Hi,
I have server that is already running a traefik container as a part of an application(APP1) with multiple supporting containers of other microservices in docker-compose.
services:
traefik:
image: traefik:v2.0
command:
- --api.insecure=true
- --api.dashboard=false
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --accesslog=true
- --log.level=DEBUG
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
Now I want use that same server for another application(APP2) and spin up another traefik container with a small webservice in a way that traffic is completely isolated from APP1. I was able to do it by changing http and web ports as done below. But in this case the dashboard are same on http://localhost:8080/dashboard/#/ and http://localhost:8081/dashboard/#/ . APP1 dashboard can see the services on APP2 and vice-versa.
services:
traefik:
image: traefik:v2.0
command:
- --api.insecure=true
- --api.dashboard=false
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --accesslog=true
- --log.level=DEBUG
ports:
- "81:80"
- "8081:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
So how can I isolate both traefik containers and is this a reasonable approach?
Thanks
ldez
November 22, 2019, 2:15am
2
What's your real goal? What do you mean by isolate traffic?
Because with your configuration there are already some security or isolation issues:
no HTTPS
the API is exposed without any security
one server
I'm not sure about what do you want to do but I can show you how to use 2 Traefik on 1 server by using constraints .
services:
traefik1:
image: traefik:v2.0.5
command:
- --api
- --entryPoints.web.address=:80
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --providers.docker.constraints=Label(`my.zone`, `zone1`)
# - --accesslog=true
- --log.level=INFO
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
my.zone: zone1
traefik.enable: true
traefik.http.routers.api.rule: Host(`zone1.dashboard.localhost`)
traefik.http.routers.api.entrypoints: web
traefik.http.routers.api.service: api@internal
whoami1:
image: containous/whoami
labels:
my.zone: zone1
traefik.enable: true
traefik.http.routers.myservice.rule: Host(`app1.localhost`)
traefik.http.routers.myservice.entrypoints: web
######################
traefik2:
image: traefik:v2.0.5
command:
- --api
- --entryPoints.web.address=:81
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --providers.docker.constraints=Label(`my.zone`, `zone2`)
# - --accesslog=true
- --log.level=INFO
ports:
- "81:81"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
my.zone: zone2
traefik.enable: true
traefik.http.routers.api.rule: Host(`zone2.dashboard.localhost`)
traefik.http.routers.api.entrypoints: web
traefik.http.routers.api.service: api@internal
whoami2:
image: containous/whoami
labels:
my.zone: zone2
traefik.enable: true
traefik.http.routers.myservice.rule: Host(`app2.localhost`)
traefik.http.routers.myservice.entrypoints: web