Traefik: Forward traffic to another server

In preparation for moving my websites, I was looking for a way to simply forward all traffic from the old server to the new one.

Change DNS record

Until now, after transferring my websites to a new server, I only changed the DNS entry and waited until it was active everywhere. Within a certain transition phase the accesses landed partly still at the old, partly already at the new server. Of course, the TTL of the DNS entries can be reduced in preparation and thus the transition time minimized, at least for a large part of the accesses, but there is still a certain time in which the version statuses of the servers drift apart somewhat.

The TTL (Time to Live) is a property of each DNS record and specifies the intervals at which other DNS servers should check it for a change. Depending on the workload of the DNS servers, the value is not always observed in practice, especially if the time is set to a few minutes. Common TTL values are 86400 seconds (24 hours) or 3600 seconds (1 hour).

To keep the downtime as low as possible during the server change, I simply forwarded the traffic from the old server to the new one this time.

Forward all requests from the old server to the new one.

I copied all Docker volumes: Traefik Reverse Proxy + Let's Encrypt including all websites with rsync to the new server and activated them there. To make sure all access ends up at the destination server, I replaced the Traefik settings at the source server. With the following setup, all accesses can be forwarded to the new server via the IP address of the old server, thus bridging the time until the DNS changes are known across the board:

 
For the setup, I created two files: docker-compose.yml and traefik.yml:

Traefik docker-compose.yml

version: "3.3"
services:
  traefik:
    image: "traefik:v2.8"
    container_name: "traefikforward2"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./traefik.yml:/etc/traefik/traefik.yml"

Traefik looks in /etc/traefik for a traefik.yml file and tries to load it:

traefik.yml

The following Traefik configuration redirects http and https requests completely to another server. The IP address for redirection here is filled with the placeholder ???.???.???.??? and must be adjusted to match the IP address of the destination server. By using the tls: passthrough option, the complete data traffic is forwarded in encrypted form and thus left to the destination server.

[+]
providers:
  file:
    filename: /etc/traefik/traefik.yml

accessLog: {}
log:
  level: DEBUG

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

tcp:
  routers:
    router4web:
      entryPoints:
        - web
      service: web-forward
      rule: "HostSNI(`*`)"
    router4websecure:
      entryPoints:
        - websecure
      service: websecure-forward
      rule: "HostSNI(`*`)"
      tls:
         passthrough: true

  services:
    web-forward:
      loadBalancer:
        servers:
          - address: "???.???.???.???:80"

    websecure-forward:
      loadBalancer:
        servers:
          - address: "???.???.???.???:443"

By adjusting the "HostSNI(`*`)" rule of a router, only certain websites could be forwarded (* allows all domain names). Of course, the setup can also be used to specify additional ports, such as 25 when running a mail server. I kept the traefik configuration (traefik.yml) intentionally slim, so that it still remains clear. The content of the traefik.yml file is a simple example and helped me to better understand the individual Traefik modules:

The entryPoints define the accesses, for example to certain ports. An access via an entryPoint can then be processed by a router and passedto a service .

Starting the forwarder

The start is done with the command docker-compose up:

docker-compose up -d

Control accesses

In the traefik.yml file, I set the loglevel to "DEBUG" to be able to observe incoming accesses in the Docker container output. The calls can be easily displayed with "docker logs":

docker logs traefikforward2 -f

Output:

See also, Practical report on moving my web server: move all Docker Websites

For more information on my Traefik setup, see also: secure https connection: Traefik Reverse Proxy + Let's Encrypt.

positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

Publication: 2022-09-12 from Bernhard | Übersetzung Deutsch |🔔

Traefik and oAuth: Log in your own web services with Google. | Docker

Top articles in this section


Docker Compose vs. Docker Swarm: using and understanding it

Docker Swarm allows nodes (hosts) to be grouped together into a common federation. This allows containers to be run in any number of instances on any number of nodes (hosts) in the network. In Docker Swarm, the basis for communication between hosts is an overlay network for services: Multi-host networking. As indicated in my article on moving web servers, I tested Docker Swarm as a possible option for a shared cross-host network and gathered some insights on this, which I briefly summarize her...


Practice: Backup Docker container data: Volumes / Bind Mounts

In my article "All Docker containers: Moving hosts, theory and practice", I already went a little bit into the topic of backup. If you followed the article, you know that I outsource the data of my Docker containers via bind mounts and back them up with rsync. The backup job is started via crontab. But first, I thought about what actually needs to be backed up when using Docker in a single-server setup.


Docker Swarm, Portainer and Traefik combined

As mentioned several times on this page, I primarily use the reverse proxy Traefik to access my Docker containers. To be able to manage the containers in a graphical GUI, I also use Portainer. For a single server, the setup fits so far, but if you want to deploy multiple servers, you can use Docker-Swarm for that. I first tested Portainer in combination with Swarm and extended the setup with Traefik including SSL with Let's Encrypt.

Questions / Comments


By continuing to browse the site, you agree to our use of cookies. More Details