We use cookies from third party services for marketing activities and to offer you a better experience. Read about how we use cookies and how you can control them by clicking "Privacy Preferences".


Privacy Preferences

Privacy Preferences

When you visit any website, it may store or retrieve information through your browser, usually in the form of cookies. Since we respect your right to privacy, you can choose not to permit data collection from certain types of services. However, not allowing these services may impact your experience.

  • Privacy Policy
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
    REQUIRED
  • Content Delivery Network
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
    REQUIRED
  • Youtube (Hosting Video Platform by Google Inc.)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
  • Vimeo (Hosting Video Platform)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
  • Google Ads (Advertisement Delivery Network)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
  • Dailymotion (Hosted Video Platform)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
  • Facebook & Instagram (Social Media)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.





How to setup Traefik 2.2 and Portainer on Ubuntu 18.04

How to setup Traefik 2.2 and Portainer on Ubuntu 18.04

How to setup Traefik 2.2 and Portainer on Ubuntu 18.04

This tutorial will explain how to setup Traefik along with Portainer with Docker and Docker Compose on Ubuntu 18.04.

Use case

This setup is useful for many use cases, like hosting applications, microservices and/or REST API. For this document, our use case is: Single Server (Cloud, Virtual or Physical) hosting multiple applications like JIRA, Confluence, Drupal, Wordpress, Magento etc using docker, with Traefik to route the traffic to appropriate docker containers and finally Portainer to provide a control panel of sorts to manage Docker. For low-cost physical or cloud server with great support, we recommend Hetzner whom we have been using for more than 5 years. To get much better resiliency, scaling and high availability, we could setup Docker Swarm cluster and use Traefik and Portainer to manage that, but that is out of scope of this article.

A high level diagram of how all the components work as a solution is: Traefik Portainer

Traefik

Traefik is the leading open source reverse proxy and load balancer for HTTP and TCP-based applications that is easy, dynamic, automatic, fast, full-featured, production proven, provides metrics, and integrates with every major cluster technology

Traefik provides following benefits:

  1. Dynamic Routing: Once properly setup, Traefik will dynamically add new services and containers as they come up to provide traffic routing to them. Suppose earlier Traefik was only routing traffic for jira.example.com to the JIRA container, if we now add a new container for Confluence with new endpoint confluence.example.com, Traefik will automatically detect it and start routing traffic to it.
  2. Load balancer: If we have multiple instance of a container, then Traefik can provide load balancing between those instances
  3. Letsencrypt: If properly configured, Traefik can not only route traffic to a newly discovered service, but it can also get the free certs from Lets Encrypt for the domain configured for that service and transparently manage the renewal of the certs. It can then redirect all the http traffic to https for enhanced security of your application.
  4. Traefik Dashboard: New in version 2.0+ of Traefik is very useful User Dashboard that can help visualize all the traffic endpoints, services, middlewares and docker containers. a very simplistic dashboard was available in verion 1.x but the version 2.x+ is much better.

Traefik screenshot

You can read much more details about other functionality on the website of Traefik.

Portainer

Portainer is a powerful, open-source management toolset that allows you to easily build, manage and maintain Docker environments.

With portainer you can manage your docker instances, add new dockerised applications from app store and visualise various docker services and stacks that are currently running.


Setup instructions

You might find some instruction given below quite basic, but we have included them for the sake of completeness. Please skips the steps that you don’t need

Setup secure Ubuntu server

You can follow the instructions on the Secure Ubuntu Server Setup to setup a base secure ubuntu server

Assumptions

It is assumed that you have changed the DNS entry of your example.com domain and pointed the following sub-domain names to the server

docker.example.com
traefik.example.com
portainer.example.com

Install Docker

Full instruction to install Docker are given at https://docs.docker.com/engine/install/ubuntu/ but in nutshell the commands are:

$ sudo apt-get update

# Add required packages
$ sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common

# Add Docker official GPG key
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

# Add Docker repository
$ sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"

# Install Docker packages
$ sudo apt-get update
$ sudo apt-get install docker-ce docker-ce-cli containerd.io

# Test to ensure docker is working
$ sudo docker run hello-world

# Add current user to the Docker group
$ sudo groupadd docker
$ sudo usermod -aG docker $USER

$ sudo reboot

Install Docker Compose

Get latest version from https://github.com/docker/compose/releases

$ sudo curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

# Give execute permissions
$ sudo chmod +x /usr/local/bin/docker-compose

# Test docker-compose
$ docker-compose --version

Create the required directories

You can setup your docker directory structure whichever way you like, our preferred directory structure is:

