What is Traefik?

Traefik is the leading open-source Edge Router that allows publishing of your we use to publish your ECS (Elastic Container Service) services in a transparent way. It receives requests on behalf of your system and finds out which components are responsible for handling themservices and routes them to the responsible container instances.

I already have an ECS setup can I migrate to Traefik?

Traefik replaces our previously used If you currently use our old Nginx proxy setup with ECS, you can migrate to Traefik. In that case you want to migrate please get in touch with us and we will discuss the specific conditions for of your project with you.

How does Traefik work?

Traefik automatically discovers your ECS Services services and routes requests to them using predefined patterns to the specific services. Those patterns i.e. hostheader match (such as by matching with http host headers) have to be defined with Root360 configured by root360 as you can not alter them by yourself.

Lets assume we have a Admin an admin and a Frontend frontend service in our ECS cluster and both should be available via public connections. In addition to this we run a Api an api service that is not available to the public and therefor therefore only accepts requests started from internal IP addressesIPs.

We now need the follwing following information from you to setup the routing. :

With this we have defined that the API api is accepting only requests via a given domain and path and is both forwarding port 80 and 443 directly to the service but only accepts internal connections.

The Admin admin service is running on a subdomain reachable via the subdomain “admin.root360.cloud” and only accepts https connections on port 443 which are directly forwarded to our the service.

Our Frontend container is accepting everything else on the given domain but The frontend service is accepting all other external requests from any subdomain of root360.cloud on any path and like admin only via port 443/https and . Traefik is offloading this these connections to http to our ECS the service so that the service does not need to handle SSL.

Traefik supports additional routing patterns. For that please see the official documentation: https://doc.traefik.io/traefik/routing/routers/#rule

Can I see my current routing rules?

Traefik is attached to 2 two AWS Application Loadbalancers by default. One external and one internal. The internal loadbalancer is providing the Traefik dashboard where you can check your routing configuration.

In order to connect to the dashboard you need to retrieve the internal endpoint first, which can easily be done via Orbiter.:

With this endpoint you need to create an SSH tunnel and than then access your forwarded port on localhost.

Once your tunnel is setup set up you can access the dashboard with your browser and check your routing.

Traefik status overview

This dashboard show shows you the health status of all connected services and routing configurations.

Active routing rules

In this perspective we can see all currently active routing rules with some additional information like TLS state.

Service details

In this perspective we can see details for one specific service. This Includes the registered docker containers in this service with their respective IP adressesaddresses.

Routing details

This dashboard shows all information for the selected routing rule.

Related tutorials

Related Components