Running Docker continter in Production

Traefik

Traefik is a powerful and modern reverse proxy that integrates easily with Docker and other orchestrators. It automatically manages services, handles dynamic routing, and supports features like HTTPS and load balancing.

What You'll Need:

• Docker and Docker Compose installed.
• A basic understanding of Docker and reverse proxies.

Step 1: Install Docker and Docker Compose

1. Install Docker: If you don't have Docker installed, follow the instructions on Docker’s website.
2. Install Docker Compose: You can check if Docker Compose is installed by running:

   docker compose --help
   

   If it's not installed, follow the guide here.

Step 2: Create a Directory for Traefik

1. Open a terminal and create a new directory to store the Docker Compose configuration:

   mkdir traefik-setup
   cd traefik-setup
   

Step 3: Create the traefik.toml Configuration File

1. Inside the traefik-setup directory, create a new directory for the Traefik configuration files:

   mkdir config
   

2. Create the traefik.toml file inside the config directory:

   touch config/traefik.toml
   

3. Open traefik.toml in a text editor and add the following content:

   [entryPoints]
     [entryPoints.web]
       address = ":80"
     [entryPoints.websecure]
       address = ":443"
   
   [api]
     dashboard = true
     insecure = true
   
   [providers]
     [providers.docker]
       endpoint = "unix:///var/run/docker.sock"
       exposedByDefault = false
   

   Here's what the configuration does:

   • Entry Points: Defines entry points for HTTP (:80) and HTTPS (:443).
   • API: Enables the Traefik dashboard on port 8080 and allows unsecured access.
   • Providers: Configures Docker as the provider for services and ensures only containers explicitly marked for exposure will be proxied.

Step 4: Create the docker-compose.yml File

1. In the traefik-setup directory, create a file named docker-compose.yml:

   touch docker-compose.yml
   

2. Open docker-compose.yml in a text editor and add the following configuration:

   version: '3'
   
   services:
     traefik:
       image: traefik:v2.9
       container_name: traefik
       restart: unless-stopped
       ports:
         - "80:80"          # HTTP
         - "443:443"        # HTTPS
         - "8080:8080"      # Traefik Dashboard
       volumes:
         - /var/run/docker.sock:/var/run/docker.sock  # Give Traefik access to Docker
         - ./config/traefik.toml:/etc/traefik/traefik.toml  # Traefik configuration file
       networks:
         - traefik-public
   
   networks:
     traefik-public:
       external: true
   

   Explanation:

   • Services:
     • traefik: This is the Traefik service that uses the official Traefik Docker image.
     • Ports:
       • 80: Exposes HTTP traffic.
       • 443: Exposes HTTPS traffic.
       • 8080: Exposes the Traefik dashboard.
     • Volumes:
       • /var/run/docker.sock: Grants Traefik access to the Docker socket for service discovery.
       • ./config/traefik.toml: Links the local Traefik configuration file to the container.
     • Networks: Uses an external network called web. This allows other services to connect to Traefik using Docker networking.

Step 5: Create an External Docker Network

1. Traefik needs a Docker network to connect with other services. Create an external network named web:

   docker network create traefik-public
   

Step 6: Start Traefik Using Docker Compose

1. Make sure you're in the traefik-setup directory where the docker-compose.yml file is located.

2. Run the following command to start Traefik using Docker Compose:

   docker-compose up -d
   

   • up: Starts the containers defined in your docker-compose.yml.
   • -d: Runs the containers in detached mode (in the background).

3. Docker Compose will download the Traefik image (if it’s not already present) and start the Traefik container.

Step 7: Access the Traefik Dashboard

1. Open your web browser and navigate to:

   http://localhost:8080
   

2. You should see the Traefik dashboard, which provides insights into your running services and their status.

Step 8: Deploy a Sample Service Behind Traefik

Now, let’s deploy a simple web service (such as an Nginx container) and expose it through Traefik.

1. Create a directory for the sample service:

   mkdir nginx
   cd nginx
   

2. Create a docker-compose.yml file for the Nginx service:

   touch docker-compose.yml
   

3. Add the following content to docker-compose.yml:

   version: '3'
   
   services:
     nginx:
       image: nginx:latest
       container_name: nginx
       labels:
         - "traefik.enable=true"
         - "traefik.http.routers.nginx.rule=Host(`nginx.srvX.lab.npnog.org.np`)"
         - "traefik.http.services.nginx.loadbalancer.server.port=80"
       networks:
         - web
       restart: unless-stopped
   
   networks:
     web:
       external: true
   

   • Services:
     • nginx: This is the Nginx container.
     • Labels: The labels tell Traefik to manage this container.
       • "traefik.enable=true": Enables Traefik routing for this service.
       • "traefik.http.routers.nginx.rule=Host('nginx.local')": Defines the routing rule (based on the hostname nginx.srvX.lab.npnog.org.np).
       • "traefik.http.services.nginx.loadbalancer.server.port=80": Specifies the internal port that Nginx is using.
   • Networks: Connects to the web network, shared with Traefik.

Step 9: Start the Nginx Service

1. In the nginx directory, start the Nginx service with Docker Compose:

   docker-compose up -d
   

2. Open your browser and navigate to:

   http://nginx.srvX.lab.npnog.org.np
   

   You should see the default Nginx welcome page, confirming that Traefik is successfully routing traffic to your Nginx container.

Step 10: Enable HTTPS (Optional)

To enable HTTPS with Let's Encrypt, update the traefik.toml configuration to include Let's Encrypt settings.

1. Edit config/traefik.toml and add the following:

   [certificatesResolvers]
     [certificatesResolvers.le.acme]
       email = "your-email@example.com"
       storage = "/etc/traefik/acme.json"
       [certificatesResolvers.myresolver.acme.tlsChallenge]
   

   This tells Traefik to use Let's Encrypt and store certificates in /etc/traefik/acme.json.

2. Create an empty acme.json file and set the correct permissions:

   touch config/acme.json
   chmod 600 config/acme.json
   

3. Update your Nginx service’s Docker Compose labels to enable HTTPS:

   labels:
     - "traefik.enable=true"
     - "traefik.http.routers.nginx.rule=Host(`nginx.srvX.lab.npnog.org.np`)"
     - "traefik.http.services.nginx.loadbalancer.server.port=80"
     - "traefik.http.routers.nginx.entrypoints=web"
     - "traefik.http.routers.nginx-secure.rule=Host(`nginx.srvX.lab.npnoh.org.np`)"
     - "traefik.http.routers.nginx-secure.entrypoints=websecure"
     - "traefik.http.routers.nginx-secure.tls.certresolver=le"
   

4. Restart Traefik and the Nginx service to apply the changes:

   docker-compose restart
   

5. Visit https://nginx.srvX.lab.npnog.org.np to see the Nginx page served over HTTPS.

Step 11: Stop and Remove Containers (if needed)

To stop the Traefik and Nginx containers, run:

docker compose down

This will stop and remove the containers, but your configuration and volumes will remain.

That’s it! You have successfully set up Traefik using Docker and Docker Compose, routed traffic to an Nginx container, and optionally enabled HTTPS with Let's Encrypt.