Docker Swarm Mode and Distributed Traefik proxy with HTTPS

Intro

Background

Overview

Redundancy

User Interface

How it works

About Consul

Set up environment variables

docker network create --driver=overlay traefik-public
export EMAIL=admin@example.com
export DOMAIN=sys.example.com
export USERNAME=admin
export PASSWORD=changethis
export HASHED_PASSWORD=$(openssl passwd -apr1 $PASSWORD)
echo $HASHED_PASSWORD
$apr1$89eqM5Ro$CxaFELthUKV21DpI3UTQO.
export CONSUL_REPLICAS=3
export CONSUL_REPLICAS=0

It is expected that there be between three to five servers.

export TRAEFIK_REPLICAS=3
export TRAEFIK_REPLICAS=$(docker node ls -q | wc -l)
export TRAEFIK_REPLICAS=1

Create the Docker Compose file

curl -L dockerswarm.rocks/traefik.yml -o traefik.yml
nano traefik.yml
version: '3.3'services:
consul-leader:
image: consul
command: agent -server -client=0.0.0.0 -bootstrap -ui
volumes:
- consul-data-leader:/consul/data
environment:
- CONSUL_BIND_INTERFACE=eth0
- 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}'
networks:
- default
- traefik-public
deploy:
labels:
- traefik.frontend.rule=Host:consul.${DOMAIN}
- traefik.enable=true
- traefik.port=8500
- traefik.tags=${TRAEFIK_PUBLIC_TAG:-traefik-public}
- traefik.docker.network=traefik-public
# Traefik service that listens to HTTP
- traefik.redirectorservice.frontend.entryPoints=http
- traefik.redirectorservice.frontend.redirect.entryPoint=https
# Traefik service that listens to HTTPS
- traefik.webservice.frontend.entryPoints=https
- traefik.frontend.auth.basic.users=${USERNAME}:${HASHED_PASSWORD}
consul-replica:
image: consul
command: agent -server -client=0.0.0.0 -retry-join="consul-leader"
volumes:
- consul-data-replica:/consul/data
environment:
- CONSUL_BIND_INTERFACE=eth0
- 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}'
networks:
- default
- traefik-public
deploy:
replicas: ${CONSUL_REPLICAS:-3}
placement:
preferences:
- spread: node.id
traefik:
image: traefik:v1.7
ports:
- 80:80
- 443:443
deploy:
replicas: ${TRAEFIK_REPLICAS:-3}
placement:
constraints:
- node.role == manager
preferences:
- spread: node.id
labels:
- traefik.frontend.rule=Host:traefik.${DOMAIN}
- traefik.enable=true
- traefik.port=8080
- traefik.tags=traefik-public
- traefik.docker.network=traefik-public
# Traefik service that listens to HTTP
- traefik.redirectorservice.frontend.entryPoints=http
- traefik.redirectorservice.frontend.redirect.entryPoint=https
# Traefik service that listens to HTTPS
- traefik.webservice.frontend.entryPoints=https
- traefik.frontend.auth.basic.users=${USERNAME}:${HASHED_PASSWORD}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: >
--docker
--docker.swarmmode
--docker.watch
--docker.exposedbydefault=false
--constraints=tag==traefik-public
--entrypoints='Name:http Address::80'
--entrypoints='Name:https Address::443 TLS'
--consul
--consul.endpoint="consul-leader:8500"
--acme
--acme.email=${EMAIL}
--acme.storage="traefik/acme/account"
--acme.entryPoint=https
--acme.httpChallenge.entryPoint=http
--acme.onhostrule=true
--acme.acmelogging=true
--logLevel=INFO
--accessLog
--api
networks:
- default
- traefik-public
depends_on:
- consul-leader

volumes:
consul-data-leader:
consul-data-replica:
networks:
traefik-public:
external: true

Deploy it

docker stack deploy -c traefik.yml traefik-consul

Check it

docker stack ps traefik-consul
ID             NAME                              IMAGE           NODE                DESIRED STATE   CURRENT STATE          ERROR   PORT
xvyasdfh56hg traefik-consul_traefik.1 traefik:v1.7 dog.example.com Running Running 1 minute ago
j3ahasdfe0mr traefik-consul_consul-replica.1 consul:latest cat.example.com Running Running 1 minute ago
bfdasdfasr92 traefik-consul_consul-leader.1 consul:latest cat.example.com Running Running 1 minute ago
ofvasdfqtsi6 traefik-consul_traefik.2 traefik:v1.7 snake.example.com Running Running 1 minute ago
tybasdfqdutt traefik-consul_consul-replica.2 consul:latest dog.example.com Running Running 1 minute ago
3ejasdfq2l3g traefik-consul_traefik.3 traefik:v1.7 cat.example.com Running Running 1 minute ago
w0oasdfqsv33 traefik-consul_consul-replica.3 consul:latest snake.example.com Running Running 1 minute ago
docker service logs traefik-consul_traefik

Check the user interfaces

Updating

What’s next

Technical Details

About me

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store