Reverse Proxy Traefik with Dynamic Routing and Configuration on Docker Provider

Let's start with the project introduction. This project is all demo code for docker compose which includes Reverse Proxy Traefik with Dynamic Configuration against other Docker Containers and integration using docker labels. Dynamic configuration allows registering a router, middleware and additional services through docker labels and makes it easy to manage routing in a docker container without having to unload the static configuration of traefik.

Project Requirements

In this project so that a script can run properly you are required to install or prepare the following tools:

• Docker Engine : Docker Engine serves to run container services on scripts or Reverse Proxy Traefik. you can check with the docker info command if the command runs well then you are ready to continue the next step.
• Docker Compose : Docker Compose (Usually already bundled directly with the docker engine). Docker Compose serves to execute the script in the docker-compose.yml file that allows running docker containers automatically. To make sure docker compose is installed properly or not you can use the command docker compose --help if the command does not return an error then docker compose is installed properly.

After you make sure the tools above are running and installed properly, you can continue the next stage, which is the Deployment process or project usage.

Prerequisites

Before entering the docker deployment stage, make sure you have understood and followed the Pre-Installation guide below related to the pull repository and changing the docker service traefik domain configuration:

1. Clone Repository Traefij Routing with Docker Provider in Github

git https://github.com/HaikalRFadhilahh/traefik-routing-with-docker-providers.git clone traefik-routing-docker-providers

2. Change Directory into Project Directory

cd traefik-routing-docker-providers

3. Change Dashboard Host in traefik/dynamic.yml

http:
  routers:
    traefik-dashboard-router:
      ...
      rule: "Host(`dashboard.local.haik.my.id`)"
      ...

You can change the host of the Domain Dashboard Traefik in the rule like the example above. You can change dashboard.local.haik.my.id with the domain you want.

4. Change nginx service dashboard in docker-compose.yml

services:
  nginx-web-server:
    labels:
      ...
      - traefik.http.routers.nginx-routers.rule=Host(`nginx.local.haik.my.id`)
      ...
    ...

You can also change the domain on the nginx service on docker compose with your own domain, you can change the Host on the docker labels above this

Warning

If you change the domain in the traefik service. Make sure you have also pointed the domain to a Public IP or to a random IP if it is only for local.

Note

You can also remove or disable the nginx service on docker if you don't want to use it with the guide below.

services:
  ...
  # Nginx Web Server for Testing Traefik
  #nginx-web-server:
  #  image: nginx:1.28.0-alpine3.21
  #  container_name: nginx-web-server-traefik
  #  labels:
  #    - traefik.enable=true
  #    - traefik.http.routers.nginx-routers.rule=Host(`nginx.local.haik.my.id`)
  #    - traefik.http.routers.nginx-routers.entrypoints=web-https
  #    - traefik.http.routers.nginx-routers.tls.certresolver=lets-encrypt-dns-resolvers
  #    - traefik.http.routers.nginx-routers.service=nginx-service
  #    - traefik.http.services.nginx-service.loadbalancer.server.port=80
  #  depends_on:
  #    - traefik-rp
  #  restart: always
  ...

By putting a comment mark on the nginx service as above, the nginx docker service is not run. Only Traefik runs with that script. Or if you don't want to comment on the code above, you can delete the code.

Deployment Steps

At this point you are ready to follow the guide to run reverse proxy traefik with docker compose. Make sure you follow the commands below:

1. Export Env Variable for Docker Compose

export CF_DNS_API_TOKEN=your_cloudflare_dns_token
export TRAEFIK_HOST=127.0.0.1
export TRAEFIK_HTTP_PORT=8080
export TRAEFIK_HTTPS_PORT=443
export CLOUDFLARE_EMAIL=cloudflare_account@gmail.com

Before you run the docker compose script, make sure you have run the export variable command as above and adjusted to your needs and make sure you run the command below with the same terminal session.

2. Pull Docker Image from Docker Compose Script

docker compose pull

After you pull the image, make sure you have 2 new images, traefik:3.4.0 and nginx:1.28.0-alpine3.21. To check the list of images you can use the docker images or docker image ls command.

3. Running Docker Compose Script

docker compose up -d

Make sure you run the above command with good output and no errors.

