Getting Stuck in Traefik for a While
This is part of my series on building the next v4v.app (v2)
This is a value for value post: see the explanation in the footer.
Traefik is a reverse proxy
If you've been around on the internet a while maybe you've heard of the word proxy[1]. But what you need when running servers is a "reverse proxy". This is a server whose job is to send work to other servers.
A reverse proxy is a type of proxy server that sits between a client and one or more servers, acting as an intermediary on behalf of the server or servers. Unlike a traditional forward proxy, which is used by clients to access resources on the internet, a reverse proxy is used by servers to handle incoming requests from clients.
In order for my new website to work, I need to put it on a server and I need to configure software called Traefik to do it.
I have a love hate relationship with Traefik. I started using it almost two years ago after watching a video on YouTube. I followed that precisely and got it working but later realised I had very little clue how it works.
So now I've gone back in and learned how to do a basic configuration from first principals.
HTTPS SSL Certificates
There's another reason we use a reverse proxy: SSL certificates and HTTPS. Traefik handles this.
Learn from my code
I'm not going to explain absolueverything, the code is on Github and I'm happy to help if there's something you don't understand.
https://github.com/brianoflondon/v4vapp-frontend-v2-traefik
Two Docker Containers
Half the magic happens in the docker-compose.yaml
file:
services:
traefik:
image: "traefik:latest"
container_name: "traefik-p51"
ports:
- "80:80"
- "443:443"
volumes:
- ./traefik:/etc/traefik
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-ssl-certs:/ssl-certs
networks:
- traefik-public-p51
env_file:
- .env
restart: unless-stopped
dev-frontend:
container_name: dev-frontend
image: brianoflondon/v4vapp-frontend-v2:develop
restart: always
labels:
# Enable Traefik for this specific "api" service
- traefik.enable=true
networks:
- traefik-public-p51
This fetches two containers: traefik
(the reverse proxy software) and my own v4vapp-frontend-v2
which I wrote about creating yesterday.
I haven't yet written up how the project I posted about yesterday gets to Docker's Hub (it's via something called Github Actions) but that will be covered soon.
Important points to note is that both these containers are in the same network (traefik-public-p51
).
The second file is the traefik.yaml
It actually is possible to do all this in one docker-compose.yaml
file but I find this to be unwieldy. If I have a complaint about Traefik it's that because it offers a range of different ways to configure itself, it becomes very hard to know what to do.
SSL with Cloudflare
I'll just point out this part which is responsible for generating SSL certificates in conjunction with being able to alter Cloudflare's DNS settings. There's a .env file in the folder which holds an API key from Cloudflare. On Github there's a .env.sample file with some instructions.
# These resolvers use Cloudflare DNS API instead of web challenge
certificatesResolvers:
cloudflare-production:
acme:
email: [email protected]
storage: /ssl-certs/acme.json
caServer: "https://acme-v02.api.letsencrypt.org/directory"
dnsChallenge:
provider: cloudflare
Hopefully this very simple configuration will give you some ideas how to use it yourself.
I'm using Cloudflare
One thing to note is that I'm using Cloudflare. This allows me to redirect traffic from Cloudflare into my reverse proxy which can be running anywhere and also handles DNS challenges for the SSL certs. I will eventually be running this on a @privex server but just for now it is running on an old laptop I have at home.
Just by redirecting the DNS entry 2.v4v.app will go wherever I want, and right now it will come to my home. In addition Cloudflare will not reveal my home IP address.
Value for Value
For the last few months while building @v4vapp I was generously supported by the DHF. Going forward I have a much more modest support which covers direct server costs and a little of my time.
If you appreciate the work I do on and around Hive, you can express this directly: upvoting posts on Hive is great. Also consider a direct donation (there's a Tip button on Hive or a Lightning Address) on all my posts.
Support Proposal 244 on PeakD
Support Proposal 244 with Hivesigner
Support Proposal 244 on Ecency
Vote for Brianoflondon's Witness KeyChain or HiveSigner
- Get Fountain for Podcasts and 3speak shows
- Find me on Telegram
- V4VAPP Support on Telegram
- Vote for Brianoflondon's Witness KeyChain or HiveSigner
- Vote for Brianoflondon's Witness direct with HiveSigner
- Find my videos on 3speak
- Verify my ID and Send me a direct message on Keybase
In computer terms, a proxy refers to a server or software application that acts as an intermediary between a client device and another server or service on the internet. The proxy server essentially makes requests on behalf of the client, which allows the client to access resources on the internet indirectly without revealing its own IP address or other identifying information.
Proxies can be used for various purposes, such as to improve network performance, filter content, or enhance security. For example, a proxy server can be used to cache frequently requested web pages and serve them to clients from the cache instead of retrieving them from the original web server each time, which can reduce network traffic and improve response times.
Proxies can also be used to filter out unwanted content or restrict access to certain websites or services based on predefined rules. In addition, proxies can be used to enhance security by masking the client's IP address and encrypting traffic between the client and the proxy server, which can help protect against network-based attacks and surveillance. ↩
https://twitter.com/LovingGirlHive/status/1656638784853647363
#hive #posh
good stuff
Yes, I had heard about Proxy word, as I read about it when I was studying, due to some reason I had to stop my study and change my direction, But I know how it works, My study background is related to computers, I have done masters in computer science, but due to change of profession, I have almost forgotten about most of the things. One thing I wanna say, you are doing a great job, keep it up, I can't wait to use your v4v app @brainoflondon
Honestly knew about proxy but didn't know about reverse proxy. Thank you for bringing up the matter nicely and for the update.
As we all know that technology has progressed a lot and in today's era such things are helping us and making our work much easier now this app which is more helpful if it puts you at ease with your client the way you're telling them. Such a thing has made everyone's life much easier. I haven't used it yet but I will definitely use it as you mentioned. I have been reading your posts for a long time and you are making it very good and we hope it becomes more popular.
That was really amazing stuff
https://twitter.com/HamzaSial328600/status/1656709436998660096
#hive #posh
I know mostly about NGinx which can also be configured as a reverse proxy. But as always, could to learn about other solutions like Traefik that could do the job and maybe better.
I couldn't find an easy guide to getting nginx working with SSL certs. Traefik wasn't easy either in the end but I got there!
This is really an amazing stuff your really working on and it would be very useful for other people to gain idea about the proxy stuff.
When I was in my college during my graduation, this proxy word was very popular. Your post refreshed all my memories of that beautiful time. When any friend of our group was bunking the lecture and we were taking his attendance while he was absent. This proxy thing saved many of us as we were not always willing to attend those boring lectures.