You can read an excellent description of it here, in the Docker Reference Architecture: Designing Scalable, Portable Docker Container Networks. It uses an overlay network for communication between containers providing the same service.
Now it is, with the release of version 1709, so we can see how it all works.ĭocker Swarm enables containers to operate together to provide a service, across different nodes in a cluster.
On Windows Server 2016 before the latest version this routing mesh is not supported. It also supports a routing mesh, which load-balances and routes incoming connections to the containers. It uses an overlay network for communication between containers on different hosts. Version : '3.3' services : traefik : # Use the latest v2.2.x Traefik image available image : traefik:v2.2 ports : # Listen on port 80, default for HTTP, necessary to redirect to HTTPS - 80:80 # Listen on port 443, default for HTTPS - 443:443 deploy : placement : constraints : # Make the traefik service run only on the node with this label # as the node with it has the volume for the certificates -public-certificates = true labels : # Enable Traefik for this service, to make it available in the public network - traefik.enable=true # Use the traefik-public network (declared below) - =traefik-public # Use the custom label "nstraint-label=traefik-public" # This public Traefik will only use services with this label # That way you can add other internal Traefik instances per stack if needed - nstraint-label=traefik-public # admin-auth middleware with HTTP Basic auth # Using the environment variables USERNAME and HASHED_PASSWORD - =$`) -public-https.entrypoints=https -public-https.tls=true # Use the special Traefik service with the web UI/Dashboard - # Use the "le" (Let's Encrypt) resolver created below - =le # Enable HTTP Basic auth, using the middleware created above -public-https.middlewares=admin-auth # Define the port inside of the Docker service to use - =8080 volumes : # Add Docker as a mounted volume, so that Traefik can read the labels of other services - /var/run/docker.sock:/var/run/docker.sock:ro # Mount the volume to store the certificates - traefik-public-certificates:/certificates command : # Enable Docker in Traefik, so that it reads labels from Docker services -providers.docker # Add a constraint to only use services with the label "nstraint-label=traefik-public" =Label(`nstraint-label`, `traefik-public`) # Do not expose all Docker services, only the ones explicitly exposed =false # Enable Docker Swarm mode # Create an entrypoint "http" listening on address 80 =:80 # Create an entrypoint "https" listening on address 443 Swarm enables containers to operate together to provide a service, across different nodes in a cluster.
The guide includes how to expose the internal Traefik web UI dashboard through the same Traefik load balancer, using a secure HTTPS certificate and HTTP Basic Auth. But this article is focused on Docker Swarm mode. These ideas, techniques, and tools would also apply to other cluster orchestrators, like Kubernetes or Mesos, to add a main load balancer with HTTPS support, certificate generation, etc.
Get all its configurations automatically from Docker labels set in your stacks (you don't need to update configuration files).Add HTTP Basic Auth for any service that you need to protect and doesn't have its own security, etc.Acquire (generate) HTTPS certificates automatically (including renewals) with Let's Encrypt.Handle multiple domains (if you need to).Expose specific services and applications based on their domain names.Now you can add a main Traefik load balancer/proxy to: So, you have a Docker Swarm mode cluster set up as described in. If you have something already deployed, there are chances it uses those previous guides.īut for new projects, continue here. There are many applications and some project generators based on the previous guides for Traefik version 1.