Installing Traefik with Docker
Installing Traefik
Traefik is a modern, efficient, and highly flexible reverse proxy and load balancer. It is a popular choice among developers for managing microservices due to its seamless integration with Docker and other container orchestrators. This blog will guide you through installing and configuring Traefik using Docker
Why Use Traefik?
Dynamic Configuration: Automatically discovers services and updates routes without manual configuration.
SSL Management: Built-in support for Let’s Encrypt for automatic SSL certificate generation and renewal.
Dashboard: A user-friendly interface to monitor services and routes.
Integrations: Compatible with Docker, Kubernetes, and other container orchestrators.
Prerequisites
Before diving into the installation, ensure you have the following:
- Docker Installed
- Docker Compose Installed
For reference, the following folder structure was used:
1
2
3
4
5
6
7
8
./traefik
├── config
│ └── traefik.yml
├── data
│ └── certs
│ └── cloudflare-acme.json
└── .env
└── docker-compose.yml
Create a Directory for Traefik Configuration
First, create a directory to store Traefik’s configuration files
1
mkdir traefik && cd traefik
create docker compose file and add contents
1
2
touch docker-compose.yaml
nano docker-compose.yaml
Docker Compose Contents docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
---
services:
traefik:
image: traefik:v3.2
container_name: traefik
ports:
- 80:80
- 443:443
volumes:
- /run/docker.sock:/run/docker.sock:ro
- ./config/traefik.yaml:/etc/traefik/traefik.yaml:ro
- ./data/certs/:/var/traefik/certs/:rw
environment:
- CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
labels:
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik.tls.domains[0].main=local.ahmedbouayed.tn"
- "traefik.http.routers.traefik.tls.domains[0].sans=*.local.ahmedbouayed.tn"
- "traefik.http.routers.traefik.service=api@internal"
networks:
- proxy
restart: unless-stopped
networks:
proxy:
external: true
create .env file
1
2
touch .env
nano .env
.env contents
1
CF_DNS_API_TOKEN = XXXXX
config folder
1
mkdir config && cd config
Traefik Config
1
2
touch traefik.yaml
nano traefik.yaml
traefik.yaml contents
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
global:
checkNewVersion: false
sendAnonymousUsage: false
# accessLog: {}
log:
level: DEBUG
api:
dashboard: false
# insecure: true
# debug: false
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
certificatesResolvers:
cloudflare:
acme:
email: "bou3a.ahmed1999@gmail.com"
storage: /var/traefik/certs/cloudflare-acme.json
caServer: "https://acme-v02.api.letsencrypt.org/directory"
#caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
serversTransport:
insecureSkipVerify: true
providers:
docker:
exposedByDefault: false
endpoint: 'unix:///var/run/docker.sock'
create folder data
1
2
3
4
mkdir data
cd data
touch cloudflare-acme.json
chmod 600 cloudflare-acme.json
Create a Docker Network
1
docker network create proxy
Start the stack
1
docker-compose up -d --force-recreate
deployement app
contents docker-compose.yaml nginx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
services:
nginx:
container_name: nginx
image: nginx:latest
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=cloudflare
- traefik.http.routers.traefik.entrypoints=websecure
- traefik.http.routers.traefik.rule=Host(`nginx.local.ahmedbouayed.tn`)
restart: unless-stopped
networks:
proxy:
external: true
DNS
Add DNS Record
1
*.local.ahmedbouayed.tn IN A 192.168.10.118
run application
1
docker-compose up -d
Troubleshooting
Common ways to troubleshoot
1
2
3
docker ps
docker logs traefik
docker exec -it traefik /bin/sh
DNS
1
nslookup app.local.example.com