How to use Traefik (Part 1) - Introduction to Traefik

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hello everyone this is Kamran from Rockman Norway and I'm here with you with some very interesting videos on traffic reverse proxy it's going to be series of videos maybe three or four I don't know we get and there would be lecture styled because I want to show you how it works not just that it works so there would be a bit longer than usual so it's very exciting I'm very exciting topics for you so let's get to it I want to warn you am a little that I have bad throat and I'll try not to cuff in the mic I will try to mute it the first thing we have is the material which I use used for this video and all of that is there in our github repository github.com slash drachma slash learn traffic and if you browse down scroll down you will see two links to videos on the same topic which I made few days ago they were in Urdu or Hindi so you can watch them on my youtube channel then we have topics covered in this video and all of these of course will be covered so let's start first let's visit traffic's official website which is traffic dot IO and traffic the actual English word of course is traffic but they play it a little on the spelling and introduce this Norwegian alphabet here which sounds something like air so I'm not born native Norwegian so even I have trouble pronouncing it correctly but anyhow so traffic what what is traffic it's it's a cloud native edge router as they say and and for in easy words it is a reverse proxy or simply a proxy or an SSN Terminator when they say cloud native as root oh it means that this supports a lot of cloud providers and it works with their api's and what it does is something very intelligent it basically talks to the cloud providers api and and just auto configures itself it provides some very nice dashboard which you can see here this one this is the the actual dashboard which traffic provides and this is the health matrix starts interface on the same on the same port on the same page and this is the official diagram which traffic provide so I thought I will just use this one so traffic sits between the internet and your infrastructure and it talks to whatever back and provider you might have for example docker or kubernetes and if you configure it to talk to that provider and then it it it Auto configures itself it does all the automatic routing sets of all the you know it does this Auto discovery and automatic routing to the backends and automatic also also load balancing if your backends are multiple copies so it does load balancing between them now it provides matrix tracing and logging and it also provides HTTP termination it's very very interesting and very fast and very lightweight 74 megabytes is the size of its binary no not the binding the docker image the Alpine image very small and it says here that how you would run it or download and install it it's very simple you just run the statically compiled binary which is traffic itself and then you can optionally provide it a traffic configuration file which is called traffic Tuman they also provide you with a sample configuration file which is very well documented if you if you look at it it's a lot of comments and yeah so it's a lot of documentation it's very very very well explained and simple as well the docker image you can run like this and that of course two versions of docker images one is the regular one and the other is Alpine and I'll be using Alpine throughout this video right so this was traffic and this is how you run it so let's go to their documentation website where is it oh by the way I forgot to mention that a lot of people are using traffic a big companies and let's see they're serious documentation of course here so it gives you the usual information and it has all these features of course you can read all about them and it supports all these back and providers docker communities Amazon Azure and here is a very small QuickStart Quick Start Guide it just gives you your dr. Campos file and asks you to bring it up and we'll do the same but before we do it I'll just show you that this is in this compose file it's creating a service called reverse proxy that's just the name you can give it any name you want using the traffic image docker image and it's passing two command-line parameters or switches or modifiers to the you know to the image which will of course pass it to the binary behind the scenes and it's exposing and mapping to pores one is port 82 the host 80 and port 8080 the host 8080 so this port 8080 comes alive when you pass the dash dash API switch or parameter and dash dash docker parameter tells it that it's supposed to use a darker back end or the docker is the provider at the back end the service provider for the containers or the services and when when it it knows how to talk to docker but to talk to docker it needs to know a so called talking point right so we can provide this mount the dock socket from the host within the traffic container so traffic could talk to it and extract all the information from the darker provider docker API all right so we can bring it up like this and docker can let's see what what happens so here is my computer and I'm this posit Ori in this directory I can go to examples and there is a