| Excerpt | ||
|---|---|---|
| ||
Traefik is the leading open-source Edge Router that allows publishing of your services in a transparent way. It receives requests on behalf of your system and finds out which components are responsible for handling them. |
What is Traefik?
Traefik is the leading open-source Edge Router that allows publishing of your services in a transparent way. It receives requests on behalf of your system and finds out which components are responsible for handling them.
I already have an ECS setup can I migrate to Traefik?
Traefik replaces our previously used Nginx proxy setup. In case you want to migrate please get in touch with us and we will discuss the specific conditions for your project with you.
How does Traefik work?
Traefik automatically discovers your ECS Services and routes predefined patterns to the specific services. Those patterns i.e. hostheader match have to be defined with Root360 as you can not alter them by yourself.
Lets assume we have a Admin and a Frontend service in our cluster and both should be available via public connections. In addition to this we run a Api service that is not available to the public and therefor only accepts requests started from internal IP addresses.
We now need the follwing information to setup the routing.
Service Name | Domain | Path | Connection Port / Protocol | Service Port / Protocol | Service Access |
|---|---|---|---|---|---|
API | api.eu-central-1.root360 | /api/ | 80 (http) & 443 (https) | 80 (http) & 443 (https) | internal |
Frontend | *.root360.cloud | * | 443 (https) | 80 (http) | external |
Admin | admin.root360.cloud | * | 443 (https) | 443 (https) | external |
With this we have defined that the API is accepting only requests via a given domain and path and is both forwarding port 80 and 443 directly to the service but only accepts internal connections.
The Admin service is running on a subdomain and only accepts https connections which are directly forwarded to our service.
Our Frontend container is accepting everything else on the given domain but only via port 443/https and is offloading this to http to our ECS service so that the service does not need to handle SSL.
Traefik supports additional routing patterns. For that please see the official documentation: https://doc.traefik.io/traefik/routing/routers/#rule
| Gliffy | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Can I see my current routing rules?
Traefik is attached to 2 AWS Application Loadbalancers by default. One external and one internal. The internal loadbalancer is providing the Traefik dashboard where you can check your routing configuration.
In order to connect to the dashboard you need to retrieve the internal endpoint first, which can easily done via Orbiter.
With this endpoint you need to create an SSH tunnel and than access your forwarded port on localhost.
Once your tunnel is setup you can access the dashboard and check your routing.
Traefik status overview
This dashboard show you the health status of all connected services and routing configurations.
Active routing rules
In this perspective we can see all currently active routing rules with some additional information like TLS state.
Service details
In this perspective we can see details for one specific service. This Includes the registered docker containers in this service with their respective IP adresses.
Routing details
This dashboard shows all information for the selected routing rule.
Related tutorials
| Filter by label (Content by label) | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Related Components
| Filter by label (Content by label) | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Table of Contents | ||
|---|---|---|
|
| Filter by label (Content by label) | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|