I am switching from Nginx to Traefik 2.0 now.
The nginx.conf that i was using looks somewhat like this:
worker_processes 1;
events { worker_connections 1024; }
http {
server {
listen 80;
listen [::]:80;
server_name localhost;
# Global http redirect to https
return 301 https://$host$request_uri;
}
# HTTPS server
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/certs/myapp.crt;
ssl_certificate_key /etc/nginx/certs/myapp.key;
server_name myapp.com myui localhost;
location /api/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://myapp.com:55555/api/;
client_max_body_size 500G;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 3600;
send_timeout 300;
}
location /Myapp {
grpc_pass grpcs://myapp.com:55555;
client_max_body_size 500G;
grpc_read_timeout 1d;
grpc_send_timeout 1d;
client_body_timeout 1d;
grpc_buffer_size 500m;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 3600;
send_timeout 300;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://myui:80/;
client_max_body_size 500G;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 3600;
send_timeout 300;
}
location ~ /\.ht {
deny all;
}
}
}
I almost configured it for Traefik. As of now, i am using a docker-compose like this:
version: '3.2'
services:
myapp.com:
image: myapp:master
restart: always
labels:
- traefik.enable=true
- traefik.http.middlewares.myapp_https.redirectscheme.scheme=https
- traefik.http.routers.myapp.rule=PathPrefix(`/api/`)
- traefik.http.routers.myapp.service=myapp@file
- traefik.http.routers.myapp.entrypoints=insecure
- traefik.http.routers.myapp.middlewares=myapp_https@docker
- traefik.http.routers.myapp_https.rule=PathPrefix(`/api/`)
- traefik.http.routers.myapp_https.service=myapp@file
- traefik.http.routers.myapp_https.entrypoints=secure
- traefik.http.routers.myapp_https.tls=true
myui:
image: myui:latest
restart: always
ports:
- 90:80
labels:
- traefik.enable=true
- traefik.http.middlewares.myui_https.redirectscheme.scheme=https
- traefik.http.routers.myui.rule=Path(`/`)
- traefik.http.routers.myui.service=myui@file
- traefik.http.routers.myui.entrypoints=insecure
- traefik.http.routers.myui.middlewares=myui_https@docker
- traefik.http.routers.myui_https.rule=Path(`/`)
- traefik.http.routers.myui_https.tls=true
- traefik.http.routers.myui_https.service=myui@file
- traefik.http.routers.myui_https.entrypoints=secure
proxy:
image: traefik:v2.0 # The official v2.0 Traefik docker image
command:
- --api.insecure=true # Enable the web UI
- --log.level=DEBUG
- --serverstransport.insecureskipverify=true
- --entrypoints.insecure.address=:80
- --entrypoints.secure.address=:443
- --providers.docker=true
- --providers.docker.network=traefik-network
- --providers.docker.exposedByDefault=false
- --providers.file.directory=/etc/traefik/configuration/
- --providers.file.watch=true
ports:
- 80:80 # The HTTP port
- 443:443 # The HTTPS port
- 8080:8080 # The traefik Web UI
volumes:
- '/var/run/docker.sock:/var/run/docker.sock' # So that Traefik can listen to the Docker events
- './traefik:/etc/traefik/configuration'
networks:
default:
external:
name: "traefik-network" #The same network defined in Docker provider config
The traefik configuration file with the support of file provider looks like this:
tls:
certificates:
- certFile: /etc/traefik/configuration/certs/myapp.crt
keyFile: /etc/traefik/configuration/certs/myapp.key
http:
services:
myapp:
loadBalancer:
servers:
- url: "https://myapp.com:55555/"
myui:
loadBalancer:
servers:
- url: "http://myui:80/"
I configured everything expect the Grpc section.
I am confused where to add that configuration - as labels, or in the conf file?
The grpc example in the documentation says that we should use h2c scheme for grpc.
Does that mean grpcs://myapp.com:55555 in my nginx config will change to h2c://myapp.com:55555 in traefik?
Can someone help me to configure this?
Also, suggestions to improve the current configuration are most welcome!