December 19, 2016 Henrik Hoegh   Docker Traefik Proxy Featured

Proxying Docker containers with Traefik

A peak into the new world of service discovery

Traefik is a reverse proxy and is especially useful when running containers. In this blogpost, we will look at how we can proxy a Jenkins container running on a Docker host through Traefik and how we then can deploy an Artifactory container as well, on the same port, but on another subdomain.

What you will use

The example we’re about to show will be using your local laptop and example containers for Jenkins and Artifactory, two services our customers often use. We will be using local hosts and hostnames, so we don’t need to play with real DNS.

Jenkins runs on port 8080 and 50000. We want to expose what is being served on port 8080 on the proxy’s port 80. We want to service it under the domain praqma.io as a subdomain : http://jenkins.praqma.io{: target=”_blank”}.

On our laptop we don’t have jenkins.praqma.io pointing to our machine, so we add it to our hosts file

echo "192.168.1.165 jenkins.praqma.io" >> /etc/hosts

Replace the ip with your laptop’s ip.

Start the Jenkins container

Now we start the Jenkins docker container. We need to give it a label, as traefik picks the first exposed port, and for Jenkins it automatically picks up the wrong exposed port. Seems like a good practice then to give traefik labels to ensure correct port is chosen. So we add the label traefik.port=8080 to tell traefik to service this port instead. We give the container a name (Jenkins). This will be the subdomain.

docker run --name jenkins --label="traefik.port=8080" -d jenkins

Prepare a traefik configuration

We already have a running Jenkins container, but traefik can be used for already running containers also, so let’s configure traefik and start it.

Create and edit a traefik.toml, telling it to listen to the docker socket for changes. Traefik will then reconfigure when changes happens. Eg. if a container starts or stops.

The [web] part adds a Traefik web dashboard where we can see our frontends, backends and health. It will service this dashboard on port 8088.

In the [docker] section we specify the path to docker.sock, the domain we want to use and if Traefik should keep listening for changes or not.

We want to expose all containers by default, given by exposedbydefault = true This host is not running in Swarm mode, so we set swarmmode to false.

[web]
  address = ":8088"
  [web.statistics]

################################################################
# Docker configuration backend
################################################################
[docker]

endpoint = "unix:///var/run/docker.sock"
domain = "praqma.io"
watch = true

# Expose containers by default in traefik
exposedbydefault = true

# Use the IP address from the bound port instead of the inner network one. For specific use-case :)
usebindportip = true

# Use Swarm Mode services as data provider
swarmmode = false

Start the Traefik proxy

Now we are ready to start the Traefik proxy server, giving it the configuration file as a option.

First we download the latest binary of Traefik from here: traefik download

wget https://github.com/containous/traefik/releases/download/v1.1.1/traefik_linux-amd64
chmod u+x traefik_linux-amd64
sudo ./traefik_linux-amd64 -c traefik.toml

And there you go. Traefik will listen to the docker.sock for containers and changes on the host, and serve the containers to the outside work.

Add the main domain to your hosts file

echo "192.168.1.165 praqma.io" >> /etc/hosts

Test the proxy

Now go to the dashboard of Traefik at praqma.io:8088 for Traefik details

Traefik consol

You will see that we have a frontend and a backend. The Rule for the frontend is : Host:jenkins.praqma.io. The backend is using our Docker container to get the trafic.

Now try and visit Jenkins

open http://jenkins.praqma.io

You should then get the Jenkins start page :

Jenkins start page

Start Artifactory

Now we start artifactory, and want it served on the dns artifactory.praqma.io.

docker run --name artifactory --label="traefik.port=8080" -d mattgruter/artifactory

Add Artifactory to your hosts file

echo "192.168.1.165 artifactory.praqma.io" >> /etc/hosts

Now Traefik should pick up our Artifactory container, and start serving it on Artifactory.praqma.io automaticly.

You will notice that Artifactory has been added to the dashboard.

Traefik consol

Stopping Jenkins

Now stop the Jenkins container, while viewing the Traefik consol.

docker stop jenkins

It will automaticly remove the Jenkins entry from Traefik. Clever.

Next time

So now we can start docker containers on a single host, and get them proxied. But single host containers are not the future. Orchestrators are, like Swarm og Kubernetes.

In the next blogpost we will set up Traefik to connect to the the api-server (master) of a Kubernetes cluster and do the same trick there. Only in Kubernetes we have an object called Ingress that we will take advantage of.

Stay tuned..!