Thursday, August 2, 2018

Docker Guide: Installing Traefik - a Modern Reverse Proxy for Microservices

https://www.howtoforge.com/tutorial/ubuntu-docker-traefik-proxy

Traefik is a modern HTTP reverse proxy and load balancer for microservices. Traefik makes all microservices deployment easy, integrated with existing infrastructure components such as Docker, Swarm Mode, Kubernetes, Amazon ECS, Rancher, Etcd, Consul etc.
Traefik serves as a router for all your microservices applications, routing all client requests to correct microservices destination.
In this tutorial, I will show you step by step how to install and configure Traefik modern reverse proxy as a Docker container on Ubuntu 18.04 LTS (Bionic Beaver).

Prerequisites

  • Ubuntu 18.04
  • Root privileges

What we will do?

  1. Install Docker on Ubuntu 18.04
  2. Install Docker Compose
  3. Create Custom Docker Network
  4. Install and Configure Traefik
  5. Testing

Step 1 - Install Docker on Ubuntu 18.04

For this guide, we will be using the latest docker version that can be installed from the official docker repository.
Add the docker key and repository using the command below.
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
The 'add-apt-repository' command will automatically update all repositories.
Install Docker on Ubuntu
Now install the latest docker-ce.
sudo apt install docker-ce
After the installation is complete, start the docker service and enable it to launch everytime at system boot.
systemctl start docker
systemctl enable docker
The docker community-edition has been installed on Ubuntu 18.04 system, check the installed docker version.
docker version
Check docker version

Additional: Running Docker for non-root user

Docker container can be run under the non-root user. We just need to add the user to the docker group.
Add 'mohammad' user.
useradd -m -s /bin/bash mohammad
Now add the 'mohammad' user to the docker group, then restart the docker service.
usermod -a -G docker mohammad
systemctl restart docker
Test by running the docker hello-world.
docker run -it hello-world
And following is the result.
Running Docker for non-root user

Step 2 - Install Docker Compose

Docker-Compose is a command line tool for defining and managing multi-container docker applications.
Docker Compose is a python script, it can be installed with the python pip command or with the apt command from Ubuntu repository easily. With compose, we can run multiple Docker containers with a single command.
Install docker compose from the repository using the apt command below.
sudo apt install docker-compose
After the installation is complete, check the docker compose version.
docker-compose version
The docker compose 1.17 has been installed on Ubuntu 18.04.
Install Docker Compose

Step 3 - Create Custom Docker Network

In this tutorial, the traefik container will be running on the docker custom network. So we need to create a new docker custom network on the server.
Check the available docker network on the system.
docker network ls
Now create a new custom network named 'proxy' for the traefik container.
docker network create proxy
And you will get a random string of the network container name. Check again the available network.
docker network ls
Shown below is the result.
Create Custom Docker Network
The custom docker network named 'proxy' for traefik has been created.

Step 4 - Install and Configure Traefik Reverse Proxy

In this step, we will create the traefik container with HTTPS letsencrypt enabled (using a domain name 'traefik.hakase-labs.io), and automatically redirect HTTP to HTTPS on traefik.

Traefik Pre-Installation

Before creating all traefik configuration, we need to install 'apache2-utils' for generating the encrypted htpasswd password and creating the new traefik directory.
Install 'apache2-utils' using the apt command below.
sudo apt install apache2-utils -y
Now run the htpasswd command below to generate a new password for traefik dashboard authentication.
htpasswd -nb mohammad password
Keep the result in your note.
mohammad:$apr1$hEgpZUN2$OYG3KwpzI3T1FqIg9LIbi.
Install and Configure Traefik Reverse Proxy
Next, login to the 'mohammad' user.
su - mohammad
Create a new directory named 'traefik' for all traefik configuration.
mkdir -p traefik/
cd traefik/

Create Traefik Configuration

Go to the 'traefik' directory and create a new configuration file 'traefik.toml' using vim editor.
cd traefik/
vim traefik.toml
Paste the configuration below.
#Traefik Global Configuration
debug = false
checkNewVersion = true
logLevel = "ERROR"

#Define the EntryPoint for HTTP and HTTPS
defaultEntryPoints = ["https","http"]

#Enable Traefik Dashboard on port 8080
#with basic authentication method
#mohammad and password
[web]
address = ":8080"
[web.auth.basic]
users = ["mohammad:$apr1$hEgpZUN2$OYG3KwpzI3T1FqIg9LIbi."]

#Define the HTTP port 80 and
#HTTPS port 443 EntryPoint
#Enable automatically redirect HTTP to HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]

#Enable retry sending a request if the network error
[retry]

#Define Docker Backend Configuration
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "traefik.hakase-labs.io"
watch = true
exposedbydefault = false

#Letsencrypt Registration
#Define the Letsencrypt ACME HTTP challenge
[acme]
email = "hakaselabs@gmail.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
  [acme.httpChallenge]
  entryPoint = "http"
Save and exit.
Note:
All information about the configuration is in the comment section '#...'.

Create Traefik Docker Compose Script

Now create the docker-compose yml script.
vim docker-compose.yml
Paste the configuration below.
version: '3'

services:

  traefik:
    image: traefik:latest
    command: --docker --docker.domain=hakase-labs.io
    ports:
      - 80:80
      - 443:443
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.toml:/traefik.toml
      - ./acme.json:/acme.json
    labels:
      - "traefik.frontend.rule=Host:traefik.hakase-labs.io"
      - "traefik.port=8080"
    container_name: traefik
    restart: always

networks:
  proxy:
    external: true
Save and exit.
Note:
  1. We're creating a new container named 'traefik' based on the 'traefik:latest' docker image.
  2. The 'traefik' container will be running on the custom docker network named 'proxy' and expose external ports HTTP 80 and HTTPS 443.
  3. The container will mount traefik configuration 'traefik.toml' and 'acme.json', including the docker sock file.
  4. Label configuration for traefik, the frontend domain name, and the traefik port.

Letsencrypt ACME Configuration

The acme configuration on 'traefik.toml' is used for automatically generate the SSL letsencrypt. And it's required for the storage file 'acme.json'.
Create a new JSON file 'acme.json' and change the permission to '600'.
touch acme.json
chmod 600 acme.json
All logs about SSL letsencrypt info will be saved in the file.

Build Traefik Container

Now we're ready to build our own traefik container using the above configuration files.
cd traefik/
ls -lah
All configuration 'traefik.toml', 'docker-compose.yml', and 'acme.json' files.
Build Traefik Container
Build the container using docker compose command below.
docker-compose up -d
Build the container using docker compose
When it's complete, check the running container.
docker-compose ps
And you will get the Traefik container up and running, expose the external ports HTTP and HTTPS.
Traefik container up and running

Step 5 - Testing

Open your web browser and type the traefik domain name on the address bar. Mine is:
http://traefik.hakase-labs.io/
You will be redirected to the HTTPS connection and will be asked for the username and password authentication.
Password based authentication
Log in with the user 'mohammad' and password is 'password'.
And you will get the Traefik dashboard as below.
Traefik Dashboard
Traefik Health status page.
Traefik Health status page
Traefik modern HTTP reverse-proxy has been installed as a Docker container on Ubuntu 18.04.

Reference

No comments:

Post a Comment