Traefik in Docker swarm

Traefik Traefik v2
1

Hello! I've managed to make the Traefik 2 work with docker swarm.

Here it is how I made it :slight_smile:

Things I've modified from my docker config to my docker swarm config:

  • The network must be overlay: docker network create --driver=overlay web
  • The node must have a label (this will ensure that traefik is only working from the labeled node):
    • export NODE_ID=$(docker info -f '{{.Swarm.NodeID}}')
    • docker node update --label-add traefik-public.traefik-public-certificates=true $NODE_ID
  • Since per documentation swarm does not detect ports, I've added labels in deploy: traefik.http.services.traefik.loadbalancer.server.port = 80
  • Finally, I updated the traefik.toml file to accept swarm in [providers.docker] --> swarmMode = true

Here are my config files

swarm.yml:

version: '3.5'

services:
    traefik:
        image: 'traefik:v2.2'
        deploy:
            placement:
                constraints:
                    - node.labels.traefik-public.traefik-public-certificates == true
            labels:
              - traefik.http.services.traefik.loadbalancer.server.port = 80
        volumes:
            - '/var/run/docker.sock:/var/run/docker.sock'
            - '$PWD/traefik.toml:/traefik.toml'
            - '$PWD/traefik_dynamic.toml:/traefik_dynamic.toml'
            - '$PWD/acme.json:/acme.json'
        ports:
            - '80:80'
            - '443:443'
        networks:
            - web


networks:
  web:
    external: 
      name: web
  internal:
    name: internal
    driver: bridge

traefik.toml

[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http.redirections.entryPoint]
      to = "websecure"
      scheme = "https"

  [entryPoints.websecure]
    address = ":443"

[api]
  dashboard = true

[certificatesResolvers.lets-encrypt.acme]
  email = "myemail.com"
  storage = "acme.json"
  [certificatesResolvers.lets-encrypt.acme.tlsChallenge]

[providers.docker]
  watch = true
  network = "web"
  swarmMode = true

[providers.file]
  filename = "traefik_dynamic.toml"

traefik_dynamic.toml:

[http.middlewares.simpleAuth.basicAuth]
  users = [
    "admin:mypassword"
  ]
[http.routers.api]
  rule = "Host(`monitor.mydomain.com`)"
  entrypoints = ["websecure"]
  middlewares = ["simpleAuth"]
  service = "api@internal"
  [http.routers.api.tls]
    certResolver = "lets-encrypt"

By running docker stack deploy -c swarml.yml swarmname activates my traefik in swarm.

this was supposed to be a question, but I managed to make it work, so I post it as a contribution!

1 Like