Using Traefik for accessing self-hosted web services

For my little series of self-hosted web services using Docker,  a reverse proxy is a crucial part. Especially when it comes to automated HTTPS encryption, because a reverse proxy might take the burden of generating and renewing certificates manually. Personally, I’m using Traefik to redirect incoming connections to the intended web services. For me, automated encryption via Let’s Encrypt is the biggest advantage of Traefik.

The main idea of a reverse proxy is to respond to incoming client requests, which are then forwarded internally. So the actual service is hidden behind the reverse proxy. In my case, I have several websites running in Docker, each reachable on a dedicated subdomain. Traefik is handling every single incoming request and forwards them to the corresponding Docker container containing the website.

To get such a setup running, two steps are necessary:

  1. Traefik running in a Docker container.
  2. Each website running in Docker needs to extend its docker-compose.yml configuration to specify if, which and how Traefik should forward incoming web requests.

1. Run Traefik in Docker

Traefik’s documentation provides a basic setup for a combination of Docker, Traefik and HTTPS encryption via Let’s Encrypt. After configuring Traefik based on this setup, it can be started within a Docker container. Listening on port 80 and 443, each HTTP/HTTPS request is accepted by Traefik. HTTPS connections are based on Let’s Encrypt and Traefik automatically takes care of generating and renewing certificates for each website. An important setting is to save Traefik’s acme.json, that contains the certificates, outside the Docker container so that is will not be deleted on stopping, crashing or deleting of the Docker container. If not, this will lead to numerous new certificate requests, which in turn will lead to being blocked for a couple of days. Tested it for you.

I only made minor changes to traefik.toml and docker-compose.yml provided in Traefik’s user guide for Let’s Encrypt and Docker. For example, I activated the Web UI (dashboard) and, of course, renamed some configuration values.

2. Configure websites running Docker

In order to connect a website running in Docker with Traefik, some new lines in docker-compose.yml are necessary.

labels:
  - traefik.enable=true
  - traefik.backend=name-known-to-traefik
  - traefik.frontend.rule=Host:sub.domain.net
  - traefik.docker.network=web

Those lines make a running Docker container known to Traefik and it will show up in Traefik’s dashboard (if activated).

Summary

It is pretty easy to set up Traefik in a Docker container and does not take much time. Following tutorials is always a good idea. But if you don’t to so, like I did, you may feel the consequences. I forgot to save acme.json, which led to numerous new certificate generation requests until Let’s Encrypt blocked me. Than I had to wait some days until I was finally able to generate certificates again.

But in the end, everything is working now and I did not have any further problems with Traefik.

Leave a Reply

Your email address will not be published. Required fields are marked *