How to set up Traefik on docker-swarm

Traefik

Prerequisite

Docker swarm

1
2
3
docker swarm init

docker network create -d overlay endpoint

Installation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# stack.yml
version: "3"

services:
traefik:
image: traefik
networks:
- endpoint
ports:
# The http port
- "80:80"
# The https port
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml
- ./certs:/certs:ro
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`traefik.h365.asia`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.dashboard.tls=false"
- "[email protected]"
- "[email protected]=8080"

networks:
endpoint:
external: true

run with docker

1
docker stack deploy -c stack.yml http

Configuration

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

api:
insecure: false
# enable dashboard
dashboard: true
debug: false

entryPoints:
web:
address: ":80"

websecure:
address: ":443"
proxyProtocol:
insecure: true
forwardedHeaders:
insecure: true

providers:
# turn on listen docker container and enabled swarm mode
docker:
watch: true
exposedByDefault: false
swarmMode: true

# set up traefik's logs, you can change log level
log:
level: INFO
format: json

# set up traefik's received all request logs writes to console
accessLog:
format: json
fields:
defaultMode: keep
names:
ClientUsername: drop
headers:
defaultMode: keep
names:
# drop Authorization, it is sensitive data
Authorization: drop

Examples

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# stack.yml
version: "3"

services:
whoami:
image: containous/whoami
networks:
- endpoint
deploy:
labels:
- "traefik.enable=true"
- "[email protected]"
- "traefik.http.services.whoami.loadbalancer.server.port=80"
- "traefik.http.routers.whoami.rule=Host(`whoami`)"

networks:
endpoint:
external: true

Run

1
docker stack deploy -c stack.yml test

Test

1
curl -H 'Host: whoami' localhost