quick start and I have the same dock compose with the documentation website for whites and I was verified that I have no containers running right now and for the sake of completeness I would actually clean up if there is anything in the in the stopped State okay so I don't have anything on my computer running I can now start this compose staff so I'll do docker compose up minus D and I see one service I started so I will sue docker PS and I can also do docker compose PS which is exactly the same thing it's just a different format of output so here's the docker compose output which shows me that this is the name of the container it has created with this entry point with these switches and it's up and of course it is mapped it has map port 80 from the host to a port 80 inside the container and also a port 8080 from the host inside to port 8080 inside the container the traffic container so we have it up and running let's see what do we get when we go to port 8080 on localhost and this is the same computer on which I'm working so I'll open up a browser here and I would try to open a and incognito mode every time localhost colon 8080 and it shows me this dashboard by default which shows me one front end and run back end and if you if I click the health tab I get almost nothing means there is something but it's almost useless at the moment so we have providers and we are backends what front ends in what back ends has it configured it has configured reverse proxy Quick Start zero it has configured a hosts route that if this happens then take it to this back-end and here is this back-end and here's the container and it's most probably of course or certainly the IP address of the traffic container all right but this is not much used to it this is not no sorry this is not much used to us because just by running a proxy we don't get anything we want to run it wins with some other containers and see how it does routing and how can we modify the routing and how can we use it to our benefit so let's go back to do to the terminal and let's see some files here before I move on to a better example I want to show you that when you do the dash dash API - docker such as with as you did in this in this compose file then what is the default config file which is created so I want to show you that how does it look like and this is an example QuickStart file which I have just created myself a default entry point of HTTP is created and if we go back to our this interface the dashboard you'll see that this is the this is the entry point here which I am talking about one HTTP entry point is created and this is the default entry point for now according to this configuration it says that it has a docker back-end and it is going to talk to it on this socket or this file which we need to mount inside the container of course and this API will enable a dashboard and will also set up - dashboard as entry point for this sport so when you can when you enable API 18 AB and you say dashboard is true then it basically creates a dashboard service which runs on port 8080 and anything which is a red - related to 8080 is passed to the to the to that part of the service here we have some entry points which says if entry point is HTTP then take it to port 80 and if entry point is dashboard and take it to port 8080 so what does it what does it mean when we have this API and that's also interesting question so when you have this dashboard that's not the only thing which the API provides or the API section provides it also provides you with the actual traffic api is for example slash api if you type this you will get certainly certain information if you change it to slash help you will get some other information and there are many different API as which traffic provides and we are going to look at it in a moment so the QuickStart is done let's go to our repository and I want to show you all the API switches our endpoints which traffic provides so we have this link which is traffic's configuration link a website link and it shows you a sample configuration and if you scroll down you will see this API and you will see a lot of endpoints here right so it's not a good idea to enable API and then just leave it unprotected because anybody who can reach a port 8080 can extract a lot of details from your API so we'll see how to how to protect it a bit later let's stop this QuickStart and let's start another example so I'm going to do a docker PS and do a docker compose stop and also docker compose remove - F very good I move back one step and I I have examples so I go to example one and I hope the fort is big enough for you to see all right let's see if this is not problematic for me let's use this for size I have example one and I have a docker compose file in that so let's have a brief look at that it has few services traffic and the next apache tomcat MySQL and they are shown in an example in a diagram I mean let me show you the diagrams as well which I completely forgot so this is actually the diagram of quick start when you start traffic just by the quick start example it sets up a container it sets up this port forwarding and all that but we are we have we have covered that already so let's go to our next example this is our next example so we are going to start nginx Tomcat and Apache and MySQL