Movatterモバイル変換


[0]ホーム

URL:


Skip to content
DEV Community
Log in Create account

DEV Community

ohffs
ohffs

Posted on

     

Traefik v2 with Docker Swarm

Traefik v2 with Docker Swarm

I've been a happy user ofTraefik all through the v1.x series but with v2.1 coming out I began to have a proper look at upgrading. The docs are very thorough, but as with a lot of thorough docs also not very enlightening about 'how do I do the thing?'.

So after a bit of faffing about, watchingyotube videos (the files here are modified versions of the compose-style ones attached to the video) etc I've got something running. This is a very basic 'just get it up and running' example - mostly as an aide-memoire for myself and hopefully to give some pointers to other people migrating from v1 to v2. I'm assuming familiarity with Traefik v1 so I'm not documenting everything line by line.

The stack files

Our setup is a traefik instance running listening on an overlay network called 'proxy'. Any web apps that need to talk to the outside world also sit on that network and have the magic traefik labels set so they get picked up. So the v2 traefik file I have so far is :

version:"3.3"services:traefik:image:traefik:v2.0restart:alwayscontainer_name:traefikports:-"80:80"-"8080:8080"# traefik dashboard-"443:443"command:---api.insecure=true# set to 'false' on production---api.dashboard=true# see https://docs.traefik.io/v2.0/operations/dashboard/#secure-mode for how to secure the dashboard---api.debug=true# enable additional endpoints for debugging and profiling---log.level=DEBUG# debug while we get it working, for more levels/info see https://docs.traefik.io/observability/logs/---providers.docker=true---providers.docker.swarmMode=true---providers.docker.exposedbydefault=false---providers.docker.network=proxy---entrypoints.web.address=:80---entrypoints.web-secured.address=:443---certificatesresolvers.mytlschallenge.acme.httpChallenge.entrypoint=web---certificatesresolvers.mytlschallenge.acme.email=you@whatever.com---certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.jsonvolumes:-letsencrypt:/letsencrypt-/var/run/docker.sock:/var/run/docker.socknetworks:-proxydeploy:labels:-"traefik.enable=true"-"traefik.http.routers.api.rule=Host(`traefik.yourdomain.com`)"-"traefik.http.routers.api.service=api@internal"# Let the dashboard access the traefik apinetworks:proxy:external:truevolumes:letsencrypt:

And a basic example wordpress stack file :

version:"3.3"services:wordpress:image:wordpressrestart:alwayscontainer_name:wpenvironment:WORDPRESS_DB_HOST:dbWORDPRESS_DB_USER:exampleuserWORDPRESS_DB_PASSWORD:examplepassWORDPRESS_DB_NAME:exampledbvolumes:-wordpress:/var/www/htmlnetworks:-proxy-backenddeploy:labels:-"traefik.enable=true"-"traefik.http.routers.wordpress.rule=Host(`wordpress.yourdomain.com`)"-"traefik.http.routers.wordpress.entrypoints=web"-"traefik.http.services.wordpress.loadbalancer.server.port=80"# it seems you always need to give traefik a port so it 'notices' the service-"traefik.http.routers.wordpress-secured.rule=Host(`wordpress.yourdomain.com`)"-"traefik.http.routers.wordpress-secured.entrypoints=web-secured"-"traefik.http.routers.wordpress-secured.tls.certresolver=mytlschallenge"db:image:mysql:5.7restart:alwaysenvironment:MYSQL_DATABASE:exampledbMYSQL_USER:exampleuserMYSQL_PASSWORD:examplepassMYSQL_RANDOM_ROOT_PASSWORD:'1'volumes:-db:/var/lib/mysqlnetworks:-backendnetworks:backend:proxy:external:truevolumes:db:wordpress:

Using it

# assuming you are on a swarm master nodedocker network create --driver=overlay proxydocker stack deploy -c traefik.yml traefikdocker stack deploy -c wordpress.yml wordpress

After a short delay you should be able to visit the urls defined in the stack files on both http and https.

CI/CD

As each traefik-enabled service now has labels that have names to make them unique (eg,traefik.http.routers.wordpress.entrypoints=web) having a stack file with something liketraefik.http.routers.${STACK_NAME}.entrypoints=web,traefik.http.routers.${STACK_NAME}-secured.entrypoints=web-secured is probably worth thinking about so you can do :

export STACK_NAME=wordpressdocker stack deploy -c wordpress.yml ${STACK_NAME}

and tie things together.

Further

Obviously this is avery basic setup. To take this into production you'd be looking at consul for the letsencrypt store, sensible deploy: flags, not giving traefik access
to the docker socket directly etc. But as a 'how on earth do I use v2' I hope it helps someone and saves them having to dig through things for
as long as I did.

Top comments(4)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss
CollapseExpand
 
cyuste profile image
cyuste
QA in daytime, developer in my secret life
  • Joined

thank you, this is just what I needed. Something similar should be in the official docs imo

CollapseExpand
 
padakipavan profile image
padaki-pavan
Finding peace between bits
  • Location
    Bengaluru
  • Work
    Full stack developer at CraterX
  • Joined

That's a good one. I've noticed that traefik has changed a lot in v2, have been struggling myself lately aswell.
Would love to see a production grade setup with traefik.

CollapseExpand
 
ohffs profile image
ohffs
Programmer to sysadmin and back to programmer. Mostly PHP/Python/JS at the moment.
  • Location
    Scotland
  • Joined

I'm going to slowly work through it - I had previously taken a lot from Bret Fisher'sdogvscats traefik example - might be worth a look for you too.

CollapseExpand
 
disturb16 profile image
disturb16
  • Joined

Nice article, well explain and to the point.

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

Programmer to sysadmin and back to programmer. Mostly PHP/Python/JS at the moment.
  • Location
    Scotland
  • Joined

More fromohffs

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account

[8]ページ先頭

©2009-2025 Movatter.jp