Traefik: Forward traffic to another server

Diese Seite gibt es auch in Deutsch

In preparation for moving my websites, I was looking for a way to simply forward all traffic from the old server to the new one.

Change DNS record

Until now, after transferring my websites to a new server, I only changed the DNS entry and waited until it was active everywhere. Within a certain transition phase the accesses landed partly still at the old, partly already at the new server. Of course, the TTL of the DNS entries can be reduced in preparation and thus the transition time minimized, at least for a large part of the accesses, but there is still a certain time in which the version statuses of the servers drift apart somewhat.

The TTL (Time to Live) is a property of each DNS record and specifies the intervals at which other DNS servers should check it for a change. Depending on the workload of the DNS servers, the value is not always observed in practice, especially if the time is set to a few minutes. Common TTL values are 86400 seconds (24 hours) or 3600 seconds (1 hour).

To keep the downtime as low as possible during the server change, I simply forwarded the traffic from the old server to the new one this time.

Forward all requests from the old server to the new one.

I copied all Docker volumes: Traefik Reverse Proxy + Let's Encrypt including all websites with rsync to the new server and activated them there. To make sure all access ends up at the destination server, I replaced the Traefik settings at the source server. With the following setup, all accesses can be forwarded to the new server via the IP address of the old server, thus bridging the time until the DNS changes are known across the board:

 
For the setup, I created two files: docker-compose.yml and traefik.yml:

Traefik docker-compose.yml

version: "3.3"
services:
  traefik:
    image: "traefik:v2.8"
    container_name: "traefikforward2"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./traefik.yml:/etc/traefik/traefik.yml"

Traefik looks in /etc/traefik for a traefik.yml file and tries to load it:

traefik.yml

The following Traefik configuration redirects http and https requests completely to another server. The IP address for redirection here is filled with the placeholder xxx.xxx.xxx.xxx and must be adjusted to match the IP address of the destination server. By using the tls: passthrough option, the complete data traffic is forwarded in encrypted form and thus left to the destination server.

[+]
providers:
  file:
    filename: /etc/traefik/traefik.yml

accessLog: {}
log:
  level: DEBUG

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

tcp:
  routers:
    router4web:
      entryPoints:
        - web
      service: web-forward
      rule: "HostSNI(`*`)"
    router4websecure:
      entryPoints:
        - websecure
      service: websecure-forward
      rule: "HostSNI(`*`)"
      tls:
         passthrough: true

  services:
    web-forward:
      loadBalancer:
        servers:
          - address: "xxx.xxx.xxx.xxx:80"

    websecure-forward:
      loadBalancer:
        servers:
          - address: "xxx.xxx.xxx.xxx:443"

By adjusting the "HostSNI(`*`)" rule of a router, only certain websites could be forwarded (* allows all domain names). Of course, the setup can also be used to specify additional ports, such as 25 when running a mail server. I kept the traefik configuration (traefik.yml) intentionally slim, so that it still remains clear. The content of the traefik.yml file is a simple example and helped me to better understand the individual Traefik modules:

The entryPoints define the accesses, for example to certain ports. An access via an entryPoint can then be processed by a router and passedto a service .

Starting the forwarder

The start is done with the command docker-compose up:

docker-compose up -d

Control accesses

In the traefik.yml file, I set the loglevel to "DEBUG" to be able to observe incoming accesses in the Docker container output. The calls can be easily displayed with "docker logs":

docker logs traefikforward2 -f

Output:

For more information on my Traefik setup, see also: secure https connection: Traefik Reverse Proxy + Let's Encrypt.

positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

Publication: 2022-09-12 from Bernhard


Top articles in this section


Home Assistant Docker Conbee 2 and Zigbee2MQTT / deCONZ
Thanks to numerous integration options,Home Assistant is a simple platform for controlling a wide range of smart home devices. Compared to ioBroker, I found it much easier to get started with Home Assistant. While for ioBroker I was still searching for which frontend I could use for my dashboards, with Home-Assistant I had a ready-made system out of the box. Home Assistant's Lovelance dashboards can be easily clicked together in the GUI and adapted for special customizations in the code editor...

Running Docker Mailserver yourself | a field report
With the help of a suitable Docker image, it is relatively easy to run a mail server yourself. I originally used the integrated mail server of the Host Europe vServer (Plesk) and came across a very simple Docker container while looking for a replacement. The lightweight container provides a mail server without a graphical management interface, but can be managed with a few simple commands. Any email client can be used to send and receive the mails, for this POP3 or IMAP is offered for receiving...

Nextcloud Server Docker | Setup + https: Let's Encrypt [ssl]
To synchronize contacts, appointments, and photos of my NAS, I tested Nextcloud and thus turned my back on other cloud providers for my private data. Thanks to Docker, the installation is easier and more flexible than ever, allowing Nextcloud to run on almost any hardware.

Questions / Comments


By continuing to browse the site, you agree to our use of cookies. More Details