one two three four and traffic five containers and if you look at this example it has traffic container itself then it has nginx and then it has Apache Tomcat and MySQL and for now I will not use this port to keep it simple this is port 80 map to port 80 on my host 8080 as before just like Quick Start then we have some simple very simple containers nginx will run until Excel point at will mount an index dot HTML file on index on engine X's default document root and then we have Apache container and that also mounts a very small index file on its default document root we have tongkat and I have not specified any container sports or anything because I am assuming that all of these containers have have an expose command in their container definition and that's the Duster port they are exposing but you can use you can use a port explicit port come on here I'm not going to use that and it's not necessary there is a mysqldb which is just an example to rep to kind of show you a real world example that there is a web server which talks to a back-end database so there's a database running in the stack and it has an environment variable which is necessary for my school to come up this is something very simple a very simple stack right and let's have a look at traffic normal file which I have here in this example and what I have here is some additional things which is a log level I've increased the log level and I would strongly advise that you always have some logging enabled otherwise you'll have a hard time figuring out why traffic is not working or if it's working how is it working okay so it has a docker backend and then we have this special thing called expose by default is true we will see that in a minute and that's it that's the a that's the docker file we have nothing special and that's the end of it so let's exit this file and let's see if we have anything running no so let's start this I'll clear the screen and do docker compose up - Dee and it started five containers I want to verify so I'll do docker compose PS and I see five containers very good and let's have a look at diagram this is the diagram and I have five containers I have bought 80 and 80 80 mapped to traffic only and rest of the containers whatever their ports are they are not mapped on the host very good let's briefly look at the logs of traffic so logs - logs just logs of this container and it will show you some some logs it will start from what configuration file it uses what version it runs and it prepared the HTTP server it repaired the dashboard and it's now listing on these two ports and it's now talking to this provider and it gives you an error undefined entry points HTTPS but it otherwise it has started and that is because in my traffic door to mod file here I have this HTTP entry point added I can remove it for now because I'm not using HTTPS in this example so I'll just save and exit and I would just for the sake of completeness I will stop and remove and bring it up so you don't see these errors because errors are not good for students errors are not good to study anything docker compose I mean they are good but you know you should know then how to fix them and that's another good learning track but right now I want to eliminate any confusion so I've removed I've stopped and removed the previous stack and bring it bringing it up again okay so I drew docker PS I have five containers running if I do logs again I have I have the logs started let me reduce the font of it okay I have these logs it started this version isn't that HTTP and dashboard and talking to this docker provider and now there are no more errors and it just says that it's configured and reloaded on port 8080 that's good since it's mapped since it is mapped to our host I can just go to my host now this is the incognito browser right so I will do a localhost it 8080 and this time I see five front ends and five back ends okay so how is it how does it look like and I'll spend a bit of time here because I want to highlight few things first thing is it has found all the front end so it has given them street names and it has configured some host rules for them and each front end has a back end and that back end is on the right side and then it goes to the backend container the actual container and the port so in case of a party it has configured it as a party dot example one and it will it is going to send all the traffic when it reaches Apache dot example1 to this container at the back end it has done similar thing with MySQL and will send it to port 3306 on another container it has detected nginx and this is the Indian X back-end it has detected the Tomcat and will send it to this back-end which is support 8080 which is correct and has detected traffic and it has its back-end which is here and it presented to port 18 so there are a few problems here and few confusions might be confusion for you that how on earth it figured out this thing this host rule this is supposed to be the host name or the fqdn of the service but how does traffic know about this so the point is at the moment our docker compose file doesn't contain any information on how these hosts are supposed to be routed neither does our traffic normal file so when did this piece of information is missing then traffic tries to use its intelligence and what it does is it takes the service name from the docker compose file in an Apaches case it was just Apache and appends the directory name from where it's running and in our case that is example 1 and it joins it together and makes it fqdn so to speak so if you go to terminal now you see that I am in example 1 directory where I have all these files here right so this is how it has done the naming all right and as per the diagram I have this naming set up now this is a this is this is with proper names I'm going to set up these names but before I set up these names how on earth am I going to access them and see if it works so I have set up a local naming system and of course on unix and linux it's just the atc host file so if i edit my EDC hosts file i can show you that i have some name resolution set up and the next dot example one traffic tomcat all of them are pointing to one 27001 which is my work computer here so if i access any of those it the request should go to my computer which is listening or on which traffic is listening on port 80 and port 8080 so some of it or this should work i use some of it because of a reason but let's see let's open another tab and say apache dot example one let's do HTTP this one right so press enter there you go press a five and you have apache serving some web page and that's the that's the simple web page one line that i have mounted the one line index rotation human which i've mounted in the as a volume in apache container and i can show it to you here just to avoid any confusion cat docker compose this is the file which is mounted and this file looks like this just one line and the same goes for nginx so if I go back to my browser I see this is an example of net served by Apache but this is not what it says here right this is not example of net but anyhow let's move on let's check in the next example one that also works this time it serves it's served from nginx which is good and it's a different file so far so good if you think that I'm wasting your time right now like checking each and every service it's not so it's it's on purpose I'm going to show you Tomcat so like sorry don't care dot example one so it goes to the Tomcat back-end which which is running on port 8080 this also works now we check my SQL DB so we have my SQL DB dot example one HTTP and I type it and I get an error it says internal server error I press a five a couple of times but I get this error and this is this is what you will see as well and there's a reason to it the reason is and I have to show you the dashboard to to actually show you why it's happening so this is my SQL DB and this is the host routing this is going to the back end this is going to this back end which is okay but the problem is that traffic is an HTTP proxy I forgot to mention that in the beginning it's an HTTP proxy it is not TCP proxy and at the moment it will what we have asked it to do is to take this HTTP request and take it all the way to my SQL container here so my HTTP request goes to traffic traffic forwards it to MySQL but - will say hey I don't understand what you're saying I don't talk HTTP I talked my skew language whatever that protocol is so that's where it gets this error so we have realized by by this that MySQL should not be here and actually database should not be here in the first place you don't want to give access to to your database to everyone from web interface so we need to remove MySQL from here that's one thing and let's let's go to traffic we also have traffic dot example one moon right now let's see what happens if I type traffic dot example one like so what happens it is waiting waiting waiting waiting and it will win 2d time out I'll just stop this one here's the problem traffic has configured itself as well and identified that it is traffic dot example one no no surprise here and sends it to this back-end but it's going to the wrong port it's going to the right container traffic is running on port on IP 0.5 and if you think that it's listening on port 80 yes it is but that's a routing port that's where it receives the traffic to route it further that's not where serving its dashboard so we know that service dashboard on port 8080 so we can type traffic dot example one called immunity 80 and then we'll get the dashboard but that's not announced here that's not visible here right so if I type traffic dot example one it is going to the wrong port and if you look at the docket compose while traffic is listening on to ports so it's basically picking up the first one which it sees and just set such are rooting for that and that's where it tries its own intelligence because there are certain piece of information was missing so we have identified few problems in our set up in the basic set up we have non optimal domain names or host names we don't want MySQL here at all and we want traffic to go to the correct back and forth without me specifying colon 8080 explicitly so we have to fix these problems to fix these problems I have something for you here why all five containers are being exposed is because of this specific setting in the traffic door to Mel file and I'm going to show you and I'm going to remove that for you first I'm going to stop the container all the complete stack of composed stop docker compose remove - F all right