Opinions & Best practice pls - Multiple docker/non-docker hosts

Hii!!
I'm learning and experimenting with Traefik a few years by now but i still consider my self a weak beginner. My hobby is my budget home lab and i recommend Traefik every time.

  • So i decided to fix the terrible state of my services - each service in its own single LXC, using up like 50 IP addresses... - to bundle in to a handful of docker hosts and 2-3 non-docker instances.
    Because I'm at the very start of the process i would love to have some of your opinions and experiences where should i even start?
    What is the best way to expose multiple docker/non-docker hosts?

My limitations:

  • 1 domain with wildcard certs, 1 WAN IP address
    My needs:
  • Somewhat futureproof & simple solution
  • Traefik routing to all my services(primary docker host is already up and running perfectly)
  • TLS pastrough works(managed to spin up a secondary traefik instance on an other device, but when i add even 1 service the primary traefik instance breaks 8)

I seen some suggesting TCP passthrough, some say use docker swarm or some discovery services, and some say its out right impossible.

Sorry for my vague start but atm cant even ask the right questions in this topic, but im sure you understand my idea. TY

If you want to use multiple hosts and want automatic configuration of target services, then you should probably look at Docker Swarm or k8s/k3s.

We are happy users of Docker Swarm, as we don't have people to manage k8s/k3s, check simple Traefik Swarm example.


You can use TLS on multiple Traefik instances behind each other, try tlsChallenge on first and httpChallenge on second.


Note that open source Traefik is not cluster-enabled, so you can't really run multiple instances in parallel (on the same level) using integrated LetsEncrypt.

Workaround would be dnsChallenge per instance, but be aware of the hard LetsEncrypt limits. You can issue a cert 5 times a week.

If you run 3 Traefik instances and have not persisted the 3 certs correctly, then you will get only 2 new, one instance will be without. Or you use a different tool like certbot and just supply the certs manually.

3 Likes

BIG Ty for your directions.
Seems like i have to learn Docker swarm.
Mix in certbot certs staging and change to production only when all instances finalized.
Ty

Note that Docker Swarm has some important differences to Docker:

  • Volumes are not automatically shared across nodes
  • Bind mount folders on host are not automatically created

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.