I've got a Traefik instance running on Docker which serves a Portainer instance. I'd like to isolate the stacks created using Portainer. Now they are all served on the same Traefik network.
I've already seen this answer but it actually says to redeploy Traefik every time you add a new stack and this is very annoying.
How should I do?
Related
I need to set up a server that does multiple things:
Hosts a Grafana instance on docker (3000 is the default port)
Hosts a flask service for printing Grafana reports (the default Grafana printing sucks so I built a Selenium robot to grab the objects on the screen, create a PDF and download the results)
Hosts a Docker App built with Wappler (Php-based app builder)
I'd like to use free certs (lets encrypt).
I'm new to docker and new to linux server administration. What's the best resource for learning how to set this up?
It's super easy to setup reverse proxies using the Linuxserver LetsEncrypt container (It's an Nginx container that auto-manages free certs). The initial setup if you're completely new to docker might seem a little intimidating, but it's easier than it looks, and once you get the hang of it, it's cake.
Other than that, you just need to be sure to place all 3 in the same docker network so they can talk to each other, and (if you want) also expose those ports to the host during the docker run or docker compose code.
i.e. (pseudo code):
docker run -d --name grafana -p 3000:3000 grafana/grafana
For anyone who ends up finding this via a search, I ended up using Traefik for routing/SSL setup. The best article I found on how to set this up is here.
(Note many articles reference Traefik 1.7, however, they changed a lot between 1.7 and version 2. The article above uses Traefik 2.0)
Basically the way that Traefik works is it sees other docker containers that are in the same network and if the docker container contains specific labels set in the docker configuration, it will automatically generate LetsEncrypt SSL certs (see the docs) and will perform the routing to the docker container.
I've recently been trying to migrate my home server to a Docker microservice style setup. I've installed fresh Ubuntu Server 18.04, set up Traefik container and Nextcloud container, but am experiencing a peculiar issue.
When I access Nextcloud over the internet it works OK, however on LAN I connect to the website, attempt to download a file and the download is extremely slow for a few seconds before making my router reboot itself. I have tried a Jellyfin container as well and the behavior is the same, so not an issue with Nextcloud. I have tried exposing the ports of the service containers directly and then the issue is resolved, most probably issue is with Traefik.
Here's my traefik.toml, docker-compose.yml, and Traefik container configuration.
I'd greatly appreciate any help, as I would like to use Traefik as a reverse proxy, not directly expose any ports. :-)
I have a docker-compose setup, where an nginx container is being used as a reverse-proxy and load balancer for the rest of the containers that make up my application.
I can spin up the application using docker-compose up -d and everything works great. Then, I can scale up one of my services using docker-compose up -d --scale auth=3, and everything continues to work fine.
The only issue is that nginx is not yet aware of the two new instances, so I need to manually restart the nginx process inside the running container using docker exec revproxy nginx -s reload, "revproxy" being the name of the nginx container.
That's fine and dandy, I don't mind running an extra command when I decide to scale out one of my services. The real issue though is when there is a container failure somewhere... nginx needs to know as soon as this happens to stop sending traffic to the failed instance until the Docker engine is able to replace it with a healthy one.
With all that said, essentially I would like to accomplish what they are doing in the Traefik quickstart tutorial, except I would like to stick with nginx as my reverse-proxy.
While I personally think Traefik would be a real time saver in your case, there is another project which does what you want with nginx: jwilder/nginx-proxy.
It works by listening to docker engine events and when containers are added or removed, it updates a nginx config using a template.
You could either use this jwilder/nginx-proxy docker image at is is, or you can also make your own flavor by using the jwilder/docker-gen project which is the part that produces a file given a template and docker engine events.
But again, I would recommend Traefik ; for the time and trouble saved and for all the features that comes with it (different load balancing strategies, healthchecks, circuit breakers, automatic SSL certificate setup with ACME/Let's Encrypt, ...)
You just need to write a service discovery script that looks for the updated list of containers every X interval and update the nginx config accordingly.
I want to be able to use traefik so that I can reverse proxy both container and non-container services. And I’d like to be able to use a docker-compose file so it is easily setup and torn down. I thought this would be a common request, but I can’t find a unified example. And since I’m still really new to docker, this is a little outside of my wheelhouse. Ideally the docker-compose file would:
install the traefik container, including authentication so that traefik can be managed with a WebUI
Have traefik use Let’s encrypt to generate and maintain SSL certificates that traefik will use to reverse proxy both docker and non-docker services
install a sample container (like Apache) that will be tagged so traefik will reverse proxy to https://apache.example.com (http automatically redirects)
reverse-proxy a non-container service at http://192.168.1.15:8085 to https://foobar.example.com (http automatically redirects)
I’ve seen plenty of examples on how to use traefik and to tag new containers so that they are reversed proxied, but precious few on how to reverse proxy non-docker services. I’m sure I’m not the only one who would appreciate an example that does both at the same time.
I can't figure out how to implement this, if it's even possible:
I want to allow Traefik container to expose ports only on Traefik Network.
Does anyone know how to achieve this?
EDIT:
To clarify, my question isn't technical and not about docker but about Traefik. Since Traefik supports docker (a dynamic environment), is it capable of exposing ports only for one docker network with dynamic ip address it receives. If it does then please explain how to achieve it (which comes to one configuration line or one parameter to add in container deployment). If it doesn't then it's a nice toy for development and not enterprise ready since it can't handle security in dynamic environments.