Getting started with Traefik and Consul

load balancing like a pro

A while ago I did a brief comparison piece on Traefik vs Nginx (vs Haproxy) as load balancers. Since then I’ve become closer and closer to containers (using them everywhere now) as well as orchestration systems while Traefik (due to its quick integration and painless SSL) has become the default tool for exposing services to the outside world.

This post is mean to offer Traefik newcomes a quick start that goes slightly beyond the official documentation. It’s by no means a comprehensive ‘best practices’ list, but it can serve you well in getting up and running a web development environment in no time.

Let’s start with some prerequisites.You will need a Unix machine (I use a lot VMs in Hetzner because they are cheap — 2 cores and 4Gb of RAM for 5 euros a month, whaaat?). Docker is next, docker-compose is third. You will also need the htpasswd tool (apache2-utils package in Ubuntu or via brew for Mac users). Once you have that, I suggest also doing a bit of kernel networking optimisations.

Now, the initial setup will have 3 elements: Traefik load balancer with automatic SSL from Letsencrypt, Consul for storing configuration and an Nginx webserver just to show that our stuff works.

Start by creating a new folder for your project (or better yet, a Git repository somewhere like github or bitbucket).

In the newly created folder, create a subfolder creatively called traefik (where we will store traefik-related configs). Inside traefik, run:

htpasswd -Bc security.htpasswd testuser

You will be prompted for a password and password confirmation. Once that’s done, you will end up with a file called secure.htpasswd which contains a user and an encrypted password that will secure our private stuff (mainly Traefik dashboard and Consul UI).

Also inside traefik subfolder, create a file for Traefik’s configuration called traefik.toml (yes, toml, something that yml/json users will learn to despise) with the following content:

Pause for explanation:

  • defaultEntryPoints define those config elements that define places that our application can be called through publicly. We have 2, creatively called http and https which accept anything on ports 80 and 443 respectively.

Once the file is saved, let’s exit the traefik subfolder and go back to your main project folder. Here we will need a docker-compose.yml file.

What’s important:

Traefik container:

  • we mount 3 items for traefik: the config file, the Docker socket on your system and the traefik folder as a whole (we need this just for the htpasswd file in this form, but let’s be lazy)

Consul container:

  • similarly, we specify roughly similar labels — enable Traefik, specify hosts and authentication

Nginx:

  • no basic authentication here, it’s just an example of something expose to the outside world

We also need to manually create a volume and a network. It’s good practice to manually create the network as everything that Traefik load balances needs to be on the same network. This also enables you to reuse the network with difference compose files but still allow the same Traefik to load balance additional services defined in a different file.

docker network create traefik
docker volume create kv-data

We’re almost there!

Unfortunately Traefik has no way to populate the K/V store automatically, so now we need to start up the whole shabang.

docker-compose up -d

Then we will need to manually tell Traefik to store configuration in Consul

docker-compose exec loadbalancer /bin/shloadbalancer> traefik storeconfig

Now you’re all set!

Of course, for the whole thing to work don’t forget to use your own domains, for which you’ve setup proper DNS pointing to your server and your 80/443 ports are open! Easy stuff to miss.

Enjoy!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store