Traefik as a dynamic reverse proxy for Docker Swarm

In this post we will setup Traefik as a Dynamic reverse proxy for a Docker Swarm. We will be able to run the same on a Raspberry Pi or on x86.

If you want to see how to do the same with HAProxy, check this post!

Why a Dynamic reverse proxy and load balancer?

Classic loadblancers and proxies (nginx, haproxy, apache) were built with a static backend in mind and are usually enhanced with other projects such as Victor Farcic' HA docker-flow-proxy or jwilder/nginx. Traefik is built for a dynamic world from the start.

Why Traefik?

Træfɪk is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends (Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, Zookeeper, BoltDB, Eureka, Rest API, file...) to manage its configuration automatically and dynamically.

To be honest, I wanted to try it as I really like the logo :)
(of course in order to learn a new reverse proxy too)

traefik

Ok. Let's go now.

Deploy Traefik on the Swarm

Create an overlay network
docker network create --driver=overlay traefik-net
Deploy Traefik
docker service create \
--name traefik \
--constraint 'node.role==manager' \
--publish 80:80 \
--publish 8080:8080 \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
--network traefik-net \
traefik:camembert \
--docker \
--docker.swarmmode \
--docker.domain=jmkhael.io \
--docker.watch \
--logLevel=DEBUG \
--web

We will next deploy some services to mimic the below screenshot. We will configure several frontends serving different hosts while themselves are being served by different backends.

diagrams

Deploy api service
docker service create \
--name api \
--label 'traefik.port=5000' \
--network traefik-net \
jmkhael/myservice:0.0.1
Deploy backoffice service
docker service create \
--name backoffice \
--label 'traefik.port=5000' \
--network traefik-net \
jmkhael/myservice:0.0.2

Scale the backoffice service to 3 instances to match the screenshot:

docker service scale backoffice=3

Deploy web service

docker service create \
--name web \
--label 'traefik.port=5000' \
--label traefik.frontend.rule="Host:jmkhael.io; Path: /web/" \
--network traefik-net \
jmkhael/myservice:0.0.2

Test this

Issue the commands:

curl -H Host:api.jmkhael.io http://0.0.0.0
curl -H Host:backoffice.jmkhael.io http://0.0.0.0
curl -H Host:jmkhael.io http://0.0.0.0/web/

and we should get valid output, like the below:

I'm 24ab5c2a9402
I'm eec66086b687
I'm aaf5402a2387

Checking the Visualizer we can see all the services running:
viz

Checking http://stratus-clay:8080/ we can reach the Web dashboard of Traefik and see our frontends and backends well defined:
web-dashboard

All this happening like...

magic

Running the same thing on the Raspberry Pi

Deploy Traefik on Rpi

docker service create \
--name traefik \
--constraint 'node.role==manager' \
--publish 81:80 \
--publish 8081:8080 \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
--network traefik-net \
hypriot/rpi-traefik \
--docker \
--docker.swarmmode \
--docker.domain=jmkhael.io \
--docker.watch \
--logLevel=DEBUG \
--web

Deploy two API Endpoints Service

One to respond on api.jmkhael.io

docker service create \
--name api \
--label 'traefik.port=8000' \
--network traefik-net \
hypriot/rpi-whoami

Another to respond on api.jmkhael.io/products/

docker service create \
--name products \
--label 'traefik.port=8000' \
--label traefik.frontend.rule="Host:api.jmkhael.io; Path: /products/" \
--network traefik-net \
hypriot/rpi-whoami

Deploy Blog service on blog.jmkhael.io

Constraint it to node blog as it has the data there... until we handle the statefulness better (nfs?)

docker service create \
--name blog \
--label 'traefik.port=2368' \
--label traefik.frontend.rule="Host:api.jmkhael.io, blog.jmkhael.io;" 
--constraint 'node.hostname==blog' \
--network traefik-net \
alexellis2/ghost-on-docker:armv6

Notice that we've written frontend rules for api and blog, as Ghost needs both to be redirected to it...
(that means that we cannot host api endpoints, at least not without thinking of a potential clash, as our /products/ above still works)

Test api

curl -H Host:api.jmkhael.io http://0.0.0.0:81
curl -H Host:api.jmkhael.io http://0.0.0.0:81/products/

If you check http://blog.jmkhael.io:81, you'll see the blog running :)
Sweet!

ghost-traefik-service

Let's also make sure that our products api endpoint is working too:

curl http://api.jmkhael.io:81/products/
I'm eec66086b687

Scale app

docker service scale api=3

curl -H Host:api.jmkhael.io http://0.0.0.0
curl -H Host:api.jmkhael.io http://0.0.0.0
curl -H Host:api.jmkhael.io http://0.0.0.0

This might seem to be "not working" (as expected), because the sessions are kept alive for a while - this issue will "correct" it.