Configure Traefik as a proxy server with SSL support

[partydrone]

I started including a proxy server as part of my development environment. It allows me to start multiple instances of the same image to more fully simulate a production environment. It also makes it easy to use a custom domain for local applications, as well (e.g., http://my-app.localhost).

The SSL certificates were generated by using my own Certificate Authority which I created following this blog post: Creating Self-Signed Certificate Authority to issue SSL certificates using Certificate Assistant on macOS.

[nickjj]

Hi,

Thanks a lot for opening this PR.

Truthfully I don't use Traefik and I wouldn't feel comfortable adding and maintaining something I haven't run in production. Usually when I want a reverse proxy I reach for nginx because it's a proxy, static file server and load balacer all in 1. Also, typically I run nginx outside of Docker too which I've written about in detail in the past.

For local domains, are you using a dedicated DNS server?

And for running multiple instances of your web container, will Traefik load balance them with rolling restarts or blue / green deployments by default? I didn't see anything in the PR that would mention running more than 1 web container. With Docker Compose you can use docker-compose up --scale web=2 btw, but it's not load balanced and there's no upgrade strategy available.

[partydrone]

I used to use nginx as well, and in my case, any time a containerized app I worked on went into production, it went into a much more complex Kubernetes setup. This is where, actually, I discovered Traefik. From their website:

Traefik is a leading modern reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components and configures itself automatically and dynamically.

Traefik is designed to be as simple as possible to operate, but capable of handling large, highly-complex deployments across a wide range of environments and protocols in public, private, and hybrid clouds. It also comes with a powerful set of middlewares that enhance its capabilities to include load balancing, API gateway, orchestrator ingress, as well as east-west service communication, and more.

So it does support load balancing (layer 4 and layer 7), but what I like most about it is the dynamic configuration. By default, Traefik listens to the Docker process and automatically detects when new containers come online. That way you can use the docker-compose up --scale web=2 command and it will automatically be added to the load balancer for that service. (I sometimes print the container hostname in the corner somewhere so I can see that it's working—sort of like how you print the Ruby version and environment in your default home page.)

For local domains, I just update my /etc/hosts file. Chrome actually manages to resolve the custom domain names just fine, but Firefox, Safari, and Edge don't without the entries in /etc/hosts.

Also, I statically configured SSL certificates, but Traefik does have built-in support for Let's Encrypt.

To be honest, I don't use Traefik for more than development, so that's all it's configured for in this PR. But it's pretty well documented. I wasn't sure if you would accept this PR, so I waited before updating the README with information about it, which I'm totally willing to do.

Even if you don't accept this PR, Traefik is totally worth checking out.

[partydrone]

There is a lot more work that needs to be done on this, so I will close it.

[nickjj]

Thanks for the idea, but yes there would be quite a lot of changes required for such a thing and I'm still not sure going all-in with Traefik is the right move at the time (for this project).