Traefik, Docker - different docker-compose.yml files

Question

I need to use Traefik for reverse proxy, for docker. My user case requires to spin up containers from different docker-compose.yml files. Ideally I want to use on docker-compose.yml file for Traefik itself and different docker-compose.yml files for my other websites. Our websites are interconnected but come from different development streams (and different repositories). This is for the dev to be able to pull down the sites to their local, spin up each one, develope code, and then push up to the relevant depository. I am looking for examples on how to use labels correctly to do this (if this is the correct way). Thanks A.

Answer 1

To use Traefik and its labels for dynamic deployments is probably the best choice you can make. It will make the routing so easy to work with. We use it inside docker swarm, but that's just compose with a few extra steps, so you can reuse our configuration.

You must have 1 common network for all containers & Traefik to share it so it can parse the labels.

For the labels on the services side I use:

  labels:
    # Traefik
    - "traefik.enable=true"
    - "traefik.docker.network=traefik-proxy" #that common network i was talking about

    # Routers
    - "traefik.http.routers.service-name.rule=Host(`$SWARM_HOST`) && PathPrefix(`/service-path`)"
    - "traefik.http.routers.service-name.service=service-name"
    - "traefik.http.routers.service-name.entrypoints=http" #configuration inside traefik stack
    - "traefik.http.routers.service-name.middlewares=strip-path-prefix" # we use this to strip the /service-path/... part off the request so all requests hit / inside our containers (no need to worry about that on the API side)

    # Services
    - "traefik.http.services.service-name.loadbalancer.server.port=${LISTEN_PORT}"

For the actual Traefik service I will attach the whole compose configuration and you can cut out only parts you need and skip the swarm specific stuff:

    version: '3.9'

    services:
      traefik:
        # Use the latest v2.2.x Traefik image available
        image: traefik:v2.5.4
        healthcheck:
          test: ["CMD", "traefik", "healthcheck", "--ping"]
          interval: 10s
          timeout: 5s
          retries: 3
          start_period: 15s
        deploy:
          mode: global
          update_config:
            order: start-first
            failure_action: rollback
            parallelism: 1
            delay: 15s
            monitor: 30s
          restart_policy:
            condition: any
            delay: 10s
            max_attempts: 3
          labels:
            # Enable Traefik for this service, to make it available in the public network
            - "traefik.enable=true"
            # Use the traefik-public network (declared below)
            - "traefik.docker.network=traefik-proxy"
            # Uses the environment variable DOMAIN
            - "traefik.http.routers.dashboard.rule=Host(`swarm-traefik.company.org`)"
            - "traefik.http.routers.dashboard.entrypoints=http"
            # Use the special Traefik service api@internal with the web UI/Dashboard
            - "traefik.http.routers.dashboard.service=api@internal"
            # Enable HTTP Basic auth, using the middleware created above
            - "traefik.http.routers.dashboard.middlewares=admin-auth"
            # Define the port inside of the Docker service to use
            - "traefik.http.services.dashboard.loadbalancer.server.port=8080"

            # Middlewares
            - "traefik.http.middlewares.strip-path-prefix.replacepathregex.regex=^/[a-z,0-9,-]+/(.*)"
            - "traefik.http.middlewares.strip-path-prefix.replacepathregex.replacement=/$$1"
            # admin-auth middleware with HTTP Basic auth
            - "traefik.http.middlewares.admin-auth.basicauth.users=TODO_GENERATE_USER_BASIC_AUTH"
          placement:
            constraints:
              - "node.role==manager"
        volumes:
          # Add Docker as a mounted volume, so that Traefik can read the labels of other services
          - /var/run/docker.sock:/var/run/docker.sock:ro
        command:
          # Enable Docker in Traefik, so that it reads labels from Docker services
          - --providers.docker
          # Do not expose all Docker services, only the ones explicitly exposed
          - --providers.docker.exposedbydefault=false
          # Enable Docker Swarm mode
          - --providers.docker.swarmmode
          # Adds default network
          - --providers.docker.network=traefik-proxy
          # Create an entrypoint "http" listening on port 80
          - --entrypoints.http.address=:80
          # Enable the Traefik log, for configurations and errors
          - --log
          #- --log.level=INFO
          # Enable the Dashboard and API
          - --api
          # Enable Access log - in our case we dont need it because we have Nginx infront which has top level access logs
          # - --accesslog
          # Enable /ping healthcheck route
          - --ping=true
          # Enable zipkin tracing & configuration
          #- --tracing.zipkin=true
          #- --tracing.zipkin.httpEndpoint=https://misc-zipkin.company.org/api/v2/spans
        networks:
          # Use the public network created to be shared between Traefik and
          # any other service that needs to be publicly available with HTTPS
          - traefik-proxy

    networks:
      traefik-proxy:
        external: true