[ Traefik ] [ 2.2.0.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
- QNAP_Stephane
- Experience counts
- Posts: 4802
- Joined: Wed Mar 27, 2013 1:00 am
[ Traefik ] [ 2.2.0.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
Source : https://github.com/containous/traefik/b ... /README.md
Download :
https://www.qnapclub.eu/fr/qpkg/340
Note :
Warning listen on 80 and 8081
config file example inside /opt/Traefik/traefik.toml
traefik command line added to NAS $PATH (no need to enter the full path)
About :
Imagine that you have deployed a bunch of microservices on your infrastructure. You probably used a service registry (like etcd or consul) and/or an orchestrator (swarm, Mesos/Marathon) to manage all these services. If you want your users to access some of your microservices from the Internet, you will have to use a reverse proxy and configure it using virtual hosts or prefix paths:
domain api.domain.com will point the microservice api in your private network
path domain.com/web will point the microservice web in your private network
domain backoffice.domain.com will point the microservices backoffice in your private network, load-balancing between your multiple instances
But a microservices architecture is dynamic... Services are added, removed, killed or upgraded often, eventually several times a day.
Traditional reverse-proxies are not natively dynamic. You can't change their configuration and hot-reload easily.
Træfɪk can listen to your service registry/orchestrator API, and knows each time a microservice is added, removed, killed or upgraded, and can generate its configuration automatically. Routes to your services will be created instantly.
Run it and forget it!
Features
It's fast
No dependency hell, single binary made with go
Rest API
Multiple backends supported: Docker, Mesos/Marathon, Consul, Etcd, and more to come
Watchers for backends, can listen change in backends to apply a new configuration automatically
Hot-reloading of configuration. No need to restart the process
Graceful shutdown http connections
Circuit breakers on backends
Round Robin, rebalancer load-balancers
Rest Metrics
Tiny official docker image included
SSL backends support
SSL frontend support (with SNI)
Clean AngularJS Web UI
Websocket support
HTTP/2 support
Retry request if network error
Let's Encrypt support (Automatic HTTPS with renewal)
Download :
https://www.qnapclub.eu/fr/qpkg/340
Note :
Warning listen on 80 and 8081
config file example inside /opt/Traefik/traefik.toml
traefik command line added to NAS $PATH (no need to enter the full path)
About :
Imagine that you have deployed a bunch of microservices on your infrastructure. You probably used a service registry (like etcd or consul) and/or an orchestrator (swarm, Mesos/Marathon) to manage all these services. If you want your users to access some of your microservices from the Internet, you will have to use a reverse proxy and configure it using virtual hosts or prefix paths:
domain api.domain.com will point the microservice api in your private network
path domain.com/web will point the microservice web in your private network
domain backoffice.domain.com will point the microservices backoffice in your private network, load-balancing between your multiple instances
But a microservices architecture is dynamic... Services are added, removed, killed or upgraded often, eventually several times a day.
Traditional reverse-proxies are not natively dynamic. You can't change their configuration and hot-reload easily.
Træfɪk can listen to your service registry/orchestrator API, and knows each time a microservice is added, removed, killed or upgraded, and can generate its configuration automatically. Routes to your services will be created instantly.
Run it and forget it!
Features
It's fast
No dependency hell, single binary made with go
Rest API
Multiple backends supported: Docker, Mesos/Marathon, Consul, Etcd, and more to come
Watchers for backends, can listen change in backends to apply a new configuration automatically
Hot-reloading of configuration. No need to restart the process
Graceful shutdown http connections
Circuit breakers on backends
Round Robin, rebalancer load-balancers
Rest Metrics
Tiny official docker image included
SSL backends support
SSL frontend support (with SNI)
Clean AngularJS Web UI
Websocket support
HTTP/2 support
Retry request if network error
Let's Encrypt support (Automatic HTTPS with renewal)
Last edited by QNAP_Stephane on Thu Mar 26, 2020 6:53 pm, edited 14 times in total.
