Subscribe to my channel for Engineering videos
In the modern microservices architecture, reverse proxies play a crucial role in managing traffic and securing applications. Traefik has emerged as a popular choice due to its Docker-native integration and ease of configuration. This guide will walk you through setting up Traefik locally for development purposes.
If you like content about fullstack engineering you can, make sure to subscribe my youtube channel
What is Traefik?
Traefik is a modern HTTP reverse proxy and load balancer designed to seamlessly deploy microservices. Its standout features include:
- Automatic service discovery
- Built-in Let’s Encrypt support
- Real-time configuration updates
- Docker integration
- Dynamic load balancing
Prerequisites
Before we begin, ensure you have:
- Docker and Docker Compose installed
- Basic understanding of YAML configuration
- Admin access to modify system files
Setting Up Traefik Locally
- First, we need to configure our local network. Create a Docker Compose file and create a localhost_net network like shown below.
services:
# service definition goes here
# place for traefik service definition
# ...
networks:
localhost_net:
external: true
volumes:
traefik-data:
driver: local
Please note that the network is defined as external so we have to manually create it before we run docker-compose command
- To create a network use
docker network create localhost_net
- Create a localhost network for traefik Domain Configuration
We’ll use two local domains to expose our application endpoints. Traefik has a builtin dashboard which can be exposed to the internet via http endpoint so we will be doing that for local development (not recomended in production setup) and our App on separate endpoint, both of these endpoints will be hosted behind traefik reverse proxy, following are the urls to setup:
- Traefik dashboard - https://proxy.localhost
- Your application - https://app.localhost
We need to point both these urls to our local loopback address (127.0.0.1) for them to access our locally served up traefik from docker-compose file
Edit /etc/hosts
(mac) file in administrator mode. you can check where your host file setup are based on your OS, however configuration are same across OS.
Add the following 2 lines at the end of your host file
- Add the Traefik service to your Docker Compose file. Please note that we have mounted a configuration file for traefik instead of defining all configurations in single docker-compose file. We will define these configuration later in the article:
services:
traefik:
image: traefik:v3.1.6
command: "--configFile=/config/traefik.yml"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./traefik_data:/etc/traefik"
- "./config/configuration.yml:/config/traefik.yml:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./localhost.crt:/certs/localhost.crt:ro"
- "./localhost.key:/certs/localhost.key:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`proxy.localhost`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
networks:
- localhost_net
networks:
localhost_net:
external: true
volumes:
traefik_data:
Generate local SSL certificates using OpenSSL at the root of your project:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout localhost.key -out localhost.crt
This will generate 2 files localhost.crt
and localhost.key
Traefik Configuration file
Create config/configuration.yml
with the following settings:
global:
checkNewVersion: true
sendAnonymousUsage: false
serversTransport:
insecureSkipVerify: true
entryPoints:
# Redirect HTTP to HTTPS
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
# HTTPS endpoint
websecure:
address: ":443"
http:
tls:
domains:
- main: "localhost"
sans:
- "*.localhost"
providers:
providersThrottleDuration: 2s
# Docker provider for services running inside Docker
docker:
watch: true
network: localhost_net # Ensure this matches your Docker network name
exposedByDefault: false
# Enable Traefik UI
api:
dashboard: true
insecure: true
# Log level: INFO|DEBUG|ERROR
log:
level: INFO
# Manual TLS (self-signed certificate setup)
tls:
certificates:
- certFile: "/certs/localhost.crt"
keyFile: "/certs/localhost.key"
Let’s deploy a sample NGINX application behind Traefik:
services:
traefik:
image: traefik:v3.1.6
command: "--configFile=/config/traefik.yml"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./traefik_data:/etc/traefik"
- "./config/configuration.yml:/config/traefik.yml:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./localhost.crt:/certs/localhost.crt:ro"
- "./localhost.key:/certs/localhost.key:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`proxy.localhost`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
networks:
- localhost_net
app:
image: nginx
labels:
- "traefik.enable=true"
- "traefik.http.routers.app.rule=Host(`app.localhost`)"
- "traefik.http.routers.app.entrypoints=websecure"
- "traefik.http.services.app.loadbalancer.server.port=80"
networks:
- localhost_net
networks:
localhost_net:
external: true
volumes:
traefik_data:
Advanced Configuration Options
Middleware Configuration
Traefik supports various middleware options for enhanced functionality:
# Example of adding basic auth middleware
labels:
- "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$xyz123"
- "traefik.http.routers.app.middlewares=auth@docker"
Rate Limiting
Protect your services with rate limiting:
labels:
- "traefik.http.middlewares.ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.ratelimit.ratelimit.burst=50"
Health Checks
Configure health checks for your services:
labels:
traefik.http.services.app.loadbalancer.healthcheck.path=/health
traefik.http.services.app.loadbalancer.healthcheck.interval=10s
Security Considerations
When setting up Traefik locally, consider these security best practices:
- SSL/TLS Configuration: Always use HTTPS, even locally
- Access Control: Secure the Traefik dashboard
- Docker Socket: Be cautious with Docker socket mounting
- Network Isolation: Use separate networks for different environments
Troubleshooting Common Issues
Certificate Issues
- Ensure certificates are properly mounted
- Check certificate permissions
- Verify domain names match certificates
Network Problems
- Confirm Docker network exists
- Check host file configurations
- Verify port mappings
Service Discovery Issues
- Ensure labels are correctly configured
- Check Docker network connectivity
- Verify service ports
Conclusion
Setting up Traefik locally provides a powerful development environment that mirrors production configurations. This setup allows you to:
- Test microservices architecture locally
- Develop with HTTPS enabled
- Experiment with various Traefik features
- Prepare for production deployment
Remember to check Traefik’s official documentation for the latest features and best practices as you build upon this basic setup.
Top comments (0)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.