# Main directory under which all the docker related stuff will be stored
/home/ubuntu/docker

# core directory containing docker-compose for Traefik and Portainer
/home/ubuntu/docker/core
/home/ubuntu/docker/core/docker-compose.yml

# Traefik config files
/home/ubuntu/docker/core/traefik-data
# This file is used to store all the certs
/home/ubuntu/docker/core/traefik-data/acme.json
# Config file for Traefik
/home/ubuntu/docker/core/traefik-data/traefik.yml

# Portainer config files
/home/ubuntu/docker/core/portainer-data

# Contains docker-compose files for all dockerised files
/home/ubuntu/docker/apps

if you want to use this directory structure then use the commands below:

mkdir -p /home/ubuntu/docker/core/traefik-data
mkdir -p /home/ubuntu/docker/core/portainer-data

touch /home/ubuntu/docker/core/traefik-data/acme.json
chmod 600 /home/ubuntu/docker/core/traefik-data/acme.json

touch /home/ubuntu/docker/core/traefik-data/traefik.yml

Traefik config file

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  http:
    acme:
      email: [email protected]
      storage: acme.json
      httpChallenge:
        entryPoint: http

Important: Make sure to replace [email protected] with your actual email id where you want the notifications of the expiry of cert to be sent by Let’s Encrypt

Generate secure password for logging into Traefik

We will use htpasswd to generate the password that will then be stored in the docker-compose.yml file. These username and password will be required when trying to log into Traefik interface.

If htpasswd is not available on your system then install it using

$ sudo apt install apache-utils

Then run the following command to generate the secure password

echo $(htpasswd -nb <username> <password>) | sed -e s/\\$/\\$\\$/g

Replace username & password above with your actual username & password

Create Proxy network

We need to create a new Docker network called traefik-proxy which will be the only network that is allows outside traffic. To create a docker network use:

docker network create traefik-proxy

docker-compose.yml with both Traefik and Portainer

version: '3'

services:
  traefik:
    image: traefik:v2.2
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - traefik-proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik-data/traefik.yml:/traefik.yml:ro
      - ./traefik-data/acme.json:/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.example.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=username:password"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.example.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "[email protected]"

  portainer:
    image: portainer/portainer:latest
    container_name: portainer
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - traefik-proxy
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./portainer-data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.entrypoints=http"
      - "traefik.http.routers.portainer.rule=Host(`portainer.example.com`)"
      - "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
      - "traefik.http.routers.portainer-secure.entrypoints=https"
      - "traefik.http.routers.portainer-secure.rule=Host(`portainer.example.com`)"
      - "traefik.http.routers.portainer-secure.tls=true"
      - "traefik.http.routers.portainer-secure.tls.certresolver=http"
      - "traefik.http.routers.portainer-secure.service=portainer"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
      - "traefik.docker.network=traefik-proxy"

networks:
  traefik-proxy:
    external: true

Important: Make sure to change traefik.example.com, portainer.example.com and the username:password in the above files to the values that are relevant to you.

Run docker-compose

Once everything is setup, you can start Traefik and Portainer using:

docker-compose up -d

and then you can visit

https://traefik.example.com and https://portainer.example.com to use these application.

Note:

  • When running docker-compose for the first time, you might want to use docker-compose up so that you can see the logs and the progress of the process. Use CTRL+c to exit and then it docker-compose with -d as shown above for normal work
  • You can also check the logs using docker-compose logs. This command will only work when you are in the directory that contains docker-compose.yml
  • To check the status of the containers, use docker-compose ps

Share this Post:
Posted by Varinder Singh
Varinder Singh
Co-Founder and CTO of Indivar Software Solutions Pvt Limited, India and New Zealand. Co-Founder & Director - IT for Credence Medicure Corporation. Co-Founder and CTO for Stakteck Limited

Related Posts:

comments powered by Disqus