---------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
- QNAP_Stephane
- Experience counts
- Posts: 4802
- Joined: Wed Mar 27, 2013 1:00 am
Re: [ Traefik ] [ 1.0.2 ] [ CLI ] Modern HTTP reverse proxy and load balancer
updated to 1.0.2
---------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
- QNAP_Stephane
- Experience counts
- Posts: 4802
- Joined: Wed Mar 27, 2013 1:00 am
Re: [ Traefik ] [ 1.1.0.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
updated following giopas request
---------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
- QNAP_Stephane
- Experience counts
- Posts: 4802
- Joined: Wed Mar 27, 2013 1:00 am
Re: [ Traefik ] [ 1.1.1.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
updated to last 1.1.1
---------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
-
- Starting out
- Posts: 11
- Joined: Wed Feb 25, 2015 4:11 am
Re: [ Traefik ] [ 1.1.1.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
I am looking at setting up reverse proxies using Traefik but I am struggling finding examples of how to do this. What I am after doing is redirecting traffic to various services I have running on my qnap. For example when I type in http://couchpotato.mydomain.com it forwards to http://localhost:5555 and http://sickbeard.mydomain.com it forwards to http://localhost:6666. I have the subdomains set-up with DNS provider just need to configure Traefik. Any help would be much appreciated.
-
- Starting out
- Posts: 41
- Joined: Wed Jul 15, 2009 9:16 pm
-
- Been there, done that
- Posts: 855
- Joined: Thu Mar 26, 2015 12:36 am
- Location: somewhere in EU
Re: [ Traefik ] [ 1.1.1.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
Hi,
Few months ago I tried to set up Traefik with the fantastic support of Celena-007. Unfortunately I stopped at the end as Traefik was still not fitting all my requirements.
However I think it is time to share some information, as I remember (I may have skipped some steps, in case please tell me and I will clarify).
Important note
As Traefik in intended to work as a reverse proxy on port 80 (and 443 if needed), the easiest way to do not interfere with the built-in QTS apache service is to make Traefik listening on a specific network interface (e.g. 192.168.1.09) and make the built-in QTS apache running on the other(s) (e.g. 192.168.1.10).
This means that - in the easiest situation - you will have to run Traefik on a NAS having at least 2 ethernet ports.
Installation
1. on QTS activate the "service binding" feature and exclude ALL services from the interface where Traefik will run.
2. from the general settings panel of QTS, ensure the NAS WebUI is not accessible from port 80 (nor 443)
3. change built-in QTS apache service to listen on a specific interface. To do so, from an SSH terminal, modify /etc/config/apache/apache.conf to obtain the line below:
4. install Traefik (pay attention to download the right x32 or x64 version otherwise it does not work!)
5. as suggested by Celena-007 the easiest is to separate the config file (traefik.toml) with the server one (servers.toml) of Traefik which will be available on /opt/Traefik/.
I will attach here a simple configuration file, knowing that you are of course free to read, adjust and add additional parameters (I have only configured the plain HTTP part):
The following is the servers.toml:
6. restart the NAS (it is easier).
7. start Traefik (if it is not running already, it is also useful to see if there is a problem):
8. on the router portforward requests to port 80 to 192.168.1.09.
9. from outside of your network (unless your router is smart enough to understand that you are actually requesting a local content), go to any of the addresses above and see if Traefik works.
I hope this is helpful. Please leave a feedback as I may want to try again later.
giopas
ps: I leave here a list of useful commands to understand if Traefik and QTS built-in apache are listening correctly on the right interfaces:
a) receive a list of available network interfaces and their ipv4 address:
b) know which services are listening on port 80:
c) know which services are using ports:
d) quickly see if apache.conf is well pointing to the right ip:
e) quickly see if Traefik is well pointing to the right ip:
f) quickly know if Traefik is running:
Few months ago I tried to set up Traefik with the fantastic support of Celena-007. Unfortunately I stopped at the end as Traefik was still not fitting all my requirements.
However I think it is time to share some information, as I remember (I may have skipped some steps, in case please tell me and I will clarify).
