Translating frontend and backend to Traefik V2

Hey everyone,
I do have a single docker host with traefik as reverse proxy with my wildcard certifcate.
I am trying to set up meshcentral, an opensource rmm solution but the documentation has been made for traefik version 1.

This is the bit that I am trying to translate to traefik v2

[file]
[backends]
 [backends.backend1]
 [backends.backend1.healthcheck]
 path = "/health.ashx"
 interval = "30s"
 [backends.backend1.servers.server1]
 url = "http://127.0.0.1:4430"
 weight = 1
[frontends]
 [frontends.frontend1]
 entryPoints = ["https"]
 backend = "backend1"
 passHostHeader = true
 [frontends.frontend1.routes]
 [frontends.frontend1.routes.main]
 rule = "Host:myserver.domain.com,localhost"

From the meshcentral documentation:

The backends section configures one MeshCentral server on port “4430”. Traefik will additionally 
check the health of the MeshCentral server periodically, every 30 seconds.
The frontends section is what routes the connections coming in the entry points to the backend 
servers. In this case, the HTTPS entry point is routed to the MeshCentral server is the hostname 
matches “myserver.domain.com” or “localhost”

Now, I read the traefik documentation for migrating from v1 to v2, but I can't still understand what i should exaclty do.

What i get from the documentation is:

Frontend might be an entrypoint or a router
Backend should be the service itself
Middleware is something new, basically modifying requests from a router to a backend, sitting in the middle between the two.

So, in this case, should I create a new router in the traefik dynamic config, setting a middleware ( which one? ) and pointing to url = "http://127.0.0.1:4430" .

Is clear what I am trying to accomplish here?
I am sorry, I am trying my best to understand traefik

Just a few litte hints here. In your case i'd suggest to do all of the configuration in files without using any external configuration providers.
There are two different configuration categories in traefik:
First, the static configuration ist what you load once at traefik startup. These are the basic configuration settings, like where to get the routing information and which entrypoints (each entrypoint listening to one port) are used.
The dynamic configuration holds all the configuration which could be changed at runtime, like routing information to services.
I have a configuration example on GitHub: GitHub - wollomatic/simple-traefik: simple traefik v2 / letsencrypt deployment with docker compose - where ./config/traefik.yaml is the static configuration and ./config/dynamic.yaml ist the dynamic configuration. Unfortunatelly for your use case, this example uses the docker provider for the routing information and not the file provider. But maybe it helps.

Frontend might be an entrypoint or a router
Backend should be the service itself

Yes, you need to define an entrypoint in the static configuration. Maybe you want to have two entrypoints and use port 80 for redirection to TLS/port 443:

# ... part of traefik.yaml - static configuration
entryPoints:
  web:
    address: ':80' # http
    http:
      redirections:
        entryPoint:
          to: web-secure
          scheme: https      
  web-secure:
    address: ':443' # https

The router connects the entrypoint to the service:

http:
  # define service
  services:
    exampleservice:
      loadBalancer:
        servers:
        - url: http://127.0.0.1:4430
  # connect entrypoint with service
  routers:
    examplerouter:
      entrypoints: web-secure
      rule: "Host(`hostname.example.com`)" # see doc: https://doc.traefik.io/traefik/routing/routers/#rule
      service: exampleservice@file # your servicename @file
      # some additional configuration like TLS resolvers
      # see https://github.com/wollomatic/simple-traefik for example with LetsEncrypt
      # otherwise you can specify certificates in a file
      tls:
        certresolver: tlschallenge
      middlewares: secHeaders@file # add some security headers, see https://github.com/wollomatic/simple-traefik/blob/master/config/dynamic.yaml
  # ...

You don't need any middleware at the first step. It's just a fine way to add some security headers, use rate limiting, add http basic auth and so on.

Hope, this helps a litte.

Regards,
Wolfgang

Thank you Wollomatic, this helps a LOT.
I do not have a static configuration file right now, everything is specified in the command: section in my docker file. I do recognize, it's not very clean.

Thanks a lot for your advices, I def will implement configuration files like you did

1 Like

Just one detail,
Meshcentral is a container itself.

What I find confusing is the duplication of the router configuration.
What I mean is, when I define the labels of meshcentral, inside its docker-compose, I already define a router to that service .

labels:
      - "traefik.enable=true"
      - "traefik.http.routers.meshcentral.rule=Host(`meshcentral.domain.com`)"
      - "traefik.http.routers.meshcentral.tls=true"
      - "traefik.http.routers.meshcentral.middlewares=secHeaders@file"
      - "traefik.http.services.meshcentral.loadbalancer.server.port=4430"

But then do I have to specify it on my dynamic configuration too?
What I did grasp is that service declaration inside dynamic.yml is for services external to docker provider, did I get it right?

Anyway I suppose that defining the service url its only possible inside dynamic.yml.

http:
  # define service
  services:
    meshcentral:
      loadBalancer:
        servers:
        - url: http://127.0.0.1:4430

You don't need a duplication of the router configuration. You can configure a service either with the docker labels (docker provider) or with a yaml or toml file.
If you use labels (which i would recommend if you use docker) you don't need to set the IP. Traefik/Docker does this for you.

Wolfgang

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.