I’m migrating my server to a new server and wanna try something new. I’ve been using nginx to reverse proxy my stuff and I recently heard about traefik being able to read labels off docker containers. I’ve been googling around but I can’t for the life of me figure out how to get the access to the dashboard without having insecure mode on.
Personally I’ve used traefik, Nginx and caddy. They’re all interesting in their own ways. My little docker setup is currently using caddy-docker-proxy. It’s been set and forget for me. You might need some adjustments based on your TLS requirements etc.
Insecure mode is enabling the dashboard.
Edit: if you get stuck here’s a quick demo Lemmy config. I have a traefik 3.0 instance setup there as well.
Here is an alternative Piped link(s): https://piped.video/wLrmmh1eI94
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
For those using traefik I would recommend the dynamic file config. You don’t have to take down your containers just to change a proxy setting.
With labels you just update the service definition by redeploying the stack; the dynamic file provider adds nothing in most circumstances.
You certainly don’t need to take down your container except to change things that are part of the Traefik static configuration.
by redeploying the stack
That’s the point. With dynamic files you can add new Middleware or even route already exposed ports all on the fly. You’re telling me you can change a docker label and keep your service running with 0 downtime?
If you’ve figured that out please share a link because my experience has been otherwise.
Close enough to 0 downtime that it doesn’t matter.
- Deploy updated stack file to existing stack
- existing services are updated
- Traefik polls the docker socket and notices updated labels
- ???
- Profit!
Seriously, you shouldn’t need to put anything (outside of rules that you want to re-use [e.g. http->https middleware]) in the traefik dynamic configuration because each container/service in a docker stack will bring with it its own configuration. Your only ‘dead time’ is how long it takes Traefik to pick up the new dynamic configuration via either the docker
or swarm
providers, which is configurable but I’ve never had to touch because, even on production systems, it’s been fine.