Important note
As Traefik in intended to work as a reverse proxy on port 80 (and 443 if needed), the easiest way to do not interfere with the built-in QTS apache service is to make Traefik listening on a specific network interface (e.g. 192.168.1.09) and make the built-in QTS apache running on the other(s) (e.g. 192.168.1.10).
This means that - in the easiest situation - you will have to run Traefik on a NAS having at least 2 ethernet ports.
Installation
1. on QTS activate the "service binding" feature and exclude ALL services from the interface where Traefik will run.
2. from the general settings panel of QTS, ensure the NAS WebUI is not accessible from port 80 (nor 443)
3. change built-in QTS apache service to listen on a specific interface. To do so, from an SSH terminal, modify /etc/config/apache/apache.conf to obtain the line below:
Code: Select all
Listen 192.168.1.10:80
5. as suggested by Celena-007 the easiest is to separate the config file (traefik.toml) with the server one (servers.toml) of Traefik which will be available on /opt/Traefik/.
I will attach here a simple configuration file, knowing that you are of course free to read, adjust and add additional parameters (I have only configured the plain HTTP part):
Code: Select all
################################################################
# Global configuration
################################################################
# Entrypoints definition
[entryPoints]
[entryPoints.http]
address = "192.168.1.9:80"
# [entryPoints.https]
# address = "192.168.1.9:443"
# [entryPoints.http.redirect]
# entryPoint = "https"
# [entryPoints.https]
# address = "192.168.1.9:443"
# [entryPoints.https.tls]
# [[entryPoints.https.tls.certificates]]
# CertFile = "/opt/Traefik/certificate.crt"
# KeyFile = "/opt/Traefik/certificate.key"
# Traefik logs file
# If not defined logs to stdout
traefikLogsFile = "traefik.log"
################################################################
# Web configuration backend
################################################################
# Enable web configuration backend
#
# Optional
#
[web]
# Web administration port
#
# Required
#
address = "127.0.0.1:8088"
# SSL certificate and key used
#
# Optional
#
# CertFile = "traefik.crt"
# KeyFile = "traefik.key"
#
# Set REST API to read-only mode
#
# Optional
ReadOnly = false
################################################################
# File configuration backend
################################################################
# Enable file configuration backend
#
# Optional
#
[file]
# Rules file
# If defined, traefik will load rules from this file,
# otherwise, it will load rules from current file (cf Sample rules below).
#
# Optional
#
filename = "servers.toml"
# Enable watch file changes
#
# Optional
#
watch = true
Code: Select all
loglevel = "DEBUG"
[backends]
## QTS access
[backends.server1]
[backends.server1.servers.server1]
url = "http://192.168.1.10:8080"
[backends.server2]
[backends.server2.servers.server1]
url = "http://127.0.0.1:8080"
## Traefik WebUI
[backends.traefik]
[backends.traefik.servers.server1]
url = "http://127.0.0.1:8088"
## Router
[backends.router]
[backends.router.servers.server1]
url = "http://192.168.1.1"
# Other apps
[backends.keybox]
[backends.keybox.servers.server1]
url = "http://127.0.0.1:58000"
[backends.sonarr]
[backends.sonarr.servers.server1]
url = "http://127.0.0.1:8989"
[backends.couchpotato]
[backends.couchpotato.servers.server1]
url = "http://127.0.0.1:5050"
[backends.transmission]
[backends.transmission.servers.server1]
url = "http://127.0.0.1:9091"
[backends.jackett]
[backends.jackett.servers.server1]
url = "http://127.0.0.1:9117"
[backends.cardigann]
[backends.cardigann.servers.server1]
url = "http://127.0.0.1:5060"
[backends.plex]