let's have a look at traffic dr. Mann file here is the entry which says exposed by default is true so I'm going to change it to exposed by default default to false and I'm going to start the stack again just by changing this this is directive and I see docker PS I have five containers running let's go to the dashboard here's the dashboard Oh what happened to the dashboard nothing happened it's it's showing what you asked it to show you said exposed by default is false so it's not exposing any containers by default to the outside world it shows zero front ends and zero back ends including traffic that's also hidden and this is not what you want right so now we are going to enable these containers so let's go back to our terminal and let's stop this first because we don't need this one and now I have a helpful file for you which is called traffic no sorry dr. Campos advanced so I can do it I can do copy target imposed or yeah me too dr. Campos simple and that's copy that's edit the advanced file and just have a look so what we are doing here is is the same file with some added directives there are labels and they are labels for all the containers we are interested in right so let's do that I'm going to copy docker compose dot advanced file to docker compose Yemen I'm going to override that I already made a copy as simple as doctor compose document or simple so I can modify this so now I'm now I'm modifying this file I'm going to remove this directive here this is not interesting for us right now okay so what I'm going to do is basically this is the thing which I want to be enabled right I want this special label so let's just for now for the sake of complete understanding let's just set up traffic dot enabled equals true in all these containers and in MySQL I'm not setting that label up I want it to be hidden right and remember it's going to be hidden only from the from the outside from within the stack they all can talk to each other and I'll show it to you in a moment okay so we have Tomcat we have a party very good and the nginx I can actually change to okay nevermind sorry I don't want to confuse you at the moment I'm going to just enable these and there is no need of 4 4 3 4 now as well this is the very this is very very simple example right and we don't have anything running right so let's bring this up docker compose up - d hmm very good sorry docker PS I have five containers very good I'd like to see that docker compose PS that's the same output of course yeah let's go to the dashboard this one and you'll notice that it automatically configures itself at these refreshes itself not reconfigures refreshes itself now I see four backends I see a patchy I see and the next I see Tomcat I see traffic I don't see mask UL and the other problems still persist the host names are incorrect and traffic is still going to this back-end which is going to port 80 this is not what we want so we are going to fix that as well now my school is hidden how do I check that it's with it's still accessible right so I go to my dacha compose stack order terminal and I log into one of the one of the containers I docked I log in docker exact minus eight and the next no sorry name of the container which is this one and I do slash bin slash okay I can do ping my SQL DB which is the name of the service and it pings it it's pinging the correct container I can ping Apache and will ping the other container notice this is 0.3 I could do telnet to my SQL DB on port 3306 oh this container doesn't have telnet of course not this is a very small cut down version of al nginx and that to be an Alpine but there is a small container we have made at pragma which is very very very helpful and I should have actually used that so I can I can briefly show you I can stop this stack because I'm going to enable that that container is called multi-tool I'm just going to change one image I'm going to say nginx and this is going to be it's going to be called pragma slash network - multi-tool that's it and let's call it and the next because actually this multi-tool runs nginx as well as a service so let's call it engineer let's let's treat it as that docker compose up - T okay I have I did not have pragma Network multi-tool on my computer uh-huh nevermind it has pulled it it was very small so now now I have my stack still there if I do press F if I press a5 I still have four front ends I have nginx it's going to the right port so let's see how it behaves I don't see my SQL the idea was to show you that master is still available so yeah so let's do docker exec - it and I can log into my nginx container which is actually a multi-tool very good now I can do telnet I can do ping mysqldb it works and if I do I can do dig I can do lots of stuff see it is it is resolving to the 0.6 which was here I can do tell that to any port I can do curl as well so let's do telnet to my SQL DB port 3306 and it goes and talks to it see it has reached the service at least so I know that I can talk to the I can talk to my containers within this stack I can do curl Apache so I was showing you that even if something doesn't show on traffic - but doesn't mean that it's not there for the start to use it alright let's fix the other problems in this compose file on the in this whole stack exit from my nginx container I have