Traefik principles

Traefik is both a reverse proxy and a load balancer. Its design is composed of four parts:

  • Entry points, which are the listening connections with the outside world
  • Frontends, which define routes with the backends
  • Backends, which provide load balancing between several servers
  • Servers, composed of Docker containers

Servers are the entities that are controlled by Traefik. The complete configuration of Traefik can be done via a TOML configuration file. Several parts of this configuration can also be set with Docker labels. Mixing both of them allows us to automatically configure Traefik when new server containers are started.

The functional principles of Traefik are shown in the following figure:

Figure 11.6: How Traefik works

The entry points can be configured by specifying a port, an optional SSL configuration, and an optional redirection to another entry point. The following is a configuration example:

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
      certFile = "./cert/traefik.crt"
      keyFile = "./cert/traefik.key"

This configuration defines two entry points:

  • The first one is an HTTP entry point on port 80 that is redirected to the HTTPS entry point. In other words, it redirects all HTTP traffic to HTTPS.
  • The second one is an HTTPS entry point on port 443. Its certificate and private key are configured with files.

The frontends support two kinds of configuration: modifiers and matchers. Modifiers are rules that change the original request (such as adding a prefix to the request path, or rewriting it). Matchers are rules that just match to the incoming request. Here are the most common matcher rules:

  • Headers: Matches if the request contains the provided header/value pair
  • Host: Matches if the request is for one of the provided hosts
  • Method: Matches if the request has one of the provided HTTP methods
  • PathPrefix: Matches if the path of the request starts with one of the provided paths
  • Query: Matches if the request contains the provided query strings

Configuring frontends via labels allows us to automatically register them when a new Docker server is started. For example, for one container, the following section can be used in a docker-compose file:

labels:
  - "traefik.frontend.rule=PathPrefix:/api/transcode/v1"

This rule matches any request that starts with the path /api/transcode/v1.

Finally the backends support the following settings to configure load balancing:

  • Server weight: This allows us to load-balance between several servers of different capacities. When different weights are set on the server instances, then each server receives a number of requests proportional to its weight.
  • The load balancing method per backend: Two methods are supported–Weighted Round Robin (WRR; the default), and Dynamic Round Robin (DRR). The WRR method uses weights to distribute the requests on each server. The DRR method takes into account the performance of each server to increase or decrease its weight dynamically.
  • Circuit breaker: This allows us to temporarily disable a server that is broken or behaves badly according to the provided metrics. Metrics can be provided based on latency, network error, and result errors.
  • Maximum number of connections: This allows us to protect a server against heavy loads.

The Traefik documentation provides all the details on these settings, with some examples of how to use each of them.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.116.14.245