Dynamically route to new domain?

Mike-the-one · June 18, 2021, 1:43am

Hi, I am wondering is it possible to let Tarefik to route the traffic to a new domain name without restarting docker container?

My understanding is, if I add a new domain, I don't have to restart the tarefik container, but my webserver container has to be restarted, because Tarefik uses the labels to determine which container to route the traffic to, and labels cannot be added unless I restart the container.

So, is there a way to make the route work without restarting webserver container?

thanks

cakiwi · June 18, 2021, 12:38pm

In swarm the labels are on the service, not the container, so if all you are doing is adding a service label then the container should not, nor need to be, restarted.

Mike-the-one · June 21, 2021, 9:31am

Thanks! I will give it a try.

Mike-the-one · June 22, 2021, 8:55pm

This won't work in my scenario, the domains can go up to thousands
I have tarefik 2 in docker swarm, I have a few known sites (domains), I also like to be able to proxy new domains served by one of my containers.

Can i setup a catch all rule so any unmatched URLs go to one service?

thanks

cakiwi · June 23, 2021, 12:13pm

PathPrefix(`/`) is a good one.

Mike-the-one · June 24, 2021, 5:33pm

Thanks... now I am stuck at certificates. I may serve hundreds of new domains, but how to let traefik to request the cert / renew cert for these dynamic domains?

cakiwi · June 24, 2021, 5:39pm

Certificates are requested based on the tls.domains option or the Host rule.

If you're pointing a dns name to traefik then that is the time to update tls.domains or add a Host rule.
Or keep it simple and leave them on http.

https://doc.traefik.io/traefik/https/acme/#domain-definition

Mike-the-one · June 24, 2021, 8:50pm

Thanks @cakiwi unfortunately I do need https, and adding host rules or tls.domains won't work, because it will have a main domain and the rest are SANs, and this only work for max of 100 domains. Also, I assume the certificate will display all these domains, and I don't want this to happen.

I there a way I can write a plugin to get this done?

cakiwi · June 24, 2021, 9:52pm

For hosts rules I believe a new cert will be requested for each host. A SAN requested when a Host rule has multiple hosts Host(`h1.dom.com`,'h2.dom.com`,`h3.dom.net`)

Test it with the LE staging servers.

You're going to have to get the certificate before the client request comes in anyway. So may as well go with a Host rule.

If you were doing it first connect it would likely take too long to complete the ACME challenge before the client timed out and it would become a nice denial of service attack on your LetsEncrypt account.

There are other providers you could use to dynamically create routers and point them to the same service.

Plugins are for providers and middlewares, so I doubt it.

Topic		Replies	Views
Traefik v2, docker, letsencrypt wildcard dns - can domains be specified in dynamic config? Traefik v2 (latest) docker , docker-swarm , letsencrypt-acme	6	1668	September 27, 2019
Traefik on Docker Swarm: factorise router/service redundant labels Traefik v2 (latest) docker-swarm	1	184	May 2, 2023
Setup a router in toml on docker-swarm Traefik v2 (latest) docker-swarm	0	279	March 20, 2020
Not clear about the traefik doc Traefik v2 (latest) docker-swarm	4	436	September 6, 2020
General way to get https Traefik v2 (latest) docker , docker-swarm	3	447	October 16, 2020

Dynamically route to new domain?

Related Topics