[backends.plex.servers.server1]
url = "http://127.0.0.1:32400"
## External sites
[backends.pastebin]
[backends.pastebin.servers.server1]
url = "http://pastebin.com"
[frontends]
## QTS access
[frontends.server1]
backend = "server1"
entrypoints = ["http"]
[frontends.server1.routes.server1_1]
rule = "Host:server1.mydomain.com"
[frontends.server2]
backend = "server2"
entrypoints = ["http"]
[frontends.server2.routes.server2_1]
rule = "Host:server2.mydomain.com"
## Traefik WebUI
[frontends.traefik]
backend = "traefik"
entrypoints = ["http"]
[frontends.traefik.routes.traefik_1]
rule = "Host:traefik.mydomain.com"
## Router
[frontends.router]
backend = "router"
entrypoints = ["http"]
[frontends.router.routes.router_1]
rule = "Host:router.mydomain.com"
## server2 installed applications
[frontends.keybox]
backend = "keybox"
entrypoints = ["http"]
[frontends.keybox.routes.keybox_1]
rule = "Host:keybox.mydomain.com"
[frontends.sonarr]
backend = "sonarr"
entrypoints = ["http"]
[frontends.sonarr.routes.sonarr_1]
rule = "Host:sonarr.mydomain.com"
[frontends.couchpotato]
backend = "couchpotato"
entrypoints = ["http"]
[frontends.couchpotato.routes.couchpotato_1]
rule = "Host:couchpotato.mydomain.com"
[frontends.transmission]
backend = "transmission"
entrypoints = ["http"]
[frontends.transmission.routes.transmission_1]
rule = "Host:transmission.mydomain.com"
[frontends.jackett]
backend = "jackett"
entrypoints = ["http"]
[frontends.jackett.routes.jackett_1]
rule = "Host:jackett.mydomain.com"
[frontends.cardigann]
backend = "cardigann"
entrypoints = ["http"]
[frontends.cardigann.routes.cardigann_1]
rule = "Host:cardigann.mydomain.com"
[frontends.plex]
backend = "plex"
entrypoints = ["http"]
[frontends.plex.routes.plex_1]
rule = "Host:plex.mydomain.com"
## External sites
[frontends.pastebin]
backend = "pastebin"
entrypoints = ["http"]
[frontends.pastebin.routes.pastebin_1]
rule = "Host:pastebin.mydomain.com"
7. start Traefik (if it is not running already, it is also useful to see if there is a problem):
Code: Select all
[~] # /etc/init.d/Traefik.sh restart
8. on the router portforward requests to port 80 to 192.168.1.09.
9. from outside of your network (unless your router is smart enough to understand that you are actually requesting a local content), go to any of the addresses above and see if Traefik works.
I hope this is helpful. Please leave a feedback as I may want to try again later.
giopas
ps: I leave here a list of useful commands to understand if Traefik and QTS built-in apache are listening correctly on the right interfaces:
a) receive a list of available network interfaces and their ipv4 address:
Code: Select all
[~] # /sbin/ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }'
Code: Select all
[~] # lsof -Pnl +M -i4 |grep :80
Code: Select all
[~] # lsof -i :80 | grep LISTEN
Code: Select all
[~] # cat /etc/config/apache/apache.conf |grep Listen
Code: Select all
[~] # cat /opt/Traefik/traefik.toml |grep 80
Code: Select all
[~] # ps aux |grep Traefik
Qnap TS-253Pro 16Gb RAM - Single Storage Pool: 2 WRed 4TB (RAID 1)
Qnap TS-453A 16Gb RAM - Single Storage Pool: 4 WRed 4TB (RAID 5)
Qnap TS-453A 16Gb RAM - Single Storage Pool: 4 WRed 4TB (RAID 5)
-
- Starting out
- Posts: 41
- Joined: Wed Jul 15, 2009 9:16 pm
Re: [ Traefik ] [ 1.1.1.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
Thank you very much! But are these instructions for the qpkg install? Or manual install onto the NAS?
-
- Been there, done that
- Posts: 855
- Joined: Thu Mar 26, 2015 12:36 am
- Location: somewhere in EU
Re: [ Traefik ] [ 1.1.1.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
This is for the configuration of Traefik. For the installation, use the qpkg provided by QNAP_Stephane as it will create all necessary to start.
