Traefik loadbalancing

Deepak · December 31, 2022, 4:55pm

Hi Team,

I've two domains running in two different docker containers under same server. Traefik (v2.5) is running as reverse proxy. All the request I'm making to a particular server is loadbalanced in a round robin fashion and send to both services.

Request is intended to docker having ip 172.21.0.3. But every other request is send to 172.21.0.4.
I've rules defined under docker-compose file for request coming from tactification url to be redirected to appropriate service. Why it's loadbalanced to other service? Can you please help? Logs are pasted below.

Logs:
122.172.84.86 - - [31/Dec/2022:16:40:11 +0000] "GET / HTTP/2.0" 200 2456 "-" "-" 18317 "tactification-https@docker" "http://172.21.0.4:80" 4ms
122.172.84.86 - - [31/Dec/2022:16:40:15 +0000] "GET / HTTP/2.0" 200 2472 "-" "-" 18318 "tactification-https@docker" "http://172.21.0.3:80" 4ms
122.172.84.86 - - [31/Dec/2022:16:40:16 +0000] "GET / HTTP/2.0" 200 2456 "-" "-" 18319 "tactification-https@docker" "http://172.21.0.4:80" 4ms
122.172.84.86 - - [31/Dec/2022:16:41:13 +0000] "GET / HTTP/2.0" 200 2472 "-" "-" 18320 "tactification-https@docker" "http://172.21.0.3:80" 3ms

Docker network output:
"Containers": {
"6a317d24c65249529b3ddd630279df13216d714a2881b5a559d9c38a332d4673": {
"Name": "techtok_tactification_1",
"EndpointID": "ef1a2c8080a4b104de9c6a2292ba45f642567aba16c0ac1b13b5bf2be6ae0489",
"MacAddress": "02:42:ac:15:00:03",
"IPv4Address": "172.21.0.3/16",
"IPv6Address": ""
},
"bd3de7518103a89229ad9347b65453e34568525dfc8f1bc57f20b722a4587f87": {
"Name": "techtok_traefik_1",
"EndpointID": "f18d57040e5a08581f2f7f3c6d5b9a7f3d7e57b99c3555869fa922498ba8979b",
"MacAddress": "02:42:ac:15:00:02",
"IPv4Address": "172.21.0.2/16",
"IPv6Address": ""
},
"e4a8b7db29b5a5b47679c1a74910962c355648e446d3630254f4fcc1143c5251": {
"Name": "techtok_insidecode_1",
"EndpointID": "619db30617c4b7b7e453abd192b143a302cdcbc18e736ca8a31a2f638dc20853",
"MacAddress": "02:42:ac:15:00:04",
"IPv4Address": "172.21.0.4/16",
"IPv6Address": ""
}
}

Thanks,
Deepak

bluepuma77 · December 31, 2022, 8:19pm

Update to current Traefik, show your Traefik static and dynamic config and docker-compose.yml (but please format it).

Deepak · January 1, 2023, 4:14pm

Thanks for reply and Happy New Year. I've moved to traefik2.9 image. But I still see same behavior.

Please let me know if the format I've shared is not meeting your expectation. I'll correct it accordingly.

Traefik's docker-compose stack configuration:

version: '3.3'

services:

  traefik:
    image: traefik:v2.9
    ports:
      - 80:80
      - 443:443
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080
      - traefik.docker.network=traefik-public
      - traefik.http.routers.traefik-dashboard-http.entrypoints=http
      - traefik.http.routers.traefik-dashboard-http.rule=Host(`traefik.insidecode.me`)
      - traefik.http.routers.traefik-dashboard-https.entrypoints=https
      - traefik.http.routers.traefik-dashboard-https.rule=Host(`traefik.insidecode.me`)
      - traefik.http.routers.traefik-dashboard-https.tls=true
      - traefik.http.routers.traefik-dashboard-https.tls.certresolver=le
      - traefik.http.routers.traefik-dashboard-https.service=api@internal
      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
      - traefik.http.routers.traefik-dashboard-http.middlewares=https-redirect
      - traefik.constraint-label=traefik-public
      - traefik.http.middlewares.admin-auth.basicauth.users=admin:${HASHED_PASSWORD}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-public-certificates:/certificates
    command:
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443
      - --certificatesresolvers.le.acme.email=deepakpjose@gmail.com
      - --certificatesresolvers.le.acme.storage=/certificates/acme.json
      - --certificatesresolvers.le.acme.tlschallenge=true
      - --accesslog
      - --log.filepath=/var/log/traefik.log
      - --log.format=json
      - --log.level=DEBUG  
    networks:
      - traefik-public
    
volumes:
  traefik-public-certificates:

networks:
  traefik-public:
    external: true

Services docker-compose stack:

services:

  backend:
    build: ./
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.services.app.loadbalancer.server.port=80
      - traefik.http.routers.insidecode-http.entrypoints=http
      - traefik.http.routers.insidecode-http.rule=Host(`insidecode.me`)
      - traefik.docker.network=traefik-public
      - traefik.http.routers.insidecode-https.entrypoints=https
      - traefik.http.routers.insidecode-https.rule=Host(`insidecode.me`)
      - traefik.http.routers.insidecode-https.tls=true
      - traefik.http.routers.insidecode-https.tls.certresolver=le
      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
      - traefik.http.routers.insidecode-http.middlewares=https-redirect
    networks:
      - traefik-public
    volumes:
      - insidecode:/var/www/app/docs

