Deploying FastAPI Apps Over HTTPS with Traefik Proxy

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey we are going to talk about deploying fast api apps with https powered by traffic so first who am i i'm celestine ramirez or tiangulu i'm a software developer at explosion in berlin germany explosion are the creators of spacey the natural language processing package prodigy too for doing data annotation with active learning think a deep learning framework using type annotations and i created fast api and diaper so this is what we are going to talk about you can also find me on github linkedin and twitter we are going to use this course and talk about fast api with docker we are going to build an application with fast api with docker then we are going to deploy it on digital lotion on a server from scratch and we are then going to put traffic on top and we are going to add https to that so when you deploy an application to a remote server you should always have https because it will encrypt the communication between your clients and users and the server and https is actually just http the same protocol that you are used to for web applications running through or going through a secure connection using tls or ssl ssl was the old name tls is the new name if you want to know a bit more about https i would recommend you go to this website how https works this is a funny web comic that shows all the technical details that you need to know as a developer and then we are going to use traffic to get those https certificates because the way https works is that let's go to this website if you see this log here and that it says the connection is secure this is because of https and this is because this website has a certificate that we can check here and this certificate is the thing that a gives certainty to the users and clients that this website is the who it claims to be and these certificates are provided by a third party in this case it's let's encrypt so you cannot simply just turn https on or like add a simple configuration to just have https there's actually a lot of logic that has to go underneath for it to actually work let's encrypt is this awesome organization that provides tls certificates for free uh dla certificates are these certificates that we were seeing like this one and these certificates are what powers https underneath and then traffic which is what we are talking about a has support integrated support for acquiring those certificates with let's encrypt and renewing them and managing them automatically for you because if you see these certificates they always have this expiration date so they have a short time lifespan and there's logic that needs to be added to handle the renewal of those certificates to keep everything working and traffic can do all that for us so that's what we are going to see and then we are going to see how to add basic out for any type of web application simply using traffic so we'll be able to add authentication for things like not just fast api applications but also things like stream lead or panel applications that use bokeh visualizations with pandas and stuff like that and we will be able to add basic authentication for that so that you can deploy your applications on a public server that other users can can see but then also have it with authentication and properly secure so we're gonna do all these live so let's start coding the first thing that we are going to do is that we are going to create a virtual environment here so let me open the terminal i have this empty project and we are going to create a virtual environment with python 3.8 i'm calling it dot m 3.8 i'm gonna say yes i want you to detect that this is a virtual environment and use it now i have the new a binary pip on python so i'm going to use that first i have to activate it so the environments.n blah blah blah being activate so i have the new virtual environment activated here the next thing that i'm going to do is that i'm going to upgrade it so that i have the latest version of clip installed before installing every anything else this is a good practice to to implement you might be using another tool you might be using poetry or conda or using a requirement files we are just going to do the simplest thing and just install everything with it now we are going to install fast api and uv core as you can see here because these are the tools that we're going to use we're going to make a very simple a fast api application so i'm just going to bring it here it's a very simple default fast api application this is a complete fast api application and we're just gonna run that that is what we are going to use for a for our example we're not gonna do much more with fast api but we are gonna learn how to deploy a fast api application to a remote server so having that i can start a local server with uvicorn with this command this first let me hit yeah this first app here refers to this directory up then dot main refers to this file dot named by a main.time then hold on and then the second app refers to this app variable or this app object that's what this line means now i'm gonna run that and this says that it's running on this ip address and this port if i open this let me go here and open a new tab and open this address you can see that the app that we created is working and it's yeah it's working properly because this is a fast api application we can go to the interactive documentation docs and we can see that we get this automatic interactive api documentation we can even interact with our api we get the message that we were expecting and everything is working correct so nice that that's working great up to that point let's stop this server and i'm gonna now add everything here to git so i'm gonna create a git repository i have a git ignore file that ignores all the files that we don't need to have to get so i'm gonna add this git ignore and i'm gonna add the main code that we have to get first commit that will be the message for this first commit cool now we have a git repository with our first basic application so after now this is just fast api this is all working locally great what are we going to do now now we want to create this server on our uh create this application on our remote server so we are going to create that remote server let me go here we are going to go to digital ocean i have this project that's the favorite traffic which is what you're going to do and then i'm going to create a new server so they call them droplets this is just a remote server this is what we are going to use i can use the default ubuntu it's just a basic server i don't need one this big and i can use one of 10 bucks a month so that's fine i'm currently in germany so i'm gonna select frankfurt and i'm gonna enable my personal ssh key so that we can log in easily i can leave everything else by default and i can just start this server this droplet as they call it so this is now creating that server and we can actually go there and see it already has an a a public id so we are going to use this public id to create a to make the domain that we are going to use map to this server so now what we are going to do so we are going to go again to the project and i have this domain set up here that currently only has the default configurations but now i'm going to say hey whenever someone goes to the domain pass the api with traffic.angle.com so i'm going to say at which is the keyword for saying this domain i want them to communicate with the server that i just created which is this one i can select an ip here instead of just the drop down but the digital origin detects that i just created this server so it's auto completed i'm going to create this this record here now i'm going gonna add another one which is this asterisk or a wildcard which means any sub domain of fast api traffic to tangle.com and it should also point to the same server i'm gonna add this one so now we have the domain set up to communicate with that cell now the next that we the next thing that we are going to do is that we are going to connect to that server so i'm going to go here back to the to the terminal and i'm gonna move myself to this corner i'm gonna split this window and i'm going to connect to that remote server with ssh so i'm saying ssh root which is the name of the root user at and i can put here instead of filling the ip address i can put the domain because i have already set up the domain so let's see if that works the dns domain sometimes takes some time to replicate the configurations but it seems that it already got the domain correctly because we have never connected to this server then it's going to ask me hey do you throw the server do you want to connect to it i don't recognize that and of course you won't recognize it because we just created it great now we are here inside of the new server that was that we just created let's actually go there and confirm that it says that the ubuntu server this is actually well it's safe creating but it's actually already up and running yeah you can see that is everything ready awesome now what we are going to do is that we are going to tell this server hey i want you to update with this command we are telling it i want you to update the list of packages available so we so you have the list of the latest versions available this doesn't install the new packages this doesn't upgrade the current packages it only updates the list of available packages now with this command which is not update but upgrade now we are going to tell you hey upgrade everything i want you to have a all the latest versions of the packages that you already have installed so i'm going to say yes install that great so that's installing and with that we will end up with a new server that start we started from scratch with all the latest security patches and all the latest versions of the default packages that it comes with so awesome when that finishes we are going to do the next thing with our code we are going to add a couple of files here so we're going to add this file docker file and this is the file that we are going to use to create a docker image with our application so i'm using the official image for fast api and we just have to copy this directory up inside of the slash app directory inside of the container that's all we have to do and we are going to create this other file the docker ignore which is very similar to git ignore you can see that it has the same content this what if this does is that docker won't send all the possible files including this huge environment to docker for it to build the image it will just send the rest of the files which is just our code so it will be much faster than if we just sent everything now i'm going to run a docker image with that i'm going to create a docker image using this command docker build then the t means what is the tag of the image that i'm creating so the name of the image which is just gonna be up and i'm telling it hey do it on this local directory so i'm gonna hit that and then docker is gonna go check in this local directory detect that there's a docker file and use the information in the docker file to create a new docker image and now i can use the docker image that was created you can see that it's using the a base image and then it's copying the files that we declared now i can run a container with this the current mesh and the limit docker run then dash id i remember this id as interactive terminal that it means something else the thing is that this is going to show us the what is happening inside of the container on the terminal instead of just running without showing us anything else and we are telling you hey we want you to map a port we want the port 5000 in my local machine to be the port 80 inside of the container this means that when i hit enter here it's going to start listening to requests in port 80 as it says here in port 80 and here it says listening port let me move this a little bit so we can see that yeah here listening up import 80 but this 80 is inside of the container and we told docker to map the port 80 inside of the container to the port 5 000 outside of the container so the port 5000 in my local laptop so we are gonna go to this address no no to a no to the one with no to the one with a port a we're gonna go to the port 5000 which is this one that wasn't loading anything if i reload now i get our application so great this is running inside the docker i can go to the slash docs to get the documentation the interactive swagger ui documentation you can execute everything is working nice if i stop the doctor container with ctrl c then if i come back and reload then it's no longer loading because the container is no longer running so cool that's working now we're going to add this to files to git and docker will be the commit message now what we need to do is that we are going to install docker on the remote server this is going to take a bit now because it was waiting for my input but now it's going to finish in a second the next thing that we are going to do is that we are going to install docker and then we are going to also install docker compose because we are going to use docker compose to handle all the configurations that we need as we did here with docker run blah blah blah map this port we're gonna need to set a bunch of extra settings like this port and instead of having to remember all those settings uh just by memory are going to put all those settings in a single file in a single docker compose file that is going to save us all that time so now we are going to well we wait for this to finish let's see what else do we have to do what are the new files that we are going to have here so we have this new docker compose file let's check it this docker compose file is going to have this top level services so adapter compose is mainly a configuration file that you can use to configure several containers that are part of the same stack and have all the configurations and all the settings in a single place so that everything is a synchronized and then the compose can use this file to first build the docker image and then start the docker container with configurations like restart we wanted to restart always because if we restart the server we want the application to still be running and not have to start the application and if it crashes then it stops running now we want docker compose to take care of that and restart the application always and we also are going to map the port 80 inside the port 80 outside of the container so the port 80 in our remote server to the port 80 inside of the container so this is the file that we are going to do but before we do that let's continue with observation now finished we are going to install docker now in the remote server so let's go check how to install docker we are going to check the documentation this is just this the easiest way to do it just go to documentation and follow the steps we are going to do it for ubuntu and they have this great convenience script that does all the steps for us so we are just gonna use that i'm gonna copy the convenience script and i'm gonna paste it here so now we have this file in the remote server and now we're gonna run that convenience script that will install docker in our server so i just hit that now we can wait for a little this is going to set up everything to connect to the locker service to install docker in that server and have everything set up so that docker is there and available on the server it's very simple now while this finishes let's continue again with our code setting up this docker compose file so what we are going to do now is that we are going to use the command docker com instead of docker now we're going to say docker compose app that's it we hit that and then this is going to check is there anything new to build so do i have to build this image again no okay then i'm going to continue and i'm going to start the docker container with these configurations and you can see that we get the log with all the settings here and it already started and now we are now using port 5000 as before now we are using port 80 mapping to the port 80 inside of the container so if we go back here to the browser instead of using port 5000 we can use port 80 which is the default so the browser is just going to remove the port because that's the default and we can see that the application is running awesome that's working that's great and we can see that docker is now installed on this server so we can now go and install the compose on the server so let's go check the documentation for that we are here in docker and we can go to docker compose install compose and there's also a very similar a way to install it we just have to copy the commands for linux so i'm just going to copy this and you can paste it here in the remote server now that just downloads docker compose which is just a single file now we have to make it executable so we can use it in the remote server i'm gonna copy that yeah done and now before running anything in docker compose we are also gonna install this extra this extra package here called testing what this is gonna do is that it's gonna make sure that our remote server has enough a randomness let's say that docker compose needs because the server is very new it doesn't have enough randomness for docker compose to use and then docker compose will hang in there not executing anything and now we can say docker compose version and we can see that we get deleted version and we can say docker info and we can see that we have the information of the docker client which is the command docker itself and the server which is the thing that is running on there underneath doing all the work so great that's working correctly now that we have this and we have the docker compose locally here we're going to add docker compose to git add the locker compose now the next thing that we are going to do is that we are going to create a directory very similar to the one we have here with our project so i'm going to say make there code so this is gonna create a directory code so i'm gonna get in that directory and i'm gonna make another directory that is gonna be called the same as a local project first api with traffic let me move this a little bit so we can see it on the same thing with traffic i'm going to create that i'm going to get inside of that cool the next thing that we are going to do is that we are going to copy all the files that we have on this project to the remote server i'm going to use the command rsync let me move this a little bit so we can see that better command rsync can copy the files incrementally so if it already copied some version that you can just copy the new files that are necessary and we are telling you to copy everything in the current directory to the server that is going to be connected using the root user because we are the root user in the server and this is the location of the server using the domain that we just set up and inside of that server it will be in this location which is the location that we just created a that we just created inside of the server to hold our code so i'm gonna send all this code there to the remote server great it should be here now if i check i have all the files that i should have in here so that's working correctly that's awesome now we're gonna do the same that we did locally i'm gonna say docker compose app in the remote server and that is gonna first check what does it have to do the first thing that it has to do is to build the docker image and the local image is made using the official facility machine so this is going to start by downloading all the docker layers for that docker image and then it's gonna well download those layers uncompress them configure them and then it's going to add the code that we say because that's the instructions that we have here in the docker file so it has to start from that then it's going to copy all that a code inside of the docker image and then it's going to create the actual docker image and then it's going to bring everything up this is going to take a little bit meanwhile let's see what else do we have to do here it's actually taking too long which is strange i think probably my connection died so i'm just gonna keep this and create a new connection ssh to this address great now let's get back in that directory traffic oh i'm gonna check with docker ps is there anything running yeah it seems that that thing actually finished running it's just that my terminal my connection uh crashed for some reason so now we now that this thing is running actually let's say the occur compose app to make sure that we get all the information yeah we can get like all the logs and everything in there now that that is running we can go back to the browser and instead of going to localhost we're gonna go to a first api with traffic.tngle.com i'm going to go there and i'm going to go with http which is the port 80 which is the normal port and this is redirecting to https from the previous versions so now it's doing a google search no that's not what i wanted i think we're gonna have to do this on an incognito window because uh when i tried the last time then it remembers that we have https in the trials well now in the incognito window it doesn't remember that at some point it had https so you're just gonna go and do the right thing and connect to it now you can see that it says the connection is not secure this is because it doesn't have https and it doesn't have the certificate but it's working and we can go to the documentation and we can see that it's actually working we can execute code there we can send requests to our application and it's working with our domain so that's working great now let's see what else do we have to do now the next thing that we are going to do is let's check the code here we are going to change some files we are going to add files and changing some files so we are going to add this new file docker compose.traffic.ylml and this is a new docker compose file and this one is going to be for traffic so we are saying hey i want to use the latest traffic image version which is this one and i want traffic to be the one that listens on port 80. so what we are saying is in the port 80 of the remote server we want a we wanted to map to the port 80 inside of the container with traffic and now we're going to check these volumes in a second the next that we're going to see is that we have this command this command says hey i want you to enable a docker because traffic can communicate through different systems docker coordinates and a bunch of words and for docker i don't want you to expose everything by default because otherwise if we created for example a database in the other compose then traffic could try to expose it by default to be nice but then it would actually be a problem for us so we want to say exclusivity explicitly when we want traffic to expose something and then we are saying hey traffic we want you to create an http entry point that is going to use all the addresses on port a then we also enable the access log and the log to see what happens with traffic we are going to see these networks in a bit in a second now let's check what we changed in the original docker compose actually let's let's see it here so the origin of the grid compose had these ports and that was it we removed the ports because now the ports are handled by traffic not by our uh not by our app but then we added these labels so let's see what these labels do here's the thing with traffic actually let me switch to this view and we have traffic on one side and the other on the other side so with traffic we have a bunch of configurations that are static so configurations that don't change over time that don't need traffic to be restarted to use those configurations those are the ones that we are passing with the command to traffic like for example that we are saying hey i want you to listen on port 80 but then traffic also takes other configurations that are dynamic and those configurations we are passing them through the labels through these labels inside of all their stacks or their docker composes texture these labels will be attached to the docker containers once we start and then traffic is going to read those labels and it's going to take these dynamic configurations and use that to set everything up so that we can have traffic send the requests to this a service to this application that way traffic can be running and then we can create a new app or even multiple apps and we don't even have to restart traffic for all of them to work at the same time traffic will read all those configurations and update anything that's necessary to direct the communication to those applications now let's see what these labels mean so we say that we don't want traffic to expose everything by default so we have to be explicit that we want to expose this service so we are saying hey enable traffic for this and we are saying hey traffic i want you to create a new http service that will be called app and this app service will have service this service is a term is different than the service that we use in docker compose so services in the compose refer to more or less containers and the services in traffic refer to something that can receive requests we will see an example of how something how a container could have more than one service in terms of traffic so we are saying hey this is a listen from port 80 and we wanted to use the entry point called http this entry point http is the one that we created here on traffic and we are saying hey for this router that we just created that is gonna be called app http i want you to use the rule that whenever the hosts that is requested is the one with this domain i want you to send that request to this service that's what this label is doing that means that we could actually have different domains on the same server and traffic will be able to handle them and send each request to each specific backhand container that is going to handle it now we need a way for traffic to actually be able so traffic can read all these labels by communicating with docker for traffic to be able to communicate with docker we need to mount this volume here so this is the channel of communication between traffic and docker so that's the communication channel to get all these labels to understand like how does it have to configure and to let traffic know that it has to be be alert to whenever a request comes to this domain for example but then we also need a way for traffic to send those requests to the specific container so that's where the networks come in we are saying hey i want this traffic stack to have a to use the following networks is just one it's called traffic public and this should be external this means that docker compose shouldn't try to create a network that is only local to this stack but then but it should use an active network that should be created in docker in general and that multiple stacks can connect to so we're saying i want to use this traffic net this traffic public network in this stack and then we have to specify here that the specific service this traffic service is going to use that network because we could actually have multiple services in this stack and each one of them will be connected to different networks and some of those could be public so this is what we are doing here and then we have to connect our backend to the same network so we have the same configuration here and here great that's the most important part now uh what we are going to do is that we are going to copy these files to the remote server with the same command that we used before so now we are going to stop the current composite stack and we are going to run docker compose with the a docker compose traffic configuration file so i'm gonna do that with this command so docker compose because i'm not using the default file that is this one docker compose dot by then i have to specify which specific file i want to use so i'm going to say tokencompose.traffic.yml i'm going to say that i'm going to say have but then remember that we say that there should be a network that should be public and that should be external this network doesn't exist yet and that's the error that we are getting here so we are going to say docker network create traffic public so that's going to create that network now we can start again with the previous command and it should start traffic so this is first going to pull the traffic image and extract it and set it up and then it's going to start the actual traffic container now it's started we can see the first log here awesome that's working but now we need to be able to start different stacks so we are going to add an extra configuration here we are going to add at the end of the command dash v this means start this in demon mode which means that is running in the background and it's just gonna keep running there we don't have to we don't have to like we will have this terminal in back to work with it now the next thing that we are going to do is that we are going to also start our stack the one with the docker compose with the inductor compose that we have so we are going to do that with this command so it's the same one but we are explicitly specifying that we are using this docker compose file we're gonna run that and this is gonna run in there we have to specify this the explicit docker compose file because now we have this extra file to compose overwrite here's the thing docker compose will by default use the file docker compose which is this one actually let me show it in this view so this is the main docker compose file docker compose by default it's going to use this file but then remember that we removed the ports from the docker compose file so then docker compose also uses this docker compose override.yml file by default and this is very useful for development so we can during development we can just say docker compose app and this is going to take this file and it's going to use all those configurations and then have those configurations and on top of those configurations is going to apply these configurations so it's going to take these ones and then override them with the file docker compose override and then run that that way when we run this locally we're going to have the stack on port 80 we will be able to use it locally and because we are setting that traffic public now is not external only for local development then this is not going to complain that hey this network doesn't exist that's what this file does but then because we added that file and we don't want to use that file in the remote server we have to be explicit with the file that we are going to use that's why this command here so great that should be running now and what we get is that if we go back to the server and we reload this this is working so actually nothing changed for the final user in the browser and we did a lot of changes and we just added traffic and we connected traffic with our backend so great but we still don't have a lot of use for that but now with traffic we will be able to add https and we have everything wired up to work correctly so now the thing that we are going to do is that we are going to commit all these files so i'm going to say add traffic yeah awesome next thing that we need to do is that we are going to add https so this is the exciting part what we need to do to add https let's actually start with traffic with the configurations for traffic here are the changes we are now saying hey traffic i want you to use an import id this is what we had before oops this is what we had before but we also want traffic to listen for on port 443 this is the default port for https we're going to see this volume in a second let's not pay attention to that just yet now we are adding the same configurations that we have before like this one but now for https and we are saying hey traffic this is the key part i want you to have a certificate with solver so this is the thing that is going i'm gonna go and talk to let's encrypt to get the certificates i can set up the email that i need and i'm gonna say hey traffic i want you to store the traffic the sorry the https certificates that you acquired i want you to store them in this location so slash certificates slash argument.js and i want you to use this configuration to communicate with let's encrypt to get those certificates so this is the the dance that traffic is going to do with let's encrypt to say hey this is me i want certificates and listing people say hey hey how do i know that you are you and then they are gonna do all this conversation uh for traffic to convince let's encrypt that it's actually who traffic is saying it is which is our domain name that we configure so this is what this configuration does but then if we start traffic with this and then we change another configuration and we update that and start over compose okay super fast and because docker is super fast the a doesn't keep the same container that was running it just creates a new one whenever we need to restart it because it's easier to have something that is correct from scratch that trying to configure things like that that's the benefit of traffic that we can get rea sorry that's the benefit of docker that we we can get rid of all those it works on my machine because it's building everything from scratch but because the containers are super fast to build and to start then docker is just gonna remove that and create a new one but if it creates a new container then we are gonna lose the certificates that we have required so to not lose those certificates we are saying hey docker i want you to create this volume which is a named volume you can say that it's name because it doesn't start with slash so it's a name the volume and whenever i put files any file in the location certificates which is this same location here i want you to save those files to this named volume and whenever you restart the container keep using that same volume that means that even if we restart traffic even if we upgrade the version of traffic it's gonna preserve those certificates that we already have and now we are because we declare that we are using a volume then we have to declare the volume here below as well the same as we did with the configurations for the networks that's all there is from the site of traffic to enable https now we're gonna see what are the changes in the main docker compose file so what we have to do is we have more or less the same configuration we had before so we have this entry point we want you to use the entry point h that is called http now we're saying we want you to use the entry point that is called https and we have the same rule that for this domain we wanted to use this router that is called app https so it's just more or less the same configurations it's just that this one this one here is going to be used for https and we are saying hey traffic guy for this router i want you to use tls which is the underlying standard technology to have https and because we are saying hey i want you to have that encrypted we have to tell it how to get those certificates so we're telling a hey use the certificate resolver core called le for let's encrypt let's actually move this this file let's have this file on one side and then let's have the traffic file on the other side yeah so now in docker compose traffic we are saying hey i want you to have this certificate resolver called l e for let's encrypt and here in the upper compass file we're saying use that certificate resolver now the next thing that we are doing is that a because we can configure a bunch of things with labels that are not even in the main traffic docker composer stack in this case we are creating a measure where in the labels for our stack this middleware is just going to redirect anything that is not going to https we want it to redirect to https and we want it to do it permanently with this configuration we create a new media we're in traffic but we are not using it yet so with this new line we are telling a traffic that whenever something goes to app to our app on http alone we want it to be redirected to https that's what this configuration does great it's actually a lot of just understanding what the configurations do but when you see it's just like a bunch of lines and then you get https from that so now the thing that we are going to do is that we are going to copy all these files to the remote server again with the same command as before we just send them great and now what we have to do is that we have just to start traffic again so this is the same command that we have before we're just saying hey update this is that whatever needs to be done so docker compose will go and check these changes and it's gonna add the new command that we added and it's gonna add the new volume and all the stuff so you're just to run that and then the next thing that we are going to do is that we are going to also update our stack with this this is also the same command again which is just going to run it now traffic is gonna go start that then we start our backend the backend is gonna have the labels that say hey i need a https certificates for this specific domain then traffic is gonna read the label and it's gonna say hey i now have configurations to go and acquire certificates with let's encrypt so i'm going to use this domain and i'm going to get a certificate for this domain and it's going to just do all that on the background we don't have to do anything else more than just setting these configurations and now if we go back to the code here the getting those certificates might take a while but we can just try if we reload this page right now it says that it's not secure if we reload it because we added that middleware that added the redirection from http to https then this should redirect the 2d url that uses https and we see that it did now we have we're using the url you can see that it now has https so this redirected to https now we can see that we have the log and we can check and it says the connection is secure yay this is what we wanted this is what we got from traffic now this is actually the main part of this and it was actually not that difficult now we're going to add this to git https great let's close all these files and now we can actually add a couple of extra things that are just nice to to have and they're going to be useful so the first thing that we are going to do is that we are going to add the dashboard for traffic so we are going to be able to see uh the user interface in the browser for traffic that tells us what are the services that are declaring configurations and everything that is going to be used by traffic this is very useful for the booking especially if you have multiple applications with multiple configurations and things so what we do is this is the docker compose for traffic we have all the configurations all these static configurations that we set in traffic is done in the command so we just add a new static configuration which is this api that says hey i want you to enable the api and this api includes the dashboard so this is going to enable the dashboard then these are the static configurations but remember that we have dynamic configurations that are set in the labels of the other stack we can also add dynamic configurations in the labels of the same uh service in this the same container that is running traffic so this is actually interesting that is a same traffic container is adding labels so that the same traffic is going to read those labels and apply those labels to have configurations to expose something that is provided by the same traffic container and this is all just done by the same container by the same traffic so we are enabling traffic we are adding this same load balancer the same thing in this case it's in the port 8080 we are saying the entry point and we are saying that we want to use this domain traffic dot plus api with traffic.angle.com so we are adding this subdomain traffic and we are telling the same configurations we wanted to use https we wanted to use the certificate resolver we want to use all that stuff and now we are adding something extra because we don't want everyone that is on the internet to be able to go and see the dashboard that has all our internal configuration we don't want them to be able to just go and see our configuration so we are going to go and add basic house basic out is the authentication system that is integrated into the browser and that is part of the same http protocol so that we are gonna have that very that little window that says hey this needs a username and a password uh so we don't have to create a huge front end uh to say like register here and like uh add your username and password and stuff like we're gonna have the very simple thing but because this is going through https then it's going to be secured because the password and the user name that we send through the network are going to be sent through the encrypted channel using https this configuration will actually look like this let me comment this and add another version we could say users this is gonna be just admin then colon and then the hash password but we don't want to add the hash password to uh to git so we are gonna have this trick here that says hey docker compose use the environment variable called username and if the environment variable is not set show this error and for the password use the environment variable called hash password and if the variable is not set ever again so this is the configuration that we are doing to create this middleware called admin out and again as before as in the same case of the middleware for the https redirection we have to use to apply that new middleware so we are here in this last line we are applying that middleware that's all we have to do now we can just copy those files to the remote server and if we try to execute them let's actually go and try to execute them we're going to see that we get an error that says variable not set because we haven't created the variable for username and hash password so that's what we are going to do next we're going to create the variable for username so we're going to say export username is going to be equal to admin that way we just created the variable for username and for password we're just going to have a very simple password that is just gonna be change this for this example you will set the password to whatever you want now we are not using the variable password we are using a hashed version so we need to generate this hashed version to do that we can use the command open ssl of course copy the right thing or i got the connection just yeah i think i lost definition let me just create a new terminal and connect to the remote server so i'm gonna go to the directory again i'm gonna again export the variable username and now i'm gonna export the variable password because we lost that and now we're gonna use these command this one open as i said the sub command password with this configuration and this is going to generate this a hash like this but we need to store this on a variable called hash password so we can actually call it like this so we are saying let me try to move this a little bit we're saying export the variable hash password and the contents of the variable hash password will be the result of calling this command that uses the previous variable that's what we do and now we have all the variables in place we can just try again and start our docker compose for traffic so this is going to go and recreate the traffic a container with the new configurations but remember that we added this volume here here it is they're working with the certificates so this is going to preserve the previous certificates and it's just going to acquire the new certificates that we need now and now we can just go to the url for remember that we added this subdomain traffic dot plus api with traffic to kangaroo.com we can go there and now we see that it's automatically redirected to https and we have a certificate and the certificate is valid and everything and we can see all the configurations and we can see that it has http and everything and we can see the other services here now let me show you what does the authentication that we have do let me open a new incognito window and let's open it here so that it doesn't remember the credentials that i added the last time i tried all this so i'm going to go there and now we see this is the basic authentication that we are talking about so i'm gonna go and say admin change this sign in and it works that is the basic authentication that we are talking about so we can protect the application that doesn't necessarily need to have some internal authentication we can protect it from outside using traffic i think that's super powerful i'm going to show you another example that is going to show how this can be super useful so a dashboard is going to be the commit of this change and now what we are going to do is that we are going to because we created that authentication model where we can now reuse it in other places in our docker compose we're just gonna add the same word that we created just that's the only change that we have to see here and now we just copy that file to the remote server and now we can just start our application again the main docker compose and i can restart it and now if we go let's go to the incognito window so that it doesn't remember any passwords that we that i tried before now i can go to files api with traffic.engine.com and now we get basic authentication handled by traffic before getting to our application now i can say admin change this and we get the response from the api we can go to dogs and we can get the interactive api documentation but to go to this interactive documentation the browser has to send those credentials that we created for fast api you could create an authentication system very easily using r2 and like even having a single sign-on or something like that but for many other applications that don't have integrated authentication it might be a lot more difficult but then traffic can do all that work for you which is very useful so i'm gonna add this basic valve and i'm gonna show you another example that i think is very very cool so we are going to add a new couple of applications we are going to have a streamlit application that has all the same configurations and all the same stuff i'm not going to show you the code on the docker file but we can see that it has the same labels and everything and it doesn't have like any type of authentication internally and we're also going to add a panel application that will show a bulk visualizations and a pandas data frame and we are not adding any internal uh authentication to that system we are just gonna add you can see here in this line we are adding the same needle word that is going to handle basic authentication this is for string lead and for panel we're also adding the same middleware to handle basic authentication now we're going to copy this to the remote server and we're going to start this is all this is all on the same stack that we had before i'm going to start this stack this is going to take a little bit because it has to build the streamlit docker image and it has to build the panel to her image and they have a bunch of dependencies so it has to build the images first then it's going to start the images which include all the configurations for traffic and all that stuff but meanwhile i'm gonna show you that this docker file is the same docker file sorry this docker compose file is the same docker compose file that we have before we have several services this is what the composer is made for so you can have several services uh put together in the same stack we have the backend which is the fast api application that we were working with and now we also have a stream with application and now we also have a panel application and they are all together on the same stack we could also have multiple stacks and because we have a single traffic that is handling all the https certificates it will be able to handle those multiple stacks uh in other places too so we don't even need to put everything on the same file but for this example it's easier to just have it on the same frame now we are just adding all this and we just have a very simple docker file for streamlid and a very simple docker file for panel the configurations the code for streamlet is just the same sample application uh that you can see on the streamlit website and this day one for panel is also the same sample panel application you can see more about that here streamlit so we're just gonna build a very simple example like these ones and the one for panel we're gonna have a very simple example like this one for panel that shows a bulky visualization and has a data frame and has some configurations and some sliders here this is going to take a while to build because it requires a bunch of dependencies a bunch of things that need to be there working together but then we're going to be able to see that and these these systems a panel and string they don't necessarily need to have any type of authentication by themselves they just show the visualization but then we have authentication with traffic on top of them using this basic out trick and because this is everything going through https it's going to be secure and we're not going to have any problem of sending the password through an insecure connection because it's going through a secure connection let's see this is still going to take a little bit more meanwhile we can just add everything to git stream it and now in this way you can create any type of visualization any type of system that you have that is some type of web application and you can put it on a remote server that other of your colleagues or internal parts of the system or i don't know maybe some finance users will be able to access to that application that you created with https i think i probably lost the connection here let's create another terminal make sure that it's all working so i'm gonna go to the directory again and i'm gonna run the last command that was composed actually let's just copy because i don't know if he's there on the history so i'm just going to copy this one and start it again to make sure that ah yeah it had finished and the terminal just died but it doesn't matter because it's running there on the remote server now i can go here to streamlead the fast api with traffic.tml.com and we get authentication basic authentication i can say admin change this is the same password that we configured and now we get a streamlined application that is running on the server we can change stuff here and it's actually executing code on the server and updating the user interface that we gave here and the thing for [Music] yeah and we get again the basic authentication i can do admin change this i typed it incorrectly admin change this and now this is going to go and communicate with panel and we get an interactive panel a user interface so we can move here and the pandas data frame is going to update live and we can change the dividers here to update to update the data that is shown we can select other types of data and we can have all these remotely on a server that is secured and working correctly so that's what i have for you thank you very much you can go and check the documentation for fast api at this address you can also check more about me and i encourage you to go and check the documentation for traffic and build awesome stuff with traffic because it's really really good thank you

Info

Channel: Traefik Labs

Views: 19,640

Rating: undefined out of 5

Keywords: docker, kubernetes, microservices, golang, traefik

Id: 7N5O62FjGDc

Channel Id: undefined

Length: 63min 46sec (3826 seconds)

Published: Wed Feb 24 2021