How to connect two traefik in local area network? I tried, but it's not work

Traefik Traefik v3 (latest)
1

Here is the case, I have two traefik instance, one is listen on 80 port, another listen on 810 port

When 80 port got a request where domain is aaa.domain.com, I want to send all traffic to 810 port

Here is my code:

first 80 instance

docker compose config:

version: "3.9"

services:
  traefik:
    image: "traefik:v3.0.0-beta2"
    network_mode: "host"        
    command:
      - "--accesslog=true"
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.file.directory=/traefik_dynamic_configs"
      - "--providers.file.watch=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
    ports:
      - "80:80"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./configs/traefik_dynamic_configs:/traefik_dynamic_configs" # <== Volume for dynamic conf file
    restart: unless-stopped

dynamic config

tcp:
  routers:
    next_traefik_router:
      entryPoints:
        - web
      rule: "HostSNI(`*`)"
      service: next_traefik_service
  services:
    next_traefik_service:
      loadBalancer:
        servers:
          - address: 127.0.0.1:810

second 810 instance

docker config:

version: "3.9"

services:
  traefik:
    image: "traefik:v3.0.0-beta2" #"traefik:v2.9.6"
    container_name: "traefik"
    command:
      - "--accesslog=true"
      # - "--accessLog.filePath=/tmp/traefik_log.txt"
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.file.directory=/traefik_dynamic_configs"
      - "--providers.file.watch=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.smtp.address=:25"
    ports:
      - "810:80"
      - "25:25"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./configs/traefik_dynamic_configs:/traefik_dynamic_configs" # <== Volume for dynamic conf file
    restart: unless-stopped

dynamic config:

tcp:
  routers:
    smtp_router:
      entryPoints:
        - smtp
      rule: "HostSNI(`*`)"
      service: smtp_service
  services:
    smtp_service:
      loadBalancer:
        servers:
          - address: weloveparty_account_auth_service:25

I do this simply because, some of my old project uses traefik, but I don't want to modify it, I just want to send some new sub-domain request to the old traefik instance.

Some people say this is a 'transparent send' feature. Does traefik have it or not?

2

I just solved this problem, not for TCP, but for http.

http:
  routers:
    next_traefik_router:
      entryPoints:
        - web
        - websecure
      # rule: "!Host(`alternatives.ai-tools-online.xyz`)"
      rule: "HostRegexp(`(.*)weloveparty(.*)`)"
      service: next_traefik_service
    its_alternative_router_for_visitor_operations:
      entryPoints:
        - web
        - websecure
      # rule: "(Host(`alternatives.ai-tools-online.xyz`) || Host(`alternatives.domain.local`)) && PathPrefix(`/it_has_alternatives/`)"
      rule: "Host(`alternatives.ai-tools-online.xyz`) || Host(`alternatives.domain.local`)"
      middlewares:
        - cros_allow_all
      service: backend_service_for_visitor
    its_alternative_router_for_admin_operations:
      entryPoints:
        - web
        - websecure
      rule: "Host(`admin_alternatives.ai-tools-online.xyz`) || Host(`admin_alternatives.domain.local`)"
      middlewares:
        - cros_allow_all
        - my_admin_jwt_auth
      service: backend_service_for_admin

  middlewares:
    cros_allow_all:
      headers:
        accessControlAllowMethods: "*"
        accessControlAllowHeaders: "*"
        accessControlAllowOriginList: "*"
        accessControlMaxAge: 100
        addVaryHeader: true
    my_grpcweb:
      grpcWeb:
        allowOrigins:
          - "*"
    my_jwt_auth:
        forwardAuth:
          # address: "http://it_has_alternatives:5550/v1/jwt_auth_gateway/"
          address: "http://127.0.0.1:5550/v1/jwt_auth_gateway/"
          authResponseHeaders:
              - "email" # jwt_auth_gateway will put this header to the original request
    my_admin_jwt_auth:
        forwardAuth:
          # address: "http://it_has_alternatives:5550/v1/admin_jwt_auth_gateway/"
          address: "http://127.0.0.1:5550/v1/admin_jwt_auth_gateway/"
          authResponseHeaders:
              - "email" # jwt_auth_gateway will put this header to the original request

  services:
    next_traefik_service:
      loadBalancer:
        servers:
          - url: http://127.0.0.1:810
    backend_service_for_visitor:
      loadBalancer:
        servers:
          # - url: http://it_has_alternatives:5551
          - url: http://127.0.0.1:5551
        passHostHeader: true
    backend_service_for_admin:
      loadBalancer:
        servers:
          # - url: http://it_has_alternatives:5552
          - url: http://127.0.0.1:5552
        passHostHeader: true
3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.