Traefik, Docker, and Let’s Encrypt as your load balancer
To create a load balancer using Traefik and Docker, you can follow the guide below. This guide will walk you through setting up Traefik, Let’s Encrypt, and Docker.
Some assumptions that we have made:
- You have docker installed, and you have some familiarity
- You have some familiarity with Let’s Encrypt
Create a configuration file for Traefik
Create a configuration file for Traefik. This file will specify the settings for your load balancer, such as the ports it should listen on and the backend services it should route traffic to. A sample configuration file might look like this:
# Configuration for Traefik Load Balancer # Enable the web UI and specify the port [api] dashboard = true dashboardPort = 8080 # Enable Docker as a provider [providers.docker] endpoint = "unix:///var/run/docker.sock" exposedByDefault = false # Define entrypoints for HTTP and HTTPS traffic [entryPoints] [entryPoints.http] address = ":80" [entryPoints.https] address = ":443" # Enable ACME (Let's Encrypt) for SSL/TLS certificate management [acme] email = "firstname.lastname@example.org" storage = "acme.json" entryPoint = "https" onHostRule = true [acme.httpChallenge] entryPoint = "http" # Define a default backend for HTTP traffic [backends] [backends.backend1] [backends.backend1.servers] [backends.backend1.servers.server1] url = "http://server1:80" [backends.backend1.servers.server2] url = "http://server2:80" # Define frontends for HTTP and HTTPS traffic [frontends] [frontends.frontend1] backend = "backend1" passHostHeader = true [frontends.frontend1.routes] [frontends.frontend1.routes.route1] rule = "Host: example.com" [frontends.frontend2] backend = "backend1" passHostHeader = true [frontends.frontend2.routes] [frontends.frontend2.routes.route2] rule = "Host: example.com; PathPrefixStrip: /secure" [frontends.frontend2.headers] SSLRedirect = true [frontends.frontend2.tls] [[frontends.frontend2.tls.certificates]] certFile = "path/to/cert.pem" keyFile = "path/to/key.pem"
The example above will run 2 back-end and 2 front-end services; please replace our placeholder names with your values.
Note that this configuration assumes you have already obtained SSL/TLS certificates and stored them in the specified files. Suppose you do not already have SSL/TLS certificates. In that case, you can use Let’s Encrypt to automatically obtain them for you by enabling the ACME (Automatic Certificate Management Environment) feature in your Traefik configuration.
Now that we have Traefik configured, we need to run it in a Docker environment. We prefer docker-compose so we will use that for our example. You can use the following
version: '3' services: traefik: image: traefik:latest restart: always networks: - mynet ports: - "80:80" - "443:443" - "8080:8080" volumes: - /var/run/docker.sock:/var/run/docker.sock - /path/to/traefik.toml:/traefik.toml command: - --api - --api.insecure=true - --providers.docker - --providers.docker.exposedbydefault=false - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --certificatesresolvers.myresolver.acme - --email@example.com - --certificatesresolvers.myresolver.acme.storage=acme.json - --certificatesresolvers.myresolver.acme.httpchallenge service1: image: myservice:latest restart: always labels: - "traefik.enable=true" - "traefik.http.routers.service1.rule=Host(`example.com`)" service2: image: myservice:latest restart: always networks: - mynet labels: - "traefik.enable=true" - "traefik.http.routers.service2.rule=Host(`example.com`); PathPrefix(`/secure`)" - "traefik.http.routers.service2.tls=true" - "traefik.http.routers.service2.tls.certresolver=myresolver"
To start the Traefik container and the backend services using this
docker-compose.yml file, run the following command:
docker-compose up -d
This will start all the defined services in detached mode, in the background. You can check the status of the containers using the
docker-compose ps command. You can also use the
docker-compose logs command to view the log output from the containers.