Skip to main content

How to use Traefik v3 with Docker compose swarm mode

· 2 min read
Lucas Sovre
Lucas Sovre
Software architect, Docker certified expert, cloud and devsecops .

debug api avec wireshark

The recent release of Traefik v3 brings a lot of new features. This article does not aim to explain all the new features of Traefik v3, but to show you how to use it with Docker compose.

Prerequisites

Before starting, you need to have Docker and Docker compose installed on your machine. If you don't have them installed, you can follow the official documentation to install them.

Create a Docker compose file

Let's creat a simple docker-compose.yml file to deploy a web server and Traefik v3.

version: '3.8'
services:

  traefik:
    image: traefik:v3.0
    networks:
      - web
    ports:
        - target: 80
          published: 80
          protocol: tcp
          mode: host
        - target: 443
          published: 443
          protocol: tcp
          mode: host
    environment:
      - TZ=Europe/Paris
    command:
        - --providers.swarm.endpoint=unix:///var/run/docker.sock
        - --providers.docker.exposedbydefault=false
        - --providers.swarm.network=fdp_web
        - --accesslog
        - --entryPoints.websecure.address=:443
        - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
        #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
        - "--certificatesresolvers.myresolver.acme.email=organisation@lesfousdupeloton.com"
        - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
        - "--entryPoints.web.forwardedHeaders.trustedIPs=10.0.0.0/24,10.0.2.0/24,192.168.100.0/24"
        - "--entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.2/24,10.0.2.0/24,192.168.100.0/24"
        - --accesslog.filepath=/log/acces/access.log
        - "traefik.http.middlewares.exclude-ip-log.ipwhitelist.sourceRange=217.72.195.109"  # IP address to exclude for ping
    volumes:
        - ./certs:/letsencrypt
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - ./log:/log
    deploy:
        placement:
          constraints:
            - node.role == manager
        restart_policy:
          condition: on-failure
          delay: 5s
          max_attempts: 3
          window: 120s
        labels:
          - "traefik.enable=false"

  frontend:
    image: registry.gitlab.com/entrecompetents/lesfousdupeltoton/frontend:1.0.8
    hostname: frontend.lfdp
    networks:
      - web
    deploy:
      mode: replicated
      replicas: 1
      labels:
        - "traefik.enable=true"
        - traefik.http.services.frontend.loadbalancer.server.port=8080
        - traefik.http.routers.frontend.rule=Host(`lesfousdupeloton.com`)
        - "traefik.http.routers.frontend.entrypoints=websecure"
        - "traefik.http.routers.frontend.tls.certresolver=myresolver"
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s
    healthcheck:
      test: ["CMD", "curl", "--fail", "http://localhost:8080/"]  # Health check command using curl
      interval: 5s  # Health check interval
      timeout: 2s    # Timeout for the health check
      retries: 3     # Number of retries before marking the container as unhealthy
      start_period: 10s  # Delay before starting the health checks after the container is started

  
networks:
  web: