traefik/docs/index.md

9.6 KiB

Træfik

Build Status SemaphoreCI Docs Go Report Card License Join the chat at https://traefik.herokuapp.com Twitter

Træfik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Træfik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. Pointing Træfik at your orchestrator should be the only configuration step you need.

Overview

Imagine that you have deployed a bunch of microservices with the help of an orchestrator (like Swarm or Kubernetes) or a service registry (like etcd or consul). Now you want users to access these microservices, and you need a reverse proxy.

Traditional reverse-proxies require that you configure each route that will connect paths and subdomains to each microservice. In an environment where you add, remove, kill, upgrade, or scale your services many times a day, the task of keeping the routes up to date becomes tedious.

This is when Træfik can help you!

Træfik listens to your service registry/orchestrator API and instantly generates the routes so your microservices are connected to the outside world -- without further intervention from your part.

Run Træfik and let it do the work for you! (But if you'd rather configure some of your routes manually, Træfik supports that too!)

Architecture

Features

  • Continuously updates its configuration (No restarts!)
  • Supports multiple load balancing algorithms
  • Provides HTTPS to your microservices by leveraging Let's Encrypt (wildcard certificates support)
  • Circuit breakers, retry
  • High Availability with cluster mode (beta)
  • See the magic through its clean web UI
  • Websocket, HTTP/2, GRPC ready
  • Provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB)
  • Keeps access logs (JSON, CLF)
  • Fast
  • Exposes a Rest API
  • Packaged as a single binary file (made with ❤️ with go) and available as a tiny official docker image

Supported Providers

The Træfik Quickstart (Using Docker)

In this quickstart, we'll use Docker compose to create our demo infrastructure.

To save some time, you can clone Træfik's repository and use the quickstart files located in the examples/quickstart directory.

1 — Launch Træfik — Tell It to Listen to Docker

Create a docker-compose.yml file where you will define a reverse-proxy service that uses the official Træfik image:

version: '3'

services:
  reverse-proxy:
    image: traefik # The official Traefik docker image
    command: --api --docker # Enables the web UI and tells Træfik to listen to docker
    ports:
      - "80:80"     # The HTTP port
      - "8080:8080" # The Web UI (enabled by --api)
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events

!!! warning Enabling the Web UI with the --api flag might exposes configuration elements. You can read more about this on the API/Dashboard's Security section.

That's it. Now you can launch Træfik!

Start your reverse-proxy with the following command:

docker-compose up -d reverse-proxy

You can open a browser and go to http://localhost:8080 to see Træfik's dashboard (we'll go back there once we have launched a service in step 2).

2 — Launch a Service — Træfik Detects It and Creates a Route for You

Now that we have a Træfik instance up and running, we will deploy new services.

Edit your docker-compose.yml file and add the following at the end of your file.

# ...
  whoami:
    image: emilevauge/whoami # A container that exposes an API to show its IP address
    labels:
      - "traefik.frontend.rule=Host:whoami.docker.localhost"

The above defines whoami: a simple web service that outputs information about the machine it is deployed on (its IP address, host, and so on).

Start the whoami service with the following command:

docker-compose up -d whoami

Go back to your browser (http://localhost:8080) and see that Træfik has automatically detected the new container and updated its own configuration.

When Traefik detects new services, it creates the corresponding routes so you can call them ... let's see! (Here, we're using curl)

curl -H Host:whoami.docker.localhost http://127.0.0.1

Shows the following output:

Hostname: 8656c8ddca6c
IP: 172.27.0.3
#...

3 — Launch More Instances — Traefik Load Balances Them

Run more instances of your whoami service with the following command:

docker-compose up -d --scale whoami=2

Go back to your browser (http://localhost:8080) and see that Træfik has automatically detected the new instance of the container.

Finally, see that Træfik load-balances between the two instances of your services by running twice the following command:

curl -H Host:whoami.docker.localhost http://127.0.0.1

The output will show alternatively one of the followings:

Hostname: 8656c8ddca6c
IP: 172.27.0.3
#...
Hostname: 8458f154e1f1
IP: 172.27.0.4
# ...

4 — Enjoy Træfik's Magic

Now that you have a basic understanding of how Træfik can automatically create the routes to your services and load balance them, it might be time to dive into the documentation and let Træfik work for you! Whatever your infrastructure is, there is probably an available Træfik provider that will do the job.

Our recommendation would be to see for yourself how simple it is to enable HTTPS with Træfik's let's encrypt integration using the dedicated user guide.

Resources

Here is a talk given by Emile Vauge at GopherCon 2017. You will learn Træfik basics in less than 10 minutes.

Traefik GopherCon 2017

Here is a talk given by Ed Robinson at ContainerCamp UK conference. You will learn fundamental Træfik features and see some demos with Kubernetes.

Traefik ContainerCamp UK

Downloads

The Official Binary File

You can grab the latest binary from the releases page and just run it with the sample configuration file:

./traefik -c traefik.toml

The Official Docker Image

Using the tiny Docker image:

docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik

Security

Security Advisories

We strongly advise you to join our mailing list to be aware of the latest announcements from our security team. You can subscribe sending a mail to security+subscribe@traefik.io or on the online viewer.

CVE

Reported vulnerabilities can be found on cve.mitre.org.

Report a Vulnerability

We want to keep Træfik safe for everyone. If you've discovered a security vulnerability in Træfik, we appreciate your help in disclosing it to us in a responsible manner, using this form.