A simpler way to use Traefik 2
After more than a year of working with Traefik, I’ll start with an introduction to how to simplify the use of Traefik, and then move on to talk about how to use this “cloud native” tool in the cloud, as well as some practical ways to improve business and development efficiency with it.
In the Traefik 2 User guide, A Pleasant Development Experience, and Configuring a Traefik V2-based Web server article, the solution to using Traefik introduces a lot of configuration that can be simplified if you are not using it in a complex scenario.
Simplified program configuration files
In most cases, the parameter is changed to the configuration, which facilitates version management in version control software. In version V2, because of the concept of dynamic configuration, the traditional fixed configuration, replaced by shorthand parameters and recorded in the container startup configuration, can achieve the same effect with fewer distributed files.
Use arguments instead of Traefik.toml
In the previous article, I provided the default configuration to use in general:
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "WARN"
format = "common"
[api]
dashboard = true
insecure = true
[ping]
[accessLog]
[providers]
[providers.docker]
watch = true
exposedByDefault = false
endpoint = "unix:///var/run/docker.sock"
swarmMode = false
useBindPortIP = false
network = "traefik"
[providers.file]
watch = true
directory = "/etc/traefik/config"
debugLogGeneratedTemplate = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
Copy the codeTo achieve the same effect, simply add the following to the command field:
version: '3' services: traefik: ... command: - "--global.sendanonymoususage=false" - "--global.checknewversion=false" - "--entrypoints.http.address=:80" - "--entrypoints.https.address=:443" - "--api=true" - "--api.insecure=true" - "--api.dashboard=true" - "--api.debug=false" - "--ping=true" - "--log.level=warn" - "--log.format=common" - "--accesslog=false" - "--providers.docker=true" - "--providers.docker.watch=true" - "--providers.docker.exposedbydefault=false" - "--providers.docker.endpoint=unix:///var/run/docker.sock" - "--providers.docker.swarmMode=false" - "--providers.docker.useBindPortIP=false" - "--providers.docker.network=traefik" - "--providers.file=true" - "--providers.file.watch=true" - "--providers.file.directory=/etc/traefik/config" - "--providers.file.debugloggeneratedtemplate=true" ...Copy the codeYou can now remove the Traefik. Toml configuration file.
Simplified dashboard. Toml
In the previous article, we defined routes such as Traefik’s built-in Dashboard through configuration files, as shown below.
[http.middlewares.dash-compress.compress]
[http.middlewares.dash-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
]
[http.routers.dashboard-redirect-https]
rule = "Host(`dashboard.lab.io`, `dashboard.lab.com`)"
entryPoints = ["http"]
service = "noop"
middlewares = ["https-redirect"]
priority = 100
[http.routers.dashboard]
rule = "Host(`dashboard.lab.io`, `dashboard.lab.com`)"
entrypoints = ["https"]
service = "dashboard@internal"
middlewares = ["dash-compress"]
[http.routers.dashboard.tls]
[http.routers.api]
rule = "Host(`dashboard.lab.io`, `dashboard.lab.com`) && PathPrefix(`/api`)"
entrypoints = ["https"]
service = "api@internal"
middlewares = ["dash-compress"]
[http.routers.api.tls]
[http.routers.ping]
rule = "Host(`dashboard.lab.io`, `dashboard.lab.com`) && PathPrefix(`/ping`)"
entrypoints = ["https"]
service = "ping@internal"
middlewares = ["dash-compress"]
[http.routers.ping.tls]
Copy the codeIn fact, just leave the configuration to the two “middleware” that need to be predefined. If you don’t need page compression or access passwords, you don’t need to save the following:
[http.middlewares.dash-compress.compress]
[http.middlewares.dash-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
]
Copy the codeThen add some rules to the labels field that Traefik can parse in the container configuration:
version: '3' services: traefik: ... labels: - "traefik.enable=true" - "traefik.docker.network=traefik" # Default request to forward HTTPS port - "traefik.http.routers.traefik-dash-default.middlewares=https-redirect@file" - "traefik.http.routers.traefik-dash-default.entrypoints=http" - "traefik.http.routers.traefik-dash-default.rule=Host(`dashboard.guava.lab.com`)" - "Traefik. HTTP. Routers. Traefik - dash - default. Service = dashboard @ internal" # page - processing "traefik.http.routers.traefik-dash-web.entrypoints=https" - "traefik.http.routers.traefik-dash-web.rule=Host(`dashboard.guava.lab.com`) && PathPrefix(`/`)" - "traefik.http.routers.traefik-dash-web.tls=true" - "traefik.http.routers.traefik-dash-web.service=dashboard@internal" # Processing interface - "traefik. HTTP. Routers. Traefik - dash - API. Entrypoints = HTTPS" - "traefik.http.routers.traefik-dash-api.rule=Host(`dashboard.guava.lab.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" - "traefik.http.routers.traefik-dash-api.tls=true" - "traefik.http.routers.traefik-dash-api.service=api@internal" ...Copy the codeThe default. Toml configuration is abstracted separately
Although we migrated 90% of our content into the Compose configuration file, there are still some things that are not easy to rewrite for the time being, such as “content Gzip compression” and “HTTP forward HTTPS” mentioned below:
# # provides Gzip compression press [http.middlewares.gzip.com] tricks, Provide forward HTTP default HTTPS # https://github.com/containous/traefik/issues/4863#issuecomment-491093096 [HTTP services] [http.services.noop.LoadBalancer] [[http.services.noop.LoadBalancer.servers]] url = "" # or url = "localhost" [http.routers] [http.routers.https-redirect] entryPoints = ["http"] rule = "HostRegexp(`{any:.*}`)" middlewares = ["https-redirect"] service = "noop" [http.middlewares.https-redirect.redirectScheme] scheme = "https"Copy the codeThis is not to say that it cannot be configured in the application, but if the two middleware were configured in the application, the problem would be that each application would need to be configured repeatedly. Although a separate configuration makes the application more portable, this configuration provides consistent behavior whether it is in the local, private cloud, or public cloud SLB environment. It is easier to maintain one configuration than several, right?
