Traefik on Docker Swarm
Traefik is an application load balancer written in Go and designed to simplify the task of serving HTTP(S) services whose configuration changes on the fly. Traefik v1.1.0 was recently released with support for Docker Swarm and it works excellently.
In this post, we'll go through how one sets up their Swarm cluster to automatically expose its services through Traefik.
¶Why use Traefik?
Unlike traditional reverse proxies, Traefik's configuration is ideally sourced directly from your service's configuration databases - with support for everything from ZooKeeper and Consort to Docker Swarm and Kubernetes' metadata. This enables Traefik to react almost instantaneously to changes in your service configurations, buying back valuable time on your SLA budget.
In addition to this: Traefik includes support for HTTP/2.0 out of the box, something I'm still waiting for HAProxy to support, and ACME support (which means LetsEncrypt without any effort).
¶Setting up your Swarm
First thing's first, we'll need to setup your Docker host to be running in Swarm mode. This is super-simple to accomplish, simply run the following if you haven't already.
At this point, you should be able to run
docker service ls without any errors.
¶Create a Network
You'll also want to create a network on which you'll advertise containers to Traefik. It's always a good idea to keep services like databases and caches off of this network, as Traefik will have the ability to access all the containers on this network, and you don't want to publish your DB by mistake.
You'll notice that we're using the
overlay driver for this network. The overlay
driver will create a virtual network between all of your swarm nodes and make it
available to containers which are connected to this network.
¶Create the Traefik Service
Now for the juicy part, we're going to spin up the Traefik container on our Swarm
cluster, giving it access to the
/var/run/docker.sock socket so that it can access
the Docker API and pull the information it needs to configure itself.
We'll also expose ports
http listener and Traefik's web
You'll notice that we're passing a couple of command line options to Traefik here, specifically the following.
--webenables Traefik's web control panel (by default on port
--dockerenables the Docker configuration driver.
--docker.swarmmodetells the Docker config driver to use Swarm mode services.
--docker.watchinstructs the Docker driver to watch the Docker event stream for changes.
--docker.domain=localhosttells Traefik to publish services under
¶Create your Service
Now you'll want to spin up a container for us to play around with, let's use the
ehazlett/docker-demo container, which is perfect for this purpose.
Here we're telling Docker to run the service, connect it to the
http network and set
traefik.port label, which Traefik will be looking for to determine how to connect
to the container.
Now that you've got everything set up, let's hop on over to the Traefik dashboard to confirm that everything is working correctly.
You should see something like the following:
¶Check your Service
Great, now it's time to check that your service is available. You'll want to use a web browser with
its own DNS here, since most operating systems won't resolve
*.localhost correctly - read on for
a workaround if you need it.
You should see the demo application, something like this:
¶DNS Workaround for Localhost
If you're running a web browser or operating system which doesn't resolve
*.localhost to your local
loopback adapter, then you'll need to add the following to your hosts file.
Although this post was somewhat long, there's actually not much going on at all - with all the magic happening in a total of 4 commands. This just goes to show how easily one can automate the traditionally menial task of configuring your load balancers.
If you have any questions about how this works, portions which weren't explained adequately, or suggestions for future posts - please don't hesitate to leave a comment below.