLIENT_ID=mygithubclientid
- DRONE_GITHUB_CLIENT_SECRET=mygithubclientsecret
- DRONE_SECRET=mydronesecret
labels:
- traefik.backend=drone
- traefik.frontend.rule=Host:drone.mydomain.com
- traefik.docker.network=proxy
- traefik.enable=true
networks:
- internal
- proxy
drone-agent:
image: drone/agent:1.1.0
restart: always
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_SERVER=drone.mydomain.com:9000
- DRONE_SECRET=mydronesecret
labels:
- traefik.backend=drone-agent
- traefik.enable=false
networks:
- internal
The part that is particularly interesting are the labels that interact with traefik:
labels:
- traefik.backend=drone
- traefik.frontend.rule=Host:drone.mydomain.com
- traefik.docker.network=proxy
- traefik.enable=true
This tells traefik: Here is a service that needs a domain: drone.mydomain.com
Use this network traefik.docker.network=proxy for the service and make sure this service can communicate with others in on the host and make it available to the outside.
What are your thoughts on reverse proxies? Are you all on kubernetes already? Is it worth the ramp up time ? What kind of services do you have deployed? Any plans for holiday projects? I am looking forward in improving my prometheus setup or setting up a kubernetes cluster utilizing terraform and ansible.