In modern cloud-native applications, containerization has become the standard way of packaging and deploying applications. Docker, a popular containerization technology, has gained widespread adoption due to its ability to simplify the application deployment process and increase the scalability and portability of applications.

However, managing and scaling containerized applications can be challenging, especially when handling incoming traffic and routing it to the appropriate backend service. Traefik, an open-source reverse proxy and load balancer, comes in here.

In this blog post, we will explore how Traefik can be used to solve our Docker container reverse proxying needs, and we will cover some of the key benefits of using Traefik in a containerized environment.

What is Traefik?

Traefik is a lightweight, flexible reverse proxy and load balancer designed specifically for microservice-based architectures. It was built to be highly scalable and handle dynamic and constantly changing environments, such as cloud-native applications.

Traefik provides several key features, making it a great choice for managing incoming traffic to containerized applications. Some of its key features are:

  • Service Discovery: Traefik can automatically discover new backend services as they are deployed, making it easy to scale up and down.
  • Dynamic Configuration: It can automatically adjust its routing rules based on changes to the backend infrastructure, making it easy to manage highly dynamic environments.
  • Automatic SSL Certificate Management: It can automatically generate and manage SSL certificates for HTTPS traffic, eliminating the need for manual certificate management.
  • Real-time Monitoring and Logging: Traefik provides real-time monitoring and logging of incoming traffic, making it easy to debug and troubleshoot issues.

Traefik also supports multiple backend platforms, including Docker, Kubernetes, and several cloud providers, such as AWS, Azure, and Google Cloud. This makes it a versatile and flexible tool that can be used in various containerized environments.

Setup Traefik

We will need a docker-compose file and some configs for the setup. Use the ones provided below.

Save the below file as docker-compose.yml,

version: '3.3'
services:
    traefik:
        volumes:
            - '/var/run/docker.sock:/var/run/docker.sock'
            - '$PWD/traefik.toml:/etc/traefik/traefik.toml'
            - '$PWD/traefik_dynamic.toml:/etc/traefik/traefik_dynamic.toml'
        ports:
            - '80:80'
            - '443:443'
        network_mode: web
        container_name: traefik
        image: 'traefik:v2.9'
        networks:
          - web
networks:
  web:
  	name: web
Traefik Docker Compose

Save the following as traefik.toml,

[entryPoints]
  [entryPoints.web]
    address = ":80"
  [entryPoints.websecure]
    address = ":443"

[api]
  dashboard = true
  insecure = true


[providers.docker]
  watch = true
  network = "web"

[providers.file]
  filename = "/etc/traefik/traefik_dynamic.toml"
Traefik Config

Save the following as traefik_dynamic.toml,

[http.middlewares.simpleAuth.basicAuth]
  users = [
    "username:password-hash"
  ] 

[http.routers.api]
  rule = "Host(`example.com`)"
  entrypoints = ["web","websecure"]
  middlewares = ["simpleAuth"]
  service = "api@internal"
Dynamic Traefik Config
💡
To generate the user:password-hash pair use the following command:
htpasswd -nB admin

Now run the command below,

docker compose up -d

The Traefik container will be up and running.

Setup Containers to Use Traefik

To configure a Docker container to work with Traefik, we must specify the necessary Docker labels on the container image. Here is an example Dockerfile that specifies the necessary labels. Save it as Dockerfile.

FROM nginx:latest

LABEL "traefik.enable"="true"
LABEL "traefik.http.routers.nginx.rule"="Host(`example.com`)"
LABEL "traefik.http.routers.nginx.entrypoints"="http"
Example: Dockerfile with Labels

In this example, we use the official Nginx Docker image as our backend service and specify the necessary Traefik labels.

  • The first label, "traefik.enable"="true" tells Traefik to enable this container as a backend service.
  • The second label, "traefik.http.routers.nginx.rule"="Host('example.com')" tells Traefik to route incoming traffic for the example.com hostname to this container.
  • The third label, "traefik.http.routers.nginx.entrypoints"="http" tells Traefik to use the http entry point for this container.

Once we have our Traefik configuration file and Docker labels in place, we can deploy our Docker container.

Build the container using the command,

docker build -t traefik-demo:v1 . -f Dockerfile

Now run it using the command,

docker run -p 8081:80 -t traefik-demo:v1

Now, Traefik will automatically discover it with the help of the labels we provided and route incoming traffic to it.

In Summary,

Traefik provides a powerful and flexible solution for managing incoming traffic to Docker containers. Its dynamic configuration, automatic container discovery, and load balancing capabilities make it a great choice for managing highly dynamic and scalable containerized environments.

Additionally, features like SSL certificate management and real-time monitoring and logging make securing and troubleshooting Docker containers easy.

Conclusion

In this blog, we learned about Traefik, performed the necessary setup and configured it to act as a reverse proxy for an Nginx container. In future blogs, we will learn some advanced things that can be done with Traefik.

Please comment below if you have any queries, I try to update this article periodically to ensure legibility.