Traefik – open-source load balancer

Traefik, Docker, and Let’s Encrypt as your load balancer

To create a load balancer using Traefik and Docker, you can follow the guide below. This guide will walk you through setting up Traefik, Let's Encrypt, and Docker.
To create a load balancer using Traefik and Docker, you can follow the guide below. This guide will walk you through setting up Traefik, Let’s Encrypt, and Docker.

To create a load balancer using Traefik and Docker, you can follow the guide below. This guide will walk you through setting up Traefik, Let’s Encrypt, and Docker.

Some assumptions that we have made:

  • You have docker installed, and you have some familiarity
  • You have some familiarity with Let’s Encrypt

Create a configuration file for Traefik

Create a configuration file for Traefik. This file will specify the settings for your load balancer, such as the ports it should listen on and the backend services it should route traffic to. A sample configuration file might look like this:

# Configuration for Traefik Load Balancer

# Enable the web UI and specify the port
[api]
  dashboard = true
  dashboardPort = 8080

# Enable Docker as a provider
[providers.docker]
  endpoint = "unix:///var/run/docker.sock"
  exposedByDefault = false

# Define entrypoints for HTTP and HTTPS traffic
[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"

# Enable ACME (Let's Encrypt) for SSL/TLS certificate management
[acme]
  email = "your@email.com"
  storage = "acme.json"
  entryPoint = "https"
  onHostRule = true
  [acme.httpChallenge]
  entryPoint = "http"

# Define a default backend for HTTP traffic
[backends]
  [backends.backend1]
    [backends.backend1.servers]
      [backends.backend1.servers.server1]
        url = "http://server1:80"
      [backends.backend1.servers.server2]
        url = "http://server2:80"

# Define frontends for HTTP and HTTPS traffic
[frontends]
  [frontends.frontend1]
    backend = "backend1"
    passHostHeader = true
    [frontends.frontend1.routes]
      [frontends.frontend1.routes.route1]
        rule = "Host: example.com"
  [frontends.frontend2]
    backend = "backend1"
    passHostHeader = true
    [frontends.frontend2.routes]
      [frontends.frontend2.routes.route2]
        rule = "Host: example.com; PathPrefixStrip: /secure"
    [frontends.frontend2.headers]
      SSLRedirect = true
    [frontends.frontend2.tls]
      [[frontends.frontend2.tls.certificates]]
      certFile = "path/to/cert.pem"
      keyFile = "path/to/key.pem"

The example above will run 2 back-end and 2 front-end services; please replace our placeholder names with your values.

Note that this configuration assumes you have already obtained SSL/TLS certificates and stored them in the specified files. Suppose you do not already have SSL/TLS certificates. In that case, you can use Let’s Encrypt to automatically obtain them for you by enabling the ACME (Automatic Certificate Management Environment) feature in your Traefik configuration.

Docker Compose

Now that we have Traefik configured, we need to run it in a Docker environment. We prefer docker-compose so we will use that for our example. You can use the following docker-compose.yml file

version: '3'
services:
  traefik:
    image: traefik:latest
    restart: always
    networks:
      - mynet
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /path/to/traefik.toml:/traefik.toml
    command:
      - --api
      - --api.insecure=true
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.myresolver.acme
      - --certificatesresolvers.myresolver.acme.email=your@email.com
      - --certificatesresolvers.myresolver.acme.storage=acme.json
      - --certificatesresolvers.myresolver.acme.httpchallenge

  service1:
    image: myservice:latest
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.service1.rule=Host(`example.com`)"
  service2:
    image: myservice:latest
    restart: always
    networks:
      - mynet
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.service2.rule=Host(`example.com`); PathPrefix(`/secure`)"
      - "traefik.http.routers.service2.tls=true"
      - "traefik.http.routers.service2.tls.certresolver=myresolver"

To start the Traefik container and the backend services using this docker-compose.yml file, run the following command:

docker-compose up -d

This will start all the defined services in detached mode, in the background. You can check the status of the containers using the docker-compose ps command. You can also use the docker-compose logs command to view the log output from the containers.

Similar Blog Posts

Troubleshooting the “ssh: handshake failed” Error on Ubuntu 22

Newer versions of Ubuntu and other operating systems have moved away from using ssh-rsa as…

Stop using the AWS key and secret on your EC2 instances

Using instance profiles is a better option for authenticating access to AWS resources. An instance…