Sent from my A0001 using Tapatalk
Sent from my A0001 using Tapatalk
Qnap TS-253Pro 16Gb RAM - Single Storage Pool: 2 WRed 4TB (RAID 1)
Qnap TS-453A 16Gb RAM - Single Storage Pool: 4 WRed 4TB (RAID 5)
Qnap TS-453A 16Gb RAM - Single Storage Pool: 4 WRed 4TB (RAID 5)
- QNAP_Stephane
- Experience counts
- Posts: 4802
- Joined: Wed Mar 27, 2013 1:00 am
Re: [ Traefik ] [ 1.2.0.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
updated to 1.2.0.0
---------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
-
- Been there, done that
- Posts: 855
- Joined: Thu Mar 26, 2015 12:36 am
- Location: somewhere in EU
Re: [ Traefik ] [ 1.2.0.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
Thank you Stéphane !!!
Sent from my A0001 using Tapatalk
Sent from my A0001 using Tapatalk
Qnap TS-253Pro 16Gb RAM - Single Storage Pool: 2 WRed 4TB (RAID 1)
Qnap TS-453A 16Gb RAM - Single Storage Pool: 4 WRed 4TB (RAID 5)
Qnap TS-453A 16Gb RAM - Single Storage Pool: 4 WRed 4TB (RAID 5)
-
- Know my way around
- Posts: 188
- Joined: Wed Mar 29, 2017 8:30 pm
Re: [ Traefik ] [ 1.1.1.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
will this break the access to the qnap interface? I want to set a reverse proxy up but still maintain access to the qnap interface. I have 4 nics on my box so separating shouldn't be an issue.giopas wrote:This is for the configuration of Traefik. For the installation, use the qpkg provided by QNAP_Stephane as it will create all necessary to start.
Sent from my A0001 using Tapatalk
Do i leave apache on port 80 but bound to ip 192.168.1.21 and leave the qnap interface on port 8080 and 443? This is the part that im a bit confused on. I do want my reverse proxy to be ssl also.
i would set built in web server to 192.168.1.21
i would set traefik to 192.168.1.22
Thanks
-
- Been there, done that
- Posts: 855
- Joined: Thu Mar 26, 2015 12:36 am
- Location: somewhere in EU
Re: [ Traefik ] [ 1.2.0.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
For access to QTS on port 8080 you should not have a problem. In relation to ssl, you should use a port other than 80, but I am afraid I cannot really help you out on this.
Also look at Browser Station, which gives you a quick way to access resources within your LAN from within a remote browser.
Sent from my A0001 using Tapatalk
Also look at Browser Station, which gives you a quick way to access resources within your LAN from within a remote browser.
Sent from my A0001 using Tapatalk
Qnap TS-253Pro 16Gb RAM - Single Storage Pool: 2 WRed 4TB (RAID 1)
Qnap TS-453A 16Gb RAM - Single Storage Pool: 4 WRed 4TB (RAID 5)
Qnap TS-453A 16Gb RAM - Single Storage Pool: 4 WRed 4TB (RAID 5)
-
- Know my way around
- Posts: 188
- Joined: Wed Mar 29, 2017 8:30 pm
Re: [ Traefik ] [ 1.2.0.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
already using browser station, works well. im trying to give access to a few services running on my nas but do not want to open the ports on my firewall, nor have passwords sent plain text. so a reverse proxy is what I need.
-
- Been there, done that
- Posts: 855
- Joined: Thu Mar 26, 2015 12:36 am
- Location: somewhere in EU
Re: [ Traefik ] [ 1.2.0.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer
The major problem would be ssl but if you manage to do so, please write here a quick how-to.
Sent from my A0001 using Tapatalk
Sent from my A0001 using Tapatalk
Qnap TS-253Pro 16Gb RAM - Single Storage Pool: 2 WRed 4TB (RAID 1)
Qnap TS-453A 16Gb RAM - Single Storage Pool: 4 WRed 4TB (RAID 5)
Qnap TS-453A 16Gb RAM - Single Storage Pool: 4 WRed 4TB (RAID 5)