Traefik and Nomad Service Discovery

A story of Tags, Services & Nomads

Nomad

Attach tags to your Nomad services and let Traefik do the rest!

Routing Configuration

tags

General

Traefik creates, for each Nomad service, a corresponding Traefik service and router.

The Traefik service automatically gets a server per instance in this Nomad service, and the router gets a default rule attached to it, based on the Nomad service name.

Routers

To update the configuration of the Router automatically attached to the service, add tags starting with traefik.routers.{name-of-your-choice}. and followed by the option you want to change.

For example, to change the rule, you could add the tag traefik.http.routers.my-service.rule=Host(`example.com`).

traefik.http.routers.<router_name>.rule

See rule for more information.

  1. traefik.http.routers.myrouter.rule=Host(`example.com`)

traefik.http.routers.<router_name>.entrypoints

See entry points for more information.

  1. traefik.http.routers.myrouter.entrypoints=web,websecure

traefik.http.routers.<router_name>.middlewares

See middlewares and middlewares overview for more information.

  1. traefik.http.routers.myrouter.middlewares=auth,prefix,cb

traefik.http.routers.<router_name>.service

See rule for more information.

  1. traefik.http.routers.myrouter.service=myservice

traefik.http.routers.<router_name>.tls

See tls for more information.

  1. traefik.http.routers.myrouter.tls=true

traefik.http.routers.<router_name>.tls.certresolver

See certResolver for more information.

  1. traefik.http.routers.myrouter.tls.certresolver=myresolver

traefik.http.routers.<router_name>.tls.domains[n].main

See domains for more information.

  1. traefik.http.routers.myrouter.tls.domains[0].main=example.org

traefik.http.routers.<router_name>.tls.domains[n].sans

See domains for more information.

  1. traefik.http.routers.myrouter.tls.domains[0].sans=test.example.org,dev.example.org

traefik.http.routers.<router_name>.tls.options

See options for more information.

  1. traefik.http.routers.myrouter.tls.options=foobar

traefik.http.routers.<router_name>.priority

See priority for more information.

  1. traefik.http.routers.myrouter.priority=42

Services

To update the configuration of the Service automatically attached to the service, add tags starting with traefik.http.services.{name-of-your-choice}., followed by the option you want to change.

For example, to change the passHostHeader behavior, you’d add the tag traefik.http.services.{name-of-your-choice}.loadbalancer.passhostheader=false.

traefik.http.services.<service_name>.loadbalancer.server.port

Registers a port. Useful when the service exposes multiples ports.

  1. traefik.http.services.myservice.loadbalancer.server.port=8080

traefik.http.services.<service_name>.loadbalancer.server.scheme

Overrides the default scheme.

  1. traefik.http.services.myservice.loadbalancer.server.scheme=http

traefik.http.services.<service_name>.loadbalancer.serverstransport

Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one. See serverstransport for more information.

  1. traefik.http.services.myservice.loadbalancer.serverstransport=foobar@file

traefik.http.services.<service_name>.loadbalancer.passhostheader

See pass Host header for more information.

  1. traefik.http.services.myservice.loadbalancer.passhostheader=true

traefik.http.services.<service_name>.loadbalancer.healthcheck.headers.<header_name>

See health check for more information.

  1. traefik.http.services.myservice.loadbalancer.healthcheck.headers.X-Foo=foobar

traefik.http.services.<service_name>.loadbalancer.healthcheck.hostname

See health check for more information.

  1. traefik.http.services.myservice.loadbalancer.healthcheck.hostname=example.org

traefik.http.services.<service_name>.loadbalancer.healthcheck.interval

See health check for more information.

  1. traefik.http.services.myservice.loadbalancer.healthcheck.interval=10

traefik.http.services.<service_name>.loadbalancer.healthcheck.path

See health check for more information.

  1. traefik.http.services.myservice.loadbalancer.healthcheck.path=/foo

traefik.http.services.<service_name>.loadbalancer.healthcheck.status

See health check for more information.

  1. traefik.http.services.myservice.loadbalancer.healthcheck.status=42

traefik.http.services.<service_name>.loadbalancer.healthcheck.port

See health check for more information.

  1. traefik.http.services.myservice.loadbalancer.healthcheck.port=42

traefik.http.services.<service_name>.loadbalancer.healthcheck.scheme

See health check for more information.

  1. traefik.http.services.myservice.loadbalancer.healthcheck.scheme=http

traefik.http.services.<service_name>.loadbalancer.healthcheck.timeout

See health check for more information.

  1. traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10

traefik.http.services.<service_name>.loadbalancer.healthcheck.followredirects

See health check for more information.

  1. traefik.http.services.myservice.loadbalancer.healthcheck.followredirects=true

traefik.http.services.<service_name>.loadbalancer.sticky.cookie

See sticky sessions for more information.

  1. traefik.http.services.myservice.loadbalancer.sticky.cookie=true

traefik.http.services.<service_name>.loadbalancer.sticky.cookie.httponly

See sticky sessions for more information.

  1. traefik.http.services.myservice.loadbalancer.sticky.cookie.httponly=true

traefik.http.services.<service_name>.loadbalancer.sticky.cookie.name

See sticky sessions for more information.

  1. traefik.http.services.myservice.loadbalancer.sticky.cookie.name=foobar

traefik.http.services.<service_name>.loadbalancer.sticky.cookie.secure

See sticky sessions for more information.

  1. traefik.http.services.myservice.loadbalancer.sticky.cookie.secure=true

traefik.http.services.<service_name>.loadbalancer.sticky.cookie.samesite

See sticky sessions for more information.

