Traefik Proxy on Docker Swarm Multiple Managers

I have a internet/public facing load balancer which distributes requests to a docker swarm. at the moment the swarm is using traefikv2 only on one of the manager nodes, and load balancer directs all traffic to this node.

To utilise the load balancer to full effect, I would like to run traefikv2 on each of the manager nodes.
Is this possible with open source traefik proxy or is it a feature in EE.

Thanks for feedback

You can use multiple Traefik instances behind a real load balancer without a problem. The only issue is that LetsEncrypt is not straight forward anymore.

1 Like

thanks, do you have more info on the problems with letsencrypt?

You cannot use regular lets encrypt challenge because there is no guarantee that requests from LetsEncrypt server will hit the very same node (traefik instance) which initiated cert request. There will be multiple fails. This can be easily solved using DNS challenge (LetsEncrypt validates challenge with dns records).

There is another "issue". Only one traefik instance is aware of certificate change. Other simply do not react to changes in acme.json file and still serve old certificate (or self signed if there was none). You can restart all traefik instances so after restart all certificates will be reread from file, but this seems not a good solution on production, because restating traefik means downtime and still until restart info between traefik instances is not synchronized.

From what I know, Enterprise Edition solves this problem.

From what I know th

1 Like

The embedded Traefik LetsEncrypt only works for single node, for multi node you need the Enterprise Edition starting at 3000€/year.

There are work arounds, but they need some work. Best solution is probably a separate certbot or lego container with a shared folder for a dynamic certificates file for all Traefik instances. See discussions like this one.

1 Like