4. Check Service Running with Docker Compose After running docker compose you can check the service with this command :

docker compose ps

After running you will get two types of output as follows:

NAME                       IMAGE                     COMMAND                  SERVICE            CREATED         STATUS         PORTS
nginx-web-server-traefik   nginx:1.28.0-alpine3.21   "/docker-entrypoint.…"   nginx-web-server   4 seconds ago   Up 3 seconds   80/tcp
traefik-reverse-proxy      traefik:3.4.0             "/entrypoint.sh --ce…"   traefik-rp         4 seconds ago   Up 3 seconds   127.0.0.1:443->443/tcp, 127.0.0.1:8080->80/tcp, 127.0.0.1:8000->8080/tcp

or

NAME                    IMAGE           COMMAND                  SERVICE      CREATED          STATUS          PORTS
traefik-reverse-proxy   traefik:3.4.0   "/entrypoint.sh --ce…"   traefik-rp   35 seconds ago   Up 34 seconds   127.0.0.1:443->443/tcp, 127.0.0.1:8080->80/tcp, 127.0.0.1:8000->8080/tcp

Congratulations, you have successfully executed this project. To deepen the concept and knowledge, let's read the guide and explanation below.

Explanation

Let's get into the explanation part. Traefik has several ways to declare a provider or service that can be exported by traefik. Starting from the basic one, namely with the File or dynamic.yml which can be changed by making changes to the file. Then with docker providers with their socket files which are usually in /var/run/docker.sock which we bind to the traefik container. although there are actually several ways to connect docker with udp, http, etc.

Let's take a look at the following code snippets contained in our docker-compose.yml code

services:
  # Docker Container Traefik Reverse Proxy Configuration
  traefik-rp:
    ...
    volumes:
      ...
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    ...

Feeling familiar? Yes, the code above is how a traefik container can automatically detect what services are running in our docker. Because we bind docker.sock to the container. So that traefik can monitor whether there are changes that occur in our docker engine.

providers:
  ...
  docker:
    exposedByDefault: false
    watch: true

So that traefik can recognize our docker providers. We not only bind the docker socket but we also need to declare providers in static config like the code above.

nginx-web-server:
    ...
    labels:
      - traefik.enable=true
      - traefik.http.routers.nginx-routers.rule=Host(`nginx.local.haik.my.id`)
      - traefik.http.routers.nginx-routers.entrypoints=web-https
      - traefik.http.routers.nginx-routers.tls.certresolver=lets-encrypt-dns-resolvers
      - traefik.http.routers.nginx-routers.service=nginx-service
      - traefik.http.services.nginx-service.loadbalancer.server.port=80
    ...

If you're confused, let me explain what labels do in docker. Is there a question in your mind “How can traefik register routing automatically when there is a docker container that has just run?” Well traefik can do routing mapping automatically with these labels that we usually write in yaml, toml so it's as if we wrote our own dynamic.yml code but through labels. This is a new breakthrough in routing in the current Cloud Native Architecture.

Note

You can register routing with labels in docker containers, even when you don't connect the network to traefik.

To clarify this case let's try to run a jenkins container that we integrate with docker labels traefik without connecting directly to the network. You can run the command below if you want to try and don't forget to replace the Host on the labels with your own domain / sub domain.

docker run --name jenkins-server \
--label "traefik.enable=true" \
--label 'traefik.http.routers.jenkins-router.rule=Host(`jenkins.local.haik.my.id`)' \
--label "traefik.http.routers.jenkins-router.entrypoints=web-https" \
--label "traefik.http.routers.jenkins-router.tls.certresolver=lets-encrypt-dns-resolvers" \
--label "traefik.http.routers.jenkins-router.service=jenkins-service" \
--label "traefik.http.services.jenkins-service.loadbalancer.server.port=8080" \
--env JAVA_OPTS="-Djava.util.logging.config.file=/var/jenkins_home/log.properties" \
--restart always \
-d jenkins/jenkins:2.511-jdk17

After you run the command above, you can access jenkins that has been reverse proxied using traefik with the domain url registered on the jenkins docker host labels.

References

• Official Traefik documentation about Docker Configuration which you can see here.

• The official documentation for using Docker Compose from Docker, inc. which you can see here.

• Traefik Usage Documentation from the Official Github Repository which you can see here.

Contributing

You can contribute to this project through Pull Requests to this Repository, or you can report bugs or vulnerabilities through the issues feature on github. 🐳

License

Free for personal and commercial use. You may modify and distribute it without restriction.

---

Created By Haikal and Contributors with ❤️