Træfik is an open source cloud-native company that makes cloud networking solutions. Here we will use their proxy to create a reverse proxy serving as the entrypoint for all incoming connections to your server.
Træfik Proxy also supports load balancing but that is set to be covered in a later update since it's not necessary in most cases.
Reverse proxy
Before digging into the setup of Træfik Proxy it would beneficial to have a brief understanding how reverse proxies work and how Træfik Proxy is meant to be used.
docker-compose.yml
version: '3'
services:
traefik:
restart: unless-stopped
image: traefik:latest
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --providers.docker
- --providers.docker.network=web
- --certificatesresolvers.leresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
- --certificatesresolvers.le.acme.email={EMAIL}
- --certificatesresolvers.leresolver.acme.storage=/acme.json
- --certificatesresolvers.leresolver.acme.tlschallenge=true
- --log.level=INFO
labels:
- traefik.docker.network=web
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- web
networks:
web:
external: true
Improve performance with Varnish
Varnish is an open-source web application accelerator, also known as a caching HTTP proxy. It is designed to significantly improve the performance of websites by caching content and serving it quickly to users. Varnish sits between the web server and the client and stores copies of web pages or assets in memory.
In the following updated docker-compose.yml I have updated it to include Varnish cache for all proxied sites.
You might notice a few extra ports and a service attached. This allows you to investigate both Træfik and Varnish from their dashboards.
version: "3.8"
services:
traefik:
image: traefik:latest
restart: unless-stopped
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --providers.docker
- --providers.docker.network=web
- --certificatesresolvers.leresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
- --certificatesresolvers.le.acme.email={EMAIL}
- --certificatesresolvers.leresolver.acme.storage=/acme.json
- --certificatesresolvers.leresolver.acme.tlschallenge=true
- --log.level=INFO
labels:
- traefik.docker.network=web
ports:
- 80:80
- 443:443
- 8080:8080 # Expose Traefik Dashboard on port 8080
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
varnish:
image: varnish:latest
restart: unless-stopped
depends_on:
- traefik
networks:
- web
ports:
- 6081:6081
environment:
- VARNISH_BACKEND_HOST=traefik
- VARNISH_BACKEND_PORT=80
varnish-dashboard:
image: eeacms/varnish-dashboard:latest
container_name: varnish-dashboard
depends_on:
- varnish
ports:
- 6085:80 # Expose Varnish Dashboard on port 6085
networks:
web:
external: true