  1. traefik.http.services.myservice.loadbalancer.sticky.cookie.samesite=none

traefik.http.services.<service_name>.loadbalancer.sticky.cookie.maxage

See sticky sessions for more information.

  1. traefik.http.services.myservice.loadbalancer.sticky.cookie.maxage=42

traefik.http.services.<service_name>.loadbalancer.responseforwarding.flushinterval

See response forwarding for more information.

  1. traefik.http.services.myservice.loadbalancer.responseforwarding.flushinterval=10

Middleware

You can declare pieces of middleware using tags starting with traefik.http.middlewares.{name-of-your-choice}., followed by the middleware type/options.

For example, to declare a middleware redirectscheme named my-redirect, you’d write traefik.http.middlewares.my-redirect.redirectscheme.scheme: https.

More information about available middlewares in the dedicated middlewares section.

Declaring and Referencing a Middleware

  1. # ...
  2. # Declaring a middleware
  3. traefik.http.middlewares.my-redirect.redirectscheme.scheme=https
  4. # Referencing a middleware
  5. traefik.http.routers.my-service.middlewares=my-redirect

Conflicts in Declaration

If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.

TCP

You can declare TCP Routers and/or Services using tags.

Declaring TCP Routers and Services

  1. traefik.tcp.routers.my-router.rule=HostSNI(`example.com`)
  2. traefik.tcp.routers.my-router.tls=true
  3. traefik.tcp.services.my-service.loadbalancer.server.port=4123

TCP and HTTP

If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined). You can declare both a TCP Router/Service and an HTTP Router/Service for the same Nomad service (but you have to do so manually).

TCP Routers

traefik.tcp.routers.<router_name>.entrypoints

See entry points for more information.

  1. traefik.tcp.routers.mytcprouter.entrypoints=ep1,ep2

traefik.tcp.routers.<router_name>.rule

See rule for more information.

  1. traefik.tcp.routers.mytcprouter.rule=HostSNI(`example.com`)

traefik.tcp.routers.<router_name>.service

See service for more information.

  1. traefik.tcp.routers.mytcprouter.service=myservice

traefik.tcp.routers.<router_name>.tls

See TLS for more information.

  1. traefik.tcp.routers.mytcprouter.tls=true

traefik.tcp.routers.<router_name>.tls.certresolver

See certResolver for more information.

  1. traefik.tcp.routers.mytcprouter.tls.certresolver=myresolver

traefik.tcp.routers.<router_name>.tls.domains[n].main

See domains for more information.

  1. traefik.tcp.routers.mytcprouter.tls.domains[0].main=example.org

traefik.tcp.routers.<router_name>.tls.domains[n].sans

See domains for more information.

  1. traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.example.org,dev.example.org

traefik.tcp.routers.<router_name>.tls.options

See options for more information.

  1. traefik.tcp.routers.mytcprouter.tls.options=myoptions

traefik.tcp.routers.<router_name>.tls.passthrough

See TLS for more information.

  1. traefik.tcp.routers.mytcprouter.tls.passthrough=true

TCP Services

traefik.tcp.services.<service_name>.loadbalancer.server.port

Registers a port of the application.

  1. traefik.tcp.services.mytcpservice.loadbalancer.server.port=423

traefik.tcp.services.<service_name>.loadbalancer.server.tls

Determines whether to use TLS when dialing with the backend.

  1. traefik.tcp.services.mytcpservice.loadbalancer.server.tls=true

traefik.tcp.services.<service_name>.loadbalancer.proxyprotocol.version

See PROXY protocol for more information.

  1. traefik.tcp.services.mytcpservice.loadbalancer.proxyprotocol.version=1

traefik.tcp.services.<service_name>.loadbalancer.serverstransport

Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one. See serverstransport for more information.

  1. traefik.tcp.services.myservice.loadbalancer.serverstransport=foobar@file

UDP

You can declare UDP Routers and/or Services using tags.

Declaring UDP Routers and Services

  1. traefik.udp.routers.my-router.entrypoints=udp
  2. traefik.udp.services.my-service.loadbalancer.server.port=4123

UDP and HTTP

If you declare a UDP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no UDP Router/Service is defined). You can declare both a UDP Router/Service and an HTTP Router/Service for the same Nomad service (but you have to do so manually).

UDP Routers

traefik.udp.routers.<router_name>.entrypoints

See entry points for more information.

  1. traefik.udp.routers.myudprouter.entrypoints=ep1,ep2

traefik.udp.routers.<router_name>.service

See service for more information.

  1. traefik.udp.routers.myudprouter.service=myservice

UDP Services

traefik.udp.services.<service_name>.loadbalancer.server.port

Registers a port of the application.

  1. traefik.udp.services.myudpservice.loadbalancer.server.port=423

Specific Provider Options

traefik.enable

  1. traefik.enable=true

You can tell Traefik to consider (or not) the service by setting traefik.enable to true or false.

This option overrides the value of exposedByDefault.

traefik.nomad.canary

  1. traefik.nomad.canary=true

When Nomad orchestrator is a provider (of service registration) for Traefik, one might have the need to distinguish within Traefik between a Canary instance of a service, or a production one. For example if one does not want them to be part of the same load-balancer.

Therefore, this option, which is meant to be provided as one of the values of the canary_tags field in the Nomad service stanza, allows Traefik to identify that the associated instance is a canary one.

Port Lookup

Traefik is capable of detecting the port to use, by following the default Nomad Service Discovery flow. That means, if you just expose lets say port :1337 on the Nomad job, traefik will pick up this port and use it.