Running multiple traefik containers on same server?

Hi,
I have server that is already running a traefik container as a part of an application(APP1) with multiple supporting containers of other microservices in docker-compose.

services:
  traefik:
    image: traefik:v2.0
    command: 
      - --api.insecure=true 
      - --api.dashboard=false
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      - --accesslog=true 
      - --log.level=DEBUG
    ports:
      - "80:80"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock  

Now I want use that same server for another application(APP2) and spin up another traefik container with a small webservice in a way that traffic is completely isolated from APP1. I was able to do it by changing http and web ports as done below. But in this case the dashboard are same on http://localhost:8080/dashboard/#/ and http://localhost:8081/dashboard/#/. APP1 dashboard can see the services on APP2 and vice-versa.

services:
  traefik:
    image: traefik:v2.0
    command: 
      - --api.insecure=true 
      - --api.dashboard=false
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      - --accesslog=true 
      - --log.level=DEBUG
    ports:
      - "81:80"
      - "8081:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock  

So how can I isolate both traefik containers and is this a reasonable approach?

Thanks

What's your real goal? What do you mean by isolate traffic?

Because with your configuration there are already some security or isolation issues:

  • no HTTPS
  • the API is exposed without any security
  • one server

I'm not sure about what do you want to do but I can show you how to use 2 Traefik on 1 server by using constraints.

services:

  traefik1:
    image: traefik:v2.0.5
    command: 
      - --api
      - --entryPoints.web.address=:80
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      - --providers.docker.constraints=Label(`my.zone`, `zone1`)
      # - --accesslog=true
      - --log.level=INFO
    ports:
      - "80:80"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      my.zone: zone1
      traefik.enable: true

      traefik.http.routers.api.rule: Host(`zone1.dashboard.localhost`)
      traefik.http.routers.api.entrypoints: web
      traefik.http.routers.api.service: api@internal
  
  whoami1:
    image: containous/whoami
    labels:
      my.zone: zone1
      traefik.enable: true

      traefik.http.routers.myservice.rule: Host(`app1.localhost`)
      traefik.http.routers.myservice.entrypoints: web

  ######################

  traefik2:
    image: traefik:v2.0.5
    command: 
      - --api 
      - --entryPoints.web.address=:81
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      - --providers.docker.constraints=Label(`my.zone`, `zone2`)
      # - --accesslog=true
      - --log.level=INFO
    ports:
      - "81:81"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      my.zone: zone2
      traefik.enable: true

      traefik.http.routers.api.rule: Host(`zone2.dashboard.localhost`)
      traefik.http.routers.api.entrypoints: web
      traefik.http.routers.api.service: api@internal
  
  whoami2:
    image: containous/whoami
    labels:
      my.zone: zone2
      traefik.enable: true
      traefik.http.routers.myservice.rule: Host(`app2.localhost`)
      traefik.http.routers.myservice.entrypoints: web