  tactification:
    build: ~/tactification 
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.services.app.loadbalancer.server.port=80
      - traefik.http.routers.tactification-http.entrypoints=http
      - traefik.http.routers.tactification-http.rule=Host(`tactification.com`)
      - traefik.docker.network=traefik-public
      - traefik.http.routers.tactification-https.entrypoints=https
      - traefik.http.routers.tactification-https.rule=Host(`tactification.com`)
      - traefik.http.routers.tactification-https.tls=true
      - traefik.http.routers.tactification-https.tls.certresolver=le
      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
      - traefik.http.routers.tactification-http.middlewares=https-redirect
    networks:
      - traefik-public
    volumes:
      - insidecode:/var/www/app/docs
networks:
  traefik-public:
    external: true

volumes:
  insidecode:
    external: true

Deepak · January 1, 2023, 4:23pm

Thanks for the reply and Happy new year.
I've tried updating to latest version of 2.9 and still see same behavior.

I've two docker-compose files. One for traefik stack and for services. I've pasted them below.

Traefik docker-compose.yaml:

version: '3.3'

services:

  traefik:
    image: traefik:v2.9
    ports:
      - 80:80
      - 443:443
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080
      - traefik.docker.network=traefik-public
      - traefik.http.routers.traefik-dashboard-http.entrypoints=http
      - traefik.http.routers.traefik-dashboard-http.rule=Host(`traefik.insidecode.me`)
      - traefik.http.routers.traefik-dashboard-https.entrypoints=https
      - traefik.http.routers.traefik-dashboard-https.rule=Host(`traefik.insidecode.me`)
      - traefik.http.routers.traefik-dashboard-https.tls=true
      - traefik.http.routers.traefik-dashboard-https.tls.certresolver=le
      - traefik.http.routers.traefik-dashboard-https.service=api@internal
      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
      - traefik.http.routers.traefik-dashboard-http.middlewares=https-redirect
      - traefik.constraint-label=traefik-public
      - traefik.http.middlewares.admin-auth.basicauth.users=admin:${HASHED_PASSWORD}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-public-certificates:/certificates
    command:
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443
      - --certificatesresolvers.le.acme.email=deepakpjose@gmail.com
      - --certificatesresolvers.le.acme.storage=/certificates/acme.json
      - --certificatesresolvers.le.acme.tlschallenge=true
      - --accesslog
      - --log.filepath=/var/log/traefik.log
      - --log.format=json
      - --log.level=DEBUG  
    networks:
      - traefik-public
    
volumes:
  traefik-public-certificates:

networks:
  traefik-public:
    external: true

Services docker-compose.yml file:

services:

  backend:
    build: ./
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.services.app.loadbalancer.server.port=80
      - traefik.http.routers.insidecode-http.entrypoints=http
      - traefik.http.routers.insidecode-http.rule=Host(`insidecode.me`)
      - traefik.docker.network=traefik-public
      - traefik.http.routers.insidecode-https.entrypoints=https
      - traefik.http.routers.insidecode-https.rule=Host(`insidecode.me`)
      - traefik.http.routers.insidecode-https.tls=true
      - traefik.http.routers.insidecode-https.tls.certresolver=le
      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
      - traefik.http.routers.insidecode-http.middlewares=https-redirect
    networks:
      - traefik-public
    volumes:
      - insidecode:/var/www/app/docs

  tactification:
    build: ~/tactification 
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.services.app.loadbalancer.server.port=80
      - traefik.http.routers.tactification-http.entrypoints=http
      - traefik.http.routers.tactification-http.rule=Host(`tactification.com`)
      - traefik.docker.network=traefik-public
      - traefik.http.routers.tactification-https.entrypoints=https
      - traefik.http.routers.tactification-https.rule=Host(`tactification.com`)
      - traefik.http.routers.tactification-https.tls=true
      - traefik.http.routers.tactification-https.tls.certresolver=le
      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
      - traefik.http.routers.tactification-http.middlewares=https-redirect
    networks:
      - traefik-public
    volumes:
      - insidecode:/var/www/app/docs
networks:
  traefik-public:
    external: true

volumes:
  insidecode:
    external: true

Thanks,
Deepak

bluepuma77 · January 1, 2023, 6:53pm

I would start by minimizing your configuration, place the http->https redirection in the central entrypoint, only use https in labels.

Deepak · February 14, 2023, 5:11am

I had same name 'app' under services backend and tactification. When I changed unique names for both services, it started working.

traefik.http.services.app.loadbalancer.server.port=80

Thanks,
Deepak

Topic		Replies	Views
Reverse proxying to Docker's service with replicas doesn't load balance requests. Always ends up reaching the same container Traefik v2 docker , file	3	3518	November 30, 2022
Traefik load balancer on two servers Traefik v2 docker	5	4577	February 9, 2023
Loadbalancing containers in separate docker hosts Traefik v2 docker , file	9	887	December 4, 2020
Traefik doesn't forward request to the service Traefik v2 docker	1	1654	January 3, 2020
Traefik as reverse-proxy in front of 2 docker containers exposing one port each Traefik v2 docker	9	8789	January 5, 2021

Traefik loadbalancing

Related topics