Traefik Reverse Proxy Setup for Docker Contaienrs on Ubuntu Linux

1 Comment / Linux

Docker has been proven to be an efficient way to run web applications in production. In case we want to run multiple applications on the same Docker host, we need to use a reverse proxy. This is because we only want to expose ports 80 and 443. Traefik is a popular solution for that, it’s easy to use and provides a nice dashboard. In the following we will go through the setup process step by step and have a ready to use reverse proxy that encrypts our applications automatically and even includes a dashbaord!

Prerequisites

Some prerequisites are necessary to setup Treafik, the most obvious one Docker. In addition we will also install Docker-Compose to be able to create Docker containers with .yml files.

Docker Installation for Ubuntu Linux

In case we are facing any errors on the installation process or we are on a different OS environment it’s also possible to follow along the official Docker installation
Let’s start by updating all existing packages:

sudo apt update

Now we install a few prerequisite packages which let apt use packages over HTTPS:

sudo apt install apt-transport-https ca-certificates curl software-properties-common

Then we add the GPG key of the official Docker repository to your system:

curl -fsSl https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

And add the Docker repository to APT sources:

sudo add-apt-repository “deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable”

For making sure to install Docker from the repository instead of the default Ubuntu apt repo:

apt-cache policy docker-ce

And finally the actual installation of Docker

sudo apt install docker-ce

Docker should be installed now and running as a deamon process. We can check it’s status by:

sudo systemctl status docker

Output should be similar to this with a status of active (running):

● docker.service - Docker Application Container Engine
● docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; e>
     Active: active (running) since Sat 2021-10-23 20:34:1>
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 592 (dockerd)
      Tasks: 47
     Memory: 387.8M
     CGroup: /system.slice/docker.service
             ├─    632 /usr/bin/dockerd -H fd:// --

Docker-Compose Installation for Ubuntu Linux

The official installation documentation of Docker-Compose can also be used here. We basically starting by downloading the current stable release of Docker Compose, which is in that case version 1.29.2:

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

Next, the correct permissions will be set so that the docker-compose command is executable:

sudo chmod +x /usr/local/bin/docker-compose

To verify that the installation was successful we can check the version:

docker-compose —version

Output should be similar to:

docker-compose version 1.29.2, build unknown

Reverse Proxy Server Traefik Setup

Traefik is a reverse proxy server which handles all the routing logic of your applications and also makes sure they are SSL encrypted. That is handy if we are running for example multiple application on the same port number. Traefik comes also along with a nice interface. We will deploy it as our first Docker container and later on we will also reference our applications on it.
To login to a monitoring dashboard, provided by Traefik, we will have to login with some credentials. To ensure some additional security layer we are using an encrypted password for that. The package apache2-utils provides a utility called htpasswd for that, so let’s install it:

sudo apt-get install apache2-utils

To generate the encrypted password we just run the following command including a self defined password:

htpasswd -nb admin self-defined-password

The output provides our encrypted password, lets write it down somewhere for later use:

self-defined-password
admin:$apr1$BJaedHbq$Ur.tndPT2nM/dCC0.ZB6v.

To configure Traefik we will create two configuration files called traefik.tomls and traefik_dynamic.toml. These files let us configure the Traefik server and various integrations, or providers. Here we will use three Traefik providers: api, docker and acme. Acme is for supporting TLS certificates using Let’s Encrypt. We beginn with creating traefik.toml:

nano traefik.toml

We insert all our configuration variables inside the file, the only part we need to modify here is our email.

[entryPoints]
  [entryPoints.web]
    address = “:80”
    [entryPoints.web.http.redirections.entryPoint]
      to = “websecure”
      scheme = “https”
    [entryPoints.websecure]
      address = “:443”

[api]
  dashboard = true

[certificatesResolvers.lets-encrypt.acme]
  email = “your_email@your_domain”
  storage = “acme.json”
  [certificatesResolvers.lets-encrypt.acme.tls.Challange]

[providers.docker]
  watch = true
  network = “web”

[providers.file]
  filename = “traefik_dynamic.toml

Now let’s configure our second file traefik_dynamic.toml. That one keeps all our dynamic configuration values.

nano traefik_dynamic.toml

Let’s copy the content below and insert it into traefik_dynamic.toml. In addition we have to change the password behind admin: with our encrypted password created few steps above as well as the URL part after monitor. at the rule variable with our target domain.

[http.middlewares.simpleAuth.basicAuth]
  users = [
    “admin:$apr1$BJaedHbq$Ur.tndPT2nM/dCC0.ZB6v.”
 ]
[http.routers.api]
  rule = “Host(`monitor.your_domain`)”
  entrypoints = [“websecure”]
  middlewares = [“simpleAuth”]
  service = “api@internal”
  [http.routers.api.tls]
    certResolver = “lets-encrypt”

Next we need a Docker network for our proxy that will be shared with our containers. The Docker network is necessary to be able to use applications that are run using Docker-Compose.

docker network create web

As a last file we need a place where our Let’s Encrypt information can be stored. We use a json file called acme.json for that and for security reasons we change it’s permissions:

touch acme.json
chmod 600 acme.json

Finally, we can create our Traefik container with this command:

sudo docker run -d 
      -v /var/run/docker.sock:/var/run/docker.sock 
      -v $PWD/traefik.toml:/traefik.toml 
      -v $PWD/traefik_dynamic.toml:/traefik_dynamic.toml 
      -v $PWD/acme.json:/acme.json 
      -p 80:80 
      -p 443:443 
      --network web 
      --name traefik 
      traefik:v2.2

If everything went succesfull we can open a browser and navigate to https://monitor.your_domain/dashboard/ and enter our username and password to login into our Traefik overview.

1 thought on “Traefik Reverse Proxy Setup for Docker Contaienrs on Ubuntu Linux”

  1. Ant

    i successfully get a docker container made with the directions outlined above, but my container is marked as exited because i have an error. This is the error I receive and I have not been able to resolve it.

    command traefik error: Near line 3 (last key parsed ‘entryPoints.web.address’): expected value but found ‘

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *