DEV Community

Sourabh Mandal
Sourabh Mandal

Posted on

Best way to use Traefik in development mode

Subscribe to my channel for Engineering videos

In the modern microservices architecture, reverse proxies play a crucial role in managing traffic and securing applications. Traefik has emerged as a popular choice due to its Docker-native integration and ease of configuration. This guide will walk you through setting up Traefik locally for development purposes.

If you like content about fullstack engineering you can, make sure to subscribe my youtube channel

What is Traefik?

Traefik is a modern HTTP reverse proxy and load balancer designed to seamlessly deploy microservices. Its standout features include:

  • Automatic service discovery
  • Built-in Let’s Encrypt support
  • Real-time configuration updates
  • Docker integration
  • Dynamic load balancing

Prerequisites

Before we begin, ensure you have:

  • Docker and Docker Compose installed
  • Basic understanding of YAML configuration
  • Admin access to modify system files

Setting Up Traefik Locally

  1. First, we need to configure our local network. Create a Docker Compose file and create a localhost_net network like shown below.
services:
  # service definition goes here
  # place for traefik service definition
  # ...

networks:
  localhost_net:
    external: true
volumes:
  traefik-data:
    driver: local
Enter fullscreen mode Exit fullscreen mode

Please note that the network is defined as external so we have to manually create it before we run docker-compose command

  1. To create a network use docker network create localhost_net

Image description

  1. Create a localhost network for traefik Domain Configuration

We’ll use two local domains to expose our application endpoints. Traefik has a builtin dashboard which can be exposed to the internet via http endpoint so we will be doing that for local development (not recomended in production setup) and our App on separate endpoint, both of these endpoints will be hosted behind traefik reverse proxy, following are the urls to setup:

We need to point both these urls to our local loopback address (127.0.0.1) for them to access our locally served up traefik from docker-compose file

Edit /etc/hosts (mac) file in administrator mode. you can check where your host file setup are based on your OS, however configuration are same across OS.

Add the following 2 lines at the end of your host file
Image description

  1. Add the Traefik service to your Docker Compose file. Please note that we have mounted a configuration file for traefik instead of defining all configurations in single docker-compose file. We will define these configuration later in the article:
services:
  traefik:
    image: traefik:v3.1.6
    command: "--configFile=/config/traefik.yml"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "./traefik_data:/etc/traefik"
      - "./config/configuration.yml:/config/traefik.yml:ro"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./localhost.crt:/certs/localhost.crt:ro"
      - "./localhost.key:/certs/localhost.key:ro"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`proxy.localhost`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
    networks:
      - localhost_net

networks:
  localhost_net:
    external: true

volumes:
  traefik_data:
Enter fullscreen mode Exit fullscreen mode

Generate local SSL certificates using OpenSSL at the root of your project:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout localhost.key -out localhost.crt

This will generate 2 files localhost.crt and localhost.key

Traefik Configuration file

Create config/configuration.yml with the following settings:

global:
  checkNewVersion: true
  sendAnonymousUsage: false

serversTransport:
  insecureSkipVerify: true

entryPoints:
  # Redirect HTTP to HTTPS
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  # HTTPS endpoint
  websecure:
    address: ":443"
    http:
      tls:
        domains:
          - main: "localhost"
            sans:
              - "*.localhost"

providers:
  providersThrottleDuration: 2s

  # Docker provider for services running inside Docker
  docker:
    watch: true
    network: localhost_net # Ensure this matches your Docker network name
    exposedByDefault: false

# Enable Traefik UI
api:
  dashboard: true
  insecure: true

# Log level: INFO|DEBUG|ERROR
log:
  level: INFO

# Manual TLS (self-signed certificate setup)
tls:
  certificates:
    - certFile: "/certs/localhost.crt"
      keyFile: "/certs/localhost.key"
Enter fullscreen mode Exit fullscreen mode

Let’s deploy a sample NGINX application behind Traefik:

services:
  traefik:
    image: traefik:v3.1.6
    command: "--configFile=/config/traefik.yml"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "./traefik_data:/etc/traefik"
      - "./config/configuration.yml:/config/traefik.yml:ro"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./localhost.crt:/certs/localhost.crt:ro"
      - "./localhost.key:/certs/localhost.key:ro"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`proxy.localhost`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
    networks:
      - localhost_net

  app:
    image: nginx
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.app.rule=Host(`app.localhost`)"
      - "traefik.http.routers.app.entrypoints=websecure"
      - "traefik.http.services.app.loadbalancer.server.port=80"
    networks:
      - localhost_net

networks:
  localhost_net:
    external: true

volumes:
  traefik_data:
Enter fullscreen mode Exit fullscreen mode

Advanced Configuration Options

Middleware Configuration

Traefik supports various middleware options for enhanced functionality:

# Example of adding basic auth middleware
labels:
   - "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$xyz123"
   - "traefik.http.routers.app.middlewares=auth@docker"
Enter fullscreen mode Exit fullscreen mode

Rate Limiting

Protect your services with rate limiting:

labels:
  - "traefik.http.middlewares.ratelimit.ratelimit.average=100"
  - "traefik.http.middlewares.ratelimit.ratelimit.burst=50"
Enter fullscreen mode Exit fullscreen mode

Health Checks

Configure health checks for your services:

labels:
   traefik.http.services.app.loadbalancer.healthcheck.path=/health
   traefik.http.services.app.loadbalancer.healthcheck.interval=10s
Enter fullscreen mode Exit fullscreen mode

Security Considerations

When setting up Traefik locally, consider these security best practices:

  • SSL/TLS Configuration: Always use HTTPS, even locally
  • Access Control: Secure the Traefik dashboard
  • Docker Socket: Be cautious with Docker socket mounting
  • Network Isolation: Use separate networks for different environments

Troubleshooting Common Issues

Certificate Issues

  • Ensure certificates are properly mounted
  • Check certificate permissions
  • Verify domain names match certificates

Network Problems

  • Confirm Docker network exists
  • Check host file configurations
  • Verify port mappings

Service Discovery Issues

  • Ensure labels are correctly configured
  • Check Docker network connectivity
  • Verify service ports

Conclusion

Setting up Traefik locally provides a powerful development environment that mirrors production configurations. This setup allows you to:

  • Test microservices architecture locally
  • Develop with HTTPS enabled
  • Experiment with various Traefik features
  • Prepare for production deployment

Remember to check Traefik’s official documentation for the latest features and best practices as you build upon this basic setup.

Top comments (0)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.