Traefik
Traefik is a reverse Proxy that manages routing of services on a Server.
Getting started
Traefik is preferable used inside a Docker container.
Traefik docker-compose file:
version: '3.9'
services:
reverse-proxy:
image: traefik:v2.6
restart: "always"
# In this example traefik is configured with CLI options.
# "--providers.docker=true": Enable Docker as a provider
# "--providers.docker.network="traefik"" specify the docker network "traefik" as the network for traefik. This is option must be used when a container has two or more networks attached to it
# "--api.insecure=true": enables traefiks dashboard
command: --providers.docker=true --providers.docker.network="traefik" --api.insecure=true
ports:
# Open Port 80 & 443 for traefik
- "80:80"
- "443:443"
# Open Port 8080 for traefiks webinterface
- "8080:8080"
volumes:
# mount the docker socket, so that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik
networks:
traefik:
driver: "bridge"
name: traefik
Webserver docker-compose file:
version: '3.9'
services:
webserver:
image: httpd:2.4.52-alpine
restart: "always"
expose:
# If only one port is exposed traefik, will detect and use it
- 80
labels:
# Rules for routing can be defined with labels. "traefik.http.routers.<Container name>.rule" tells traefik when to route to this container
# In this case traefik will route to this webserver when the requested host is "example.com"
- traefik.http.routers.webserver.rule=Host(`example.com`)
networks:
# Make sure to add this service to the same network as traefik
- traefik
networks:
traefik:
external: true
Configuration
Traefik can be configured by either commandline options or a config file. A config file must be created under /etc/traefik/traefik.yml. This file can also be in TOML format. Also note that all config options and values are case sensitive.
Docker
Full documentation about this topic: Docker
providers.docker.exposedByDefault
Default value: true
If set to false all containers are ignored by default and must use the traefik.enable=true label to be not ignored by traefik. This is usefull if you have a lot of containers not exposing any ports.
providers.docker.network
Default value: <None>
This defines the docker network that should be used by traefik to connect to other containers. If a container uses more than the traefik network this option should be used. This can also be applied per-container with the traefik.docker.network label.
Logging
Full documentation about this topic: Access Logs & Logs
accessLog.filePath
Default value: <None>
Defines the file to write access logs. If this option is not used the access logs are written to standard output (StdOut).
accessLog.format
Default value: "CLF"
Access logs written in the "Common Log Format" (CLF) by default. It is also possable to write access logs as JSON, by setting the format to json. Note the access log file is not written as a valid JSON file but instead is written in JSON-Lines. If an Invalid format is provided traefik willl fallback to CLF.
log.filePath
Default value: <None>
Defines the file to write logs. If this option is not used the logs are written to standard output (StdOut).
log.format
Default value: "CLF"
Logs written in the "Common Log Format" (CLF) by default. It is also possable to write logs as JSON, by setting the format to json. Note the log file not in written as valid JSON file but instead is written in JSON-Lines. If an Invalid format is provided traefik willl fallback to CLF.
log.level
Default value: "ERROR"
This options sets the verbosity of the traefik logs. Valid values are: DEBUG, INFO, WARN, ERROR, FATAL & PANIC
Example Configuration File (YML)
api:
dashboard: true
insecure: true
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
providers:
docker:
network: "traefik"
accesslog:
filepath: "/opt/access.log"
log:
filepath: "/opt/traefik.log"
