Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/macbre/docker-traefik

Dockerized traefik v3 with auto-discovery of other containers on the same Docker network
https://github.com/macbre/docker-traefik

non-root traefik-docker traefik-v3

Last synced: 5 months ago
JSON representation

Dockerized traefik v3 with auto-discovery of other containers on the same Docker network

Awesome Lists containing this project

README 

          
# docker-traefik

[![CI](https://github.com/macbre/docker-traefik/actions/workflows/docker.yml/badge.svg)](https://github.com/macbre/docker-traefik/actions/workflows/docker.yml)



Dockerized `traefik v3` with auto-discovery of other containers on the same Docker network.



The **`traefik` container runs as nobody** and uses proxy to get restricted and limited access to the Docker socket.



## Installing



1. Clone this repo.

2. Then run:



```

sudo chown nobody:nogroup letsencrypt/

echo "HOSTNAME=$(hostname)" > .env

docker network create public-network

docker-compose pull

docker-compose up -d

```



## Making Docker containers auto-discoverable



1. This Traefik instance runs on `public-network` network. Your containers should also use it:



```yaml

# make your ... container discoverable by traefik

# https://docs.docker.com/compose/networking/#configure-the-default-network

#

# docker network create public-network

networks:

  default:

    name: public-network

    external: true

```



2. Add labels to your container.



```yaml

    # https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/

    labels:

      traefik.enable: true

      traefik.http.routers..rule: Host(``)

      traefik.http.services..loadbalancer.server.port: "< port where your service is bound too >"  # or rely on ports defined via EXPOSE

```



3. Make sure that your container own healthcheck also passes. Traefik filters out containers that do not pass Docker healthchecks:



```yaml

$ DOCKER_HOST=tcp://localhost:2375 docker ps --format json | jq -c "[ .Names,.Status ]"  -r

["socks5","Up 11 minutes (healthy)"]

["docker_socket_proxy","Up 21 hours (healthy)"]

["whoami","Up 21 hours"]

["traefik","Up 21 hours (healthy)"]

```



## Notes



This container exposes both http (80) and https (443) ports. It **supports both http/2 and http/3**.



There's also **the dashboard exposed on a local 58888 port** (this port is bound to the local interface only!).



You can use the 5888 port to get some information from the API about your running services and routers:



```

$ curl -s 127.0.0.1:58888/api/http/routers | jq -r '.[] | .service' | sort

acme-http@internal

api@internal

dashboard@internal

noop@internal

ping@internal

prometheus@internal



```



```

$ curl -s 127.0.0.1:58888/api/http/services | jq '.[] | .serverStatus'

{

  "http://172.x.x.x:8080": "UP"

}

```



Responses from HTTP services are getting the `x-served-by` header added automatically (via the `x-served-by@file` middleware), e.g.



```

$ curl https://localhost/whoami --insecure -H 'Host: macbre.local' -v 2>&1 | grep x-served-by

< x-served-by: macbre.local

```



> The response header's value is taken from the `HOSTNAME` env variable.