Introduction

In this article, we will explore how to configure Traefik v2.1.4 as a reverse proxy for Netdata within a Docker environment. We will convert a static route example into Docker labels suitable for use in a docker-compose.yml file.

Traefik Configuration

To begin, we will set up Traefik with the necessary configurations to route traffic to Netdata. Below is an example of how to define the routing rules using Docker labels.

Docker Compose File

Here’s a sample docker-compose.yml file that illustrates how to configure Traefik and Netdata:

version: "3.7"
services:
  traefik:
    image: traefik:v2.1.4
    container_name: traefik
    restart: always
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=false"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.letsresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.letsresolver.acme.email=my-email@domain.com"
      - "--certificatesresolvers.letsresolver.acme.storage=/letsencrypt/acme.json"
    labels:
      - "traefik.enable=true"
      # Middleware for redirecting to HTTPS
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # Global redirect to HTTPS
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirs.entrypoints=web"
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"
      # Traefik Dashboard
      - "traefik.http.routers.traefik.rule=Host(`traefik.my-domain.com`)
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.middlewares=admin"
      - "traefik.http.routers.traefik.tls.certresolver=letsresolver"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.middlewares.admin.basicauth.users=user:hash-passwordXXX"

    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

networks:
  default:
    external:
      name: network

Explanation of Key Sections

  • Providers: The configuration enables Docker as a provider, allowing Traefik to automatically discover services.
  • Entrypoints: We define two entry points, one for HTTP (port 80) and another for HTTPS (port 443).
  • Labels: These are crucial for defining routing rules and middleware. The example includes a redirect to HTTPS and sets up a dashboard for Traefik.

Conclusion

By following this guide, you should have a basic setup of Traefik routing traffic to your Netdata instance. Adjust the configurations as necessary to fit your specific requirements.