my stack running I'm going to stop my stack and yeah come on okay so I'm going to copy rock a composed or advanced file to Doggett impose don't yell file again right and this time I have these rules labels set up this is traffic front and home rule which says host traffic dot example.org it's enabled traffic dot enable is true and it will receive traffic traffic on port 8080 on this container alright very good I removed the 4/4 remapping for now okay and I have nginx set up as nginx taught example comm and also as w w example.com and also as just example.com so I can pass multiple names or see names within the same host front and rule directive or label then I have a party and it is it has this rule a party dot example dotnet www.example.com cat just Tomcat dot example.com and MySQL doesn't have anything because it doesn't need to very good if you notice some of them are example dotnet some of them are example com this is just to show you the diversity in this stack and what all you can have even traffic itself is example at all and this is actually the example in the diagram here so traffic is shown here on the bottom left it is listening on just port 80 and 8080 and rest of the four services are here and the DNS is correctly configured in this way so we will see how it works now so let's go back to our terminal and do save and exit and do a docker compose up yeah up - D very good let's check how many containers are there because I want to see five yes total five containers one traffic and four services let's go to the dashboard and this time i see if i refresh i see front ends for front times for back ends but notice that a party example dotnet is now having these host rules a party dot example dotnet www.example.com this rules this host rule Tomcat has this single host rule terrific has this one example at all traffic dot example at all that's fixed so we have fixed the host names and for traffic we have its back in here and it is listening on the correct port now very good so I'm going to test these in front of you before I do that I'm going to just refresh this old example and see what happens it says 404 not found but by my DNS is still pointing to this host name my ET ce o--'s file still has this entry which is pointing to one 27001 so traffic is listening and receiving this request but why is it saying 404 it is saying this because traffic now does not have any host rules which are named apache dot example one so traffic doesn't know how to handle this when it when when when the traffic lands on traffic web proxy it sees this header and sees well I don't have any back-end for that so it just gives you this 404 page so I'm going to close these tabs and I'm going to open new tabs one by one I'm going to just check and the next not example.com and this time I'm getting a response from my nginx container which is actually the multi-tool I hope it's still the same or is it coming from cache but let's check Apache dot example dotnet and that's coming from the correct container as well this is example dotnet let's check Tomcat dot example.com and that is also coming from the correct container and let's check traffic dot example.org this time without specifying port 8080 on in the URL and this time it goes directly to the dashboard very good so all of our names which I which we configured are working properly the ports for example for traffic it's mapped correctly to the back end port let us click on the health tab and we see certain 200th certain three or two certain 404 yes and we see some response time matrix we see some other stuff great very good so we have fixed we have fixed the host name we have fixed the ports and we have actually configured everything according to this example here so this example example one is complete let's move on to example two in the next video [Music]
Info
Channel: Eficode Praqma
Views: 33,011
Rating: 4.7107234 out of 5
Keywords: traefik, proxy, tutorial
Id: CCfUrWAuxck
Channel Id: undefined
Length: 51min 22sec (3082 seconds)
Published: Wed Jun 19 2019
Related Videos
How to use Traefik (Part 2) - Protection for Traefik’s dashboard
Eficode Praqma
7.8K
Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]
TechWorld with Nana
2.1M
Traefik: A Scalable and Highly Available Edge Router by Damien Duportalt
Devoxx
22K
Kubernetes Crash Course for Absolute Beginners [NEW]
TechWorld with Nana
57K
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
Simple Solutions for Complex Problems - How Workiva uses NATS as a Microservices and RPC transport
NATS
2K
iOS 15 Settings You Need To Turn Off Now
Payette Forward
1.3M
How to Make Your Own VPN (And Why You Would Want to)
Wolfgang's Channel
1.2M
Self-Hosting Your Homelab Services with SSL -- Let's Encrypt, MetalLB, Traefik, Rancher, Kubernetes
Techno Tim
79K
Late Night Docker: Swarm Zero Downtime Updates?
Bret Fisher
5.3K
Traefik - Ein moderner Proxy für Microservices (17.07.2020)
Ein team neusta Freitagsfrühstück
7K
Practical Design Patterns in Docker Networking
Docker
49K
Docker Internals Session1: Introduction to Containers and Docker (cgroups & Namespaces)
TheITNoob
10K
Kubernetes Ingress: NGINX Explained
That DevOps Guy
20K
How to use Traefik (Part 5) - How HTTP challenge works with a real web server
Eficode Praqma
4.2K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.