Traefik is a reverse proxy and is especially useful when running containers. In this blogpost, we will look at how we can proxy a Jenkins container running on a Docker host through Traefik and how we then can deploy an Artifactory container as well, on the same port, but on another subdomain.
What you will use
The example we’re about to show will be using your local laptop and example containers for Jenkins and Artifactory, two services our customers often use. We will be using local hosts and hostnames, so we don’t need to play with real DNS.
Jenkins runs on port 8080 and 50000. We want to expose what is being served on port 8080 on the proxy’s port 80. We want to service it under the domain praqma.io as a subdomain : http://jenkins.praqma.io.
On our laptop we don’t have jenkins.praqma.io pointing to our machine, so we add it to our hosts file
echo "192.168.1.165 jenkins.praqma.io" >> /etc/hosts
Replace the ip with your laptop’s ip.
Start the Jenkins container
Now we start the Jenkins docker container. We need to give it a label, as traefik picks the first exposed port, and for Jenkins it automatically picks up the wrong exposed port. Seems like a good practice then to give traefik labels to ensure correct port is chosen. So we add the label traefik.port=8080 to tell traefik to service this port instead. We give the container a name (Jenkins). This will be the subdomain.
docker run --name jenkins --label="traefik.port=8080" -d jenkins
Prepare a traefik configuration
We already have a running Jenkins container, but traefik can be used for already running containers also, so let’s configure traefik and start it.
Create and edit a
traefik.toml, telling it to listen to the docker socket for changes. Traefik will then reconfigure when changes happens. Eg. if a container starts or stops.
The [web] part adds a Traefik web dashboard where we can see our frontends, backends and health. It will service this dashboard on port 8088.
In the [docker] section we specify the path to docker.sock, the domain we want to use and if Traefik should keep listening for changes or not.
We want to expose all containers by default, given by exposedbydefault = true This host is not running in Swarm mode, so we set swarmmode to false.
Start the Traefik proxy
Now we are ready to start the Traefik proxy server, giving it the configuration file as a option.
First we download the latest binary of Traefik from here: traefik download
wget https://github.com/containous/traefik/releases/download/v1.1.1/traefik_linux-amd64 chmod u+x traefik_linux-amd64 sudo ./traefik_linux-amd64 -c traefik.toml
And there you go. Traefik will listen to the docker.sock for containers and changes on the host, and serve the containers to the outside work.
Add the main domain to your hosts file
echo "192.168.1.165 praqma.io" >> /etc/hosts
Test the proxy
Now go to the dashboard of Traefik at praqma.io:8088 for Traefik details
You will see that we have a frontend and a backend. The Rule for the frontend is : Host:jenkins.praqma.io. The backend is using our Docker container to get the trafic.
Now try and visit Jenkins
You should then get the Jenkins start page :
Now we start artifactory, and want it served on the dns artifactory.praqma.io.
docker run --name artifactory --label="traefik.port=8080" -d mattgruter/artifactory
Add Artifactory to your hosts file
echo "192.168.1.165 artifactory.praqma.io" >> /etc/hosts
Now Traefik should pick up our Artifactory container, and start serving it on Artifactory.praqma.io automaticly.
You will notice that Artifactory has been added to the dashboard.
Now stop the Jenkins container, while viewing the Traefik consol.
docker stop jenkins
It will automaticly remove the Jenkins entry from Traefik. Clever.
So now we can start docker containers on a single host, and get them proxied. But single host containers are not the future. Orchestrators are, like Swarm og Kubernetes.
In the next blogpost we will set up Traefik to connect to the the api-server (master) of a Kubernetes cluster and do the same trick there. Only in Kubernetes we have an object called Ingress that we will take advantage of.