So I recently discovered Traefik, and I am loving the idea of it, but I am struggling to set it up to my needs.
I have one VPS, where multiple domains are pointing to it.
Firstly, I need to set up the app docker-compose correctly, and set it's own traefik acting as reverse proxy. What I have so far is this:
name: "myapp1"
services:
backend:
container_name: ${COMPOSE_PROJECT_NAME}-backend
image: mybackend:latest
restart: always
env_file:
- stack.env
networks:
- ${COMPOSE_PROJECT_NAME}-network
labels:
- "traefik.http.routers.backend.rule=PathPrefix(`/api`)"
- "traefik.http.services.backend.loadbalancer.server.port=3000"
- "${COMPOSE_PROJECT_NAME}.traefik=true"
cms:
container_name: ${COMPOSE_PROJECT_NAME}-cms
image: mycms:latest
restart: always
networks:
- ${COMPOSE_PROJECT_NAME}-network
labels:
- "traefik.http.routers.cms.rule=PathPrefix(`/admin`)"
- "traefik.http.services.cms.loadbalancer.server.port=3000"
- "${COMPOSE_PROJECT_NAME}.traefik=true"
frontend:
container_name: ${COMPOSE_PROJECT_NAME}-frontend
image: myfrontend:latest
restart: always
networks:
- ${COMPOSE_PROJECT_NAME}-network
labels:
- "traefik.http.routers.frontend.rule=PathPrefix(`/`)"
- "traefik.http.services.frontend.loadbalancer.server.port=3000"
- "${COMPOSE_PROJECT_NAME}.traefik=true"
mongo:
container_name: ${COMPOSE_PROJECT_NAME}-mongo
image: mongo:latest
restart: always
networks:
- ${COMPOSE_PROJECT_NAME}-network
volumes:
- mongo-data:/data/db
traefik:
container_name: ${COMPOSE_PROJECT_NAME}-traefik
image: traefik:latest
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.constraints=Label(`${COMPOSE_PROJECT_NAME}.traefik`,`true`)"
ports:
- 3005:80
- 3006:8080
networks:
- ${COMPOSE_PROJECT_NAME}-network
- main-network
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
- "traefik.enable=true"
volumes:
mongo-data:
networks:
myapp1-network:
name: ${COMPOSE_PROJECT_NAME}-network
driver: bridge
main-network:
external: true
So this traefik should only act as reverse proxy, worrying about the containers specified in this docker compose. As I investigated a bit, the only way I could restrict it to see the apps it needs (and not everything from docker) is via constraints. This part is working OK so far, and when I access IP:3005, I am getting that application (firewall is turned off for testing, that's why I can access that port)
Then, the problem is at system level traefik, which I would like to handle all incoming traffic, and reverse proxy it to specific port, depending on hostname...
What I have so far is this:
name: 'main'
services:
traefik:
image: traefik:latest
container_name: main-traefik
restart: always
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "traefik_letsencrypt:/letsencrypt"
networks:
- main-network
labels:
- "traefik.http.routers.myapp1.rule=Host(`myapp1.example.com`)"
- "traefik.http.services.myapp1.loadbalancer.server.port=3005"
volumes:
traefik_letsencrypt:
networks:
main-network:
external: true
But when I visit the app from specified domain, I am getting 404 not found...
I hope you get the idea of what I am trying to achieve... Also, I need to set up TLS, but lets worry about that in follow up discussion...
I am probably missing some labels, but I am not sure which ones should I set up more...
Anyone know or have example how to set this up correctly?