Getting Started

Traefik

Build Status SemaphoreCI Docs Go Report Card License Join the community support forum at https://community.containo.us/ Twitter

Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, …) and configures itself automatically and dynamically. Pointing Traefik at your orchestrator should be the only configuration step you need.

Overview

Imagine that you have deployed a bunch of microservices with the help of an orchestrator (like Swarm or Kubernetes) or a service registry (like etcd or consul). Now you want users to access these microservices, and you need a reverse proxy.

Traditional reverse-proxies require that you configure each route that will connect paths and subdomains to each microservice. In an environment where you add, remove, kill, upgrade, or scale your services many times a day, the task of keeping the routes up to date becomes tedious.

This is when Traefik can help you!

Traefik listens to your service registry/orchestrator API and instantly generates the routes so your microservices are connected to the outside world — without further intervention from your part.

Run Traefik and let it do the work for you! (But if you'd rather configure some of your routes manually, Traefik supports that too!)

Architecture

Features

  • Continuously updates its configuration (No restarts!)
  • Supports multiple load balancing algorithms
  • Provides HTTPS to your microservices by leveraging Let's Encrypt (wildcard certificates support)
  • Circuit breakers, retry
  • High Availability with cluster mode (beta)
  • See the magic through its clean web UI
  • Websocket, HTTP/2, GRPC ready
  • Provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB)
  • Keeps access logs (JSON, CLF)
  • Fast
  • Exposes a Rest API
  • Packaged as a single binary file (made with ❤️ with go) and available as a tiny official docker image

Supported Providers

The Traefik Quickstart (Using Docker)

In this quickstart, we'll use Docker compose to create our demo infrastructure.

To save some time, you can clone Traefik's repository and use the quickstart files located in the examples/quickstart directory.

1 — Launch Traefik — Tell It to Listen to Docker

Create a docker-compose.yml file where you will define a reverse-proxy service that uses the official Traefik image:

  1. version: '3'
  2. services:
  3. reverse-proxy:
  4. image: traefik:v1.7 # The official Traefik docker image
  5. command: --api --docker # Enables the web UI and tells Traefik to listen to docker
  6. ports:
  7. - "80:80" # The HTTP port
  8. - "8080:8080" # The Web UI (enabled by --api)
  9. volumes:
  10. - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events

Warning

Enabling the Web UI with the --api flag might expose configuration elements. You can read more about this on the API/Dashboard's Security section.

That's it. Now you can launch Traefik!

Start your reverse-proxy with the following command:

  1. docker-compose up -d reverse-proxy

You can open a browser and go to http://localhost:8080 to see Traefik's dashboard (we'll go back there once we have launched a service in step 2).

2 — Launch a Service — Traefik Detects It and Creates a Route for You

Now that we have a Traefik instance up and running, we will deploy new services.

Edit your docker-compose.yml file and add the following at the end of your file.

  1. # ...
  2. whoami:
  3. image: containous/whoami # A container that exposes an API to show its IP address
  4. labels:
  5. - "traefik.frontend.rule=Host:whoami.docker.localhost"

The above defines whoami: a simple web service that outputs information about the machine it is deployed on (its IP address, host, and so on).

Start the whoami service with the following command:

  1. docker-compose up -d whoami

Go back to your browser (http://localhost:8080) and see that Traefik has automatically detected the new container and updated its own configuration.

When Traefik detects new services, it creates the corresponding routes so you can call them … let's see! (Here, we're using curl)

  1. curl -H Host:whoami.docker.localhost http://127.0.0.1

Shows the following output:

  1. Hostname: 8656c8ddca6c
  2. IP: 172.27.0.3
  3. #...

3 — Launch More Instances — Traefik Load Balances Them

Run more instances of your whoami service with the following command:

  1. docker-compose scale whoami=2

Go back to your browser (http://localhost:8080) and see that Traefik has automatically detected the new instance of the container.

Finally, see that Traefik load-balances between the two instances of your services by running twice the following command:

  1. curl -H Host:whoami.docker.localhost http://127.0.0.1

The output will show alternatively one of the followings:

  1. Hostname: 8656c8ddca6c
  2. IP: 172.27.0.3
  3. #...
  1. Hostname: 8458f154e1f1
  2. IP: 172.27.0.4
  3. # ...

4 — Enjoy Traefik's Magic

Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it might be time to dive into the documentation and let Traefik work for you! Whatever your infrastructure is, there is probably an available Traefik provider that will do the job.

Our recommendation would be to see for yourself how simple it is to enable HTTPS with Traefik's let's encrypt integration using the dedicated user guide.

Resources

Here is a talk given by Emile Vauge at GopherCon 2017. You will learn Traefik basics in less than 10 minutes.

Traefik GopherCon 2017

Here is a talk given by Ed Robinson at ContainerCamp UK conference. You will learn fundamental Traefik features and see some demos with Kubernetes.

Traefik ContainerCamp UK

Downloads

The Official Binary File

You can grab the latest binary from the releases page and just run it with the sample configuration file:

  1. ./traefik -c traefik.toml

The Official Docker Image

Using the tiny Docker image:

  1. docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik

Security

Security Advisories

We strongly advise you to join our mailing list to be aware of the latest announcements from our security team. You can subscribe sending a mail to [email protected] or on the online viewer.

CVE

Reported vulnerabilities can be found on cve.mitre.org.

Report a Vulnerability

We want to keep Traefik safe for everyone. If you've discovered a security vulnerability in Traefik, we appreciate your help in disclosing it to us in a responsible manner, using this form.