Complete container configuration
As always, here’s the full Compose configuration:
Version: '3' services: traefik: container_name: traefik image: traefik:v2.3.4 restart: always ports: - 80:80 - 443:443 networks: - traefik command: - "--global.sendanonymoususage=false" - "--global.checknewversion=false" - "--entrypoints.http.address=:80" - "--entrypoints.https.address=:443" - "--api=true" - "--api.insecure=true" - "--api.dashboard=true" - "--api.debug=false" - "--ping=true" - "--log.level=warn" - "--log.format=common" - "--accesslog=false" - "--providers.docker=true" - "--providers.docker.watch=true" - "--providers.docker.exposedbydefault=false" - "--providers.docker.endpoint=unix:///var/run/docker.sock" - "--providers.docker.swarmMode=false" - "--providers.docker.useBindPortIP=false" - "--providers.docker.network=traefik" - "--providers.file=true" - "--providers.file.watch=true" - "--providers.file.directory=/etc/traefik/config" - "--providers.file.debugloggeneratedtemplate=true" volumes: # standard Linux environment - only the/etc/localtime: / etc/localtime: ro - / etc/timezone: / etc/timezone: ro - /var/run/docker.sock:/var/run/docker.sock:ro - ./config/:/etc/traefik/config/:ro - ./ssl/:/data/ssl/:ro labels: - "traefik.enable=true" - "traefik.docker.network=traefik" # Default request to forward HTTPS port - "traefik.http.routers.traefik-dash-default.middlewares=https-redirect@file" - "traefik.http.routers.traefik-dash-default.entrypoints=http" - "traefik.http.routers.traefik-dash-default.rule=Host(`dashboard.guava.lab.com`)" - "Traefik. HTTP. Routers. Traefik - dash - default. Service = dashboard @ internal" # page - processing "traefik.http.routers.traefik-dash-web.entrypoints=https" - "traefik.http.routers.traefik-dash-web.rule=Host(`dashboard.guava.lab.com`) && PathPrefix(`/`)" - "traefik.http.routers.traefik-dash-web.tls=true" - "traefik.http.routers.traefik-dash-web.service=dashboard@internal" # Processing interface - "traefik. HTTP. Routers. Traefik - dash - API. Entrypoints = HTTPS" - "traefik.http.routers.traefik-dash-api.rule=Host(`dashboard.guava.lab.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" - "traefik.http.routers.traefik-dash-api.tls=true" - "traefik.http.routers.traefik-dash-api.service=api@internal" healthcheck: test: ["CMD-SHELL", "wget -q --spider --proxy off localhost:8080/ping || exit 1"] interval: 3s retries: 12 logging: driver: "json-file" options: max-size: "1m" networks: traefik: external: trueCopy the codeThe last
Traefik. IO/Traefik-pil… In addition to serving as a unified management center, it also provides many useful middleware, such as request/response header rewriting, IP ban list, IP address translation, Fail2Ban, and so on.
Because the official has no intention to open source the Pilot for the time being (it may also be a long-term situation), if you don’t mind using “linked to the Internet”, you can try registering the pilot.
–EOF
I now have a small toss group, which gathered some like to toss small partners.
In the case of no advertisement, we will talk about software, HomeLab and some programming problems together, and also share some technical salon information in the group from time to time.
Like to toss small partners welcome to scan code to add friends. (Please specify source and purpose, otherwise it will not be approved)
All this stuff about getting into groups
This article is published under a SIGNATURE 4.0 International (CC BY 4.0) license. Signature 4.0 International (CC BY 4.0)
Author: Su Yang
Creation time: on December 2nd 2020 statistical word count: 7102 words reading time: 15 minutes of reading this article links: soulteary.com/2020/12/02/…