Traefik

===Traefik setup example=== Guide For setting up Traefik Install latest docker-ce:

1
sudo apt install docker-ce

Start the docker service and enable it to launch everytime at system boot.

1
systemctl start docker

1
systemctl enable docker

Check version of docker:

1
docker version

Additional: Running Docker for non-root user Docker container can be run under the non-root user. We just need to add the user to the docker group.

Add ‘aleks’ user.

1
useradd -m -s /bin/bash aleks

Now add the ‘aleks’ user to the docker group, then restart the docker service.

1
usermod -a -G docker aleks

1
systemctl restart docker

Test by running the docker hello-world.

1
docker run -it hello-world

Install Docker Compose

1
sudo apt install docker-compose

Check version:

1
docker-compose version

Create Custom Docker Network

Check the available docker network on the system.

1
docker network ls

Configuration

To configure traefik in docker you will need to set a docker compose file and a static + dynamic configuration.

Docker-Compose config:

set a basic config in the docker-compose.yml file to create the traefik container and map the host ports to it:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
version: "3.5"

services:

  traefik:
    image: traefik:v2.10
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"

Add volumes into the container by mapping locations on the docker host into the traefik container(within the traefik block):

1
2
3
4
5
volumes:
      - /etc/traefik/traefik.yml:/etc/traefik/traefik.yml # maps the traefik.yml file which can be used to set the configuration of the traefik container
      - /var/run/docker.sock:/var/run/docker.sock # maps the docker socket to the traefik container so it can listen to the docker engine for dynamic configuration
      - /etc/traefik/letsencrypt:/letsencrypt # folder can be used for storing the lets encrypt certificates
      - /etc/traefik/certs:/etc/certs/ # folder that can be used for user generated and applyed certificates 

Static + Dynamic configuration files

Configure the traefik configuration via files using the file provider. you can use the “traefik.yml” file mapped to the “/etc/traefik.traefik.yml” location in the container

Configure entrypoints in the file to map the ports exposed to the services that you will be running in the container:

1
2
3
4
5
entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

Enable the api of traefik which is a built in service that will run the dashboard and other handy things:

1
2
3
api:
  dashboard: true
  insecure: true

Enable the providers that you will be using, eg docker for docker and file for configuration files:

1
2
3
4
5
6
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock" # where we mapped the docker host files in the container
    exposedByDefault: false
  file:
    filename: "/etc/traefik/traefik.yml" # where we mapped the .yml file in the container

Create servers that are required, this is an example of an http server to run a router:

1
2
3
4
5
6
7
8
http:
  routers: 
    rdsgateway_https: # name of router
      entrypoints: # entrypoint to use (name mapped to port in entrypints section)
      - websecure
      service: rdsgateway # service that the router will route to (created in the services section)
      rule: "Host(``)"
      tls: true

Create the service that the router will route to:

1
2
3
4
5
services:
    rdsgateway:
      loadBalancer:
        servers:
          - url: "https://:"

Dashboard configuration

Configure the dashboard like you would another server, using a router to route traffic to it and add in the options you want to use.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
http:
  routers:
    traefik_https: # name the router
      entryPoints: # set the entrypoint to use
      - web
      middlewares: # set the middleware to route the traffic before the service
      - traefik-auth
      service: api@internal # set the service to route the traffic to (api@internal is automatically run by traefik so does not need to be defined)
      rule: Host(``)
  middlewares: # create a middleware to handle authentication
    traefik-auth: # name the middleware
      basicAuth: #type of middleware
        users: # set the users for the basicAuth middleware 
        - :

Sqlserver NTP