Ingress and external redirection at the same time

Traefik Traefik v2 (latest)
1

Hey guys, I have the following setup and I'm trying to accomplish haproxy-like roundrobin loadbalaincing:

Server_1: It has traefik hosted on it (in docker container) working in an bridged network (called 'ext') and exposed ports 80 and 443. I have apache service working on the same node in docker container in the same 'ext' network with no ports exposed (as it's communicating with traefik over the bridged docker network).

Server_2: It has an apache service running in a docker container with port 8080 exposed.

I want to accomplish haproxy-like roundrobin loadbalancing between the two services while keeping it as simple as possible. I'm not sure how this should work out as the apache service on Server_1 is ingress and the apache service on Server_2 is an external one. I'm trying to accomplish this with a simple docker-compose file that looks like this:

version: '3.9'
services:
  apache:
    image: httpd:latest
    container_name: apache
    networks:
    - ext
    volumes:
    - /home/user1/apache/app:/usr/local/apache2/htdocs
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.apache-lb0.rule=Host(`apache.mywebsite.com`)"
      - "traefik.http.routers.apache-lb0.service=apache"
      - "traefik.http.routers.apache-lb0.entrypoints=http"
      - "traefik.http.services.apache-lb0.loadbalancer.server.port=80"
      - "traefik.http.services.apache-lb0.loadbalancer.server.scheme=h2c"
      - "traefik.http.routers.apache-lb1.rule=Host(`apache.mywebsite.com`)"
      - "traefik.http.routers.apache-lb1.service=apache"
      - "traefik.http.services.apache-lb1.loadbalancer.server.url=http://10.0.0.205:8080"
      - "traefik.docker.network=ext"
networks:
  external:
    ext: true

Traefik doesn't return any error, but it only serves content from my local server (Server_1) and it doesn't seem to reach Server_2. Is it possible to achieve the thing I want here, or it would be better using docker swam or k8s?

2

Hi @joniop,
Thanks for your interest in Traefik.

Your use case should be doable. What I see is that the second load balancers is defined with a server.
When using Traefik docker provider and labels, it is not possible to define the server pointed by the load balancer. It always uses the container as server endpoint, and defining a custom one is just ignored. I suggest you to use the file provider to implement your use case.

Let me know if it helps.

Thanks,
Maxence

1 Like
3

Thank you for your suggestion @moutoum, but I think I'm doing something wrong. This is how my docker-compose looks like now:

version: '3.9'
services:
  apache:
    image: httpd:latest
    container_name: apache
    networks:
    - ext
    volumes:
    - /home/user1/apache/app:/usr/local/apache2/htdocs
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=ext"
    command:
      - "--providers.file.filename=/home/user1/apache/dynamic-conf.yml"
      - '--providers.docker=true'

networks:
  external:
    ext: true

And this is how my dynamic-conf.yml looks like:

http:
  routers:
    apache-lb0:
      entrypoints:
        - http
      middlewares:
        - apache-https-redirect
      rule: Host(`apache.mywebsite.com`)
    apache-secure:
      entrypoints:
        - https
      rule: Host(`apache.mywebsite.com`)
      tls: true
      service: apache
  http:
  services:
    apache-secure:
      loadBalancer:
        servers:
        - url: "http://apache:80"
        - url: "http://10.0.0.205:8080

Here I'm trying to add an HTTPS to secure my service, but I'm getting 404, so I'm doing something wrong obviously. Can you point out the mistake to me?

4

Thanks for sharing me your configuration.

  • The commands should be on the Traefik container.
  • In your dynamic configuration, there is a http key in the http key. It should be http.services.apache-secure.... and not http.http.services.apache-secure.....
  • Again, in your dynamic configuration, the service used by your router is apache, but I think you are looking for the apache-secure service configured just after.
1 Like
5

Thank you for the clarification. Just to make sure, should I keep the labels in the docker-compose file of the apache service?

labels:
      - "traefik.enable=true"
      - "traefik.docker.network=ext"
6

Ok, after a little bit of tinkering here and there, I've found the solution. Firstly, the labels on the container above were not needed. And here's how the providers file looks like for me now:

http:
  routers:
    apache:
      entryPoints:
        - http
      middlewares:
        - httpsRedirect
      service: apache
      rule: Host(`apache.mywebsite.com`)
    apache-secure:
      entryPoints:
        - https
      service: apache
      rule: Host(`apache.mywebsite.com`)
      tls: {}

  middlewares:
    httpsRedirect:
      redirectScheme:
        scheme: https
        permanent: true

  services:
    apache:
      loadBalancer:
        servers:
          - url: http://apache:80
          - url: http://10.0.0.205:8080

Thanks a lot for the help @moutoum , appreciate it :slight_smile:

1 Like
7

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.