Patreon
Patreon
Træfik Proxy

Træfik is an open source cloud-native company that makes cloud networking solutions. Here we will use their proxy to create a reverse proxy serving as the entrypoint for all incoming connections to your server.

Træfik Proxy also supports load balancing but that is set to be covered in a later update since it's not necessary in most cases.

Reverse proxy

Before digging into the setup of Træfik Proxy it would beneficial to have a brief understanding how reverse proxies work and how Træfik Proxy is meant to be used.

docker-compose.yml

version: '3'

services:
  traefik:
    restart: unless-stopped
    image: traefik:latest
    command: 
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.permanent=true
      - --providers.docker
      - --providers.docker.network=web
      - --certificatesresolvers.leresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.le.acme.email={EMAIL}
      - --certificatesresolvers.leresolver.acme.storage=/acme.json
      - --certificatesresolvers.leresolver.acme.tlschallenge=true
      - --log.level=INFO
    labels:
      - traefik.docker.network=web
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - web

networks:
  web:
    external: true

Improve performance with Varnish

Varnish is an open-source web application accelerator, also known as a caching HTTP proxy. It is designed to significantly improve the performance of websites by caching content and serving it quickly to users. Varnish sits between the web server and the client and stores copies of web pages or assets in memory.

In the following updated docker-compose.yml I have updated it to include Varnish cache for all proxied sites.

You might notice a few extra ports and a service attached. This allows you to investigate both Træfik and Varnish from their dashboards.

version: "3.8"
services:
  traefik:
    image: traefik:latest
    restart: unless-stopped
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.permanent=true
      - --providers.docker
      - --providers.docker.network=web
      - --certificatesresolvers.leresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.le.acme.email={EMAIL}
      - --certificatesresolvers.leresolver.acme.storage=/acme.json
      - --certificatesresolvers.leresolver.acme.tlschallenge=true
      - --log.level=INFO
    labels:
      - traefik.docker.network=web
    ports:
      - 80:80
      - 443:443
      - 8080:8080  # Expose Traefik Dashboard on port 8080
    networks:
      - web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  varnish:
    image: varnish:latest
    restart: unless-stopped
    depends_on:
      - traefik
    networks:
      - web
    ports:
      - 6081:6081
    environment:
      - VARNISH_BACKEND_HOST=traefik
      - VARNISH_BACKEND_PORT=80

  varnish-dashboard:
    image: eeacms/varnish-dashboard:latest
    container_name: varnish-dashboard
    depends_on:
      - varnish
    ports:
      - 6085:80  # Expose Varnish Dashboard on port 6085

networks:
  web:
    external: true

Emil Moe

Software- and Data Engineer

I created this website to help you empower your infrastructure and so you don't need to spend the same amount of hours as me on researching. I chose to make the site ad-free, so if you like what I do, please consider supporting my Patreon.

Become a Patreon

Leave a Reply

Your email address will not be published. Required fields are marked *