Traefik, Docker, and Let’s Encrypt as your load balancer
To create a load balancer using Traefik and Docker, you can follow the guide below. This guide will walk you through setting up Traefik, Let’s Encrypt, and Docker.
Some assumptions that we have made:
- You have docker installed, and you have some familiarity
- You have some familiarity with Let’s Encrypt
Create a configuration file for Traefik
Create a configuration file for Traefik. This file will specify the settings for your load balancer, such as the ports it should listen on and the backend services it should route traffic to. A sample configuration file might look like this:
# Configuration for Traefik Load Balancer
# Enable the web UI and specify the port
[api]
dashboard = true
dashboardPort = 8080
# Enable Docker as a provider
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
exposedByDefault = false
# Define entrypoints for HTTP and HTTPS traffic
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
# Enable ACME (Let's Encrypt) for SSL/TLS certificate management
[acme]
email = "your@email.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
# Define a default backend for HTTP traffic
[backends]
[backends.backend1]
[backends.backend1.servers]
[backends.backend1.servers.server1]
url = "http://server1:80"
[backends.backend1.servers.server2]
url = "http://server2:80"
# Define frontends for HTTP and HTTPS traffic
[frontends]
[frontends.frontend1]
backend = "backend1"
passHostHeader = true
[frontends.frontend1.routes]
[frontends.frontend1.routes.route1]
rule = "Host: example.com"
[frontends.frontend2]
backend = "backend1"
passHostHeader = true
[frontends.frontend2.routes]
[frontends.frontend2.routes.route2]
rule = "Host: example.com; PathPrefixStrip: /secure"
[frontends.frontend2.headers]
SSLRedirect = true
[frontends.frontend2.tls]
[[frontends.frontend2.tls.certificates]]
certFile = "path/to/cert.pem"
keyFile = "path/to/key.pem"
The example above will run 2 back-end and 2 front-end services; please replace our placeholder names with your values.
Note that this configuration assumes you have already obtained SSL/TLS certificates and stored them in the specified files. Suppose you do not already have SSL/TLS certificates. In that case, you can use Let’s Encrypt to automatically obtain them for you by enabling the ACME (Automatic Certificate Management Environment) feature in your Traefik configuration.
Docker Compose
Now that we have Traefik configured, we need to run it in a Docker environment. We prefer docker-compose so we will use that for our example. You can use the following docker-compose.yml
file
version: '3'
services:
traefik:
image: traefik:latest
restart: always
networks:
- mynet
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /path/to/traefik.toml:/traefik.toml
command:
- --api
- --api.insecure=true
- --providers.docker
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --certificatesresolvers.myresolver.acme
- --certificatesresolvers.myresolver.acme.email=your@email.com
- --certificatesresolvers.myresolver.acme.storage=acme.json
- --certificatesresolvers.myresolver.acme.httpchallenge
service1:
image: myservice:latest
restart: always
labels:
- "traefik.enable=true"
- "traefik.http.routers.service1.rule=Host(`example.com`)"
service2:
image: myservice:latest
restart: always
networks:
- mynet
labels:
- "traefik.enable=true"
- "traefik.http.routers.service2.rule=Host(`example.com`); PathPrefix(`/secure`)"
- "traefik.http.routers.service2.tls=true"
- "traefik.http.routers.service2.tls.certresolver=myresolver"
To start the Traefik container and the backend services using this docker-compose.yml
file, run the following command:
docker-compose up -d
This will start all the defined services in detached mode, in the background. You can check the status of the containers using the docker-compose ps
command. You can also use the docker-compose logs
command to view the log output from the containers.