Traefik: Forward traffic to another server

Diese Seite gibt es auch in Deutsch

In preparation for moving my websites, I was looking for a way to simply forward all traffic from the old server to the new one.

Change DNS record

Until now, after transferring my websites to a new server, I only changed the DNS entry and waited until it was active everywhere. Within a certain transition phase the accesses landed partly still at the old, partly already at the new server. Of course, the TTL of the DNS entries can be reduced in preparation and thus the transition time minimized, at least for a large part of the accesses, but there is still a certain time in which the version statuses of the servers drift apart somewhat.

The TTL (Time to Live) is a property of each DNS record and specifies the intervals at which other DNS servers should check it for a change. Depending on the workload of the DNS servers, the value is not always observed in practice, especially if the time is set to a few minutes. Common TTL values are 86400 seconds (24 hours) or 3600 seconds (1 hour).

To keep the downtime as low as possible during the server change, I simply forwarded the traffic from the old server to the new one this time.

Forward all requests from the old server to the new one.

I copied all Docker volumes: Traefik Reverse Proxy + Let's Encrypt including all websites with rsync to the new server and activated them there. To make sure all access ends up at the destination server, I replaced the Traefik settings at the source server. With the following setup, all accesses can be forwarded to the new server via the IP address of the old server, thus bridging the time until the DNS changes are known across the board:

 
For the setup, I created two files: docker-compose.yml and traefik.yml:

Traefik docker-compose.yml

version: "3.3"
services:
  traefik:
    image: "traefik:v2.8"
    container_name: "traefikforward2"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./traefik.yml:/etc/traefik/traefik.yml"

Traefik looks in /etc/traefik for a traefik.yml file and tries to load it:

traefik.yml

The following Traefik configuration redirects http and https requests completely to another server. The IP address for redirection here is filled with the placeholder ???.???.???.??? and must be adjusted to match the IP address of the destination server. By using the tls: passthrough option, the complete data traffic is forwarded in encrypted form and thus left to the destination server.

[+]
providers:
  file:
    filename: /etc/traefik/traefik.yml

accessLog: {}
log:
  level: DEBUG

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

tcp:
  routers:
    router4web:
      entryPoints:
        - web
      service: web-forward
      rule: "HostSNI(`*`)"
    router4websecure:
      entryPoints:
        - websecure
      service: websecure-forward
      rule: "HostSNI(`*`)"
      tls:
         passthrough: true

  services:
    web-forward:
      loadBalancer:
        servers:
          - address: "???.???.???.???:80"

    websecure-forward:
      loadBalancer:
        servers:
          - address: "???.???.???.???:443"

By adjusting the "HostSNI(`*`)" rule of a router, only certain websites could be forwarded (* allows all domain names). Of course, the setup can also be used to specify additional ports, such as 25 when running a mail server. I kept the traefik configuration (traefik.yml) intentionally slim, so that it still remains clear. The content of the traefik.yml file is a simple example and helped me to better understand the individual Traefik modules:

The entryPoints define the accesses, for example to certain ports. An access via an entryPoint can then be processed by a router and passedto a service .

Starting the forwarder

The start is done with the command docker-compose up:

docker-compose up -d

Control accesses

In the traefik.yml file, I set the loglevel to "DEBUG" to be able to observe incoming accesses in the Docker container output. The calls can be easily displayed with "docker logs":

docker logs traefikforward2 -f

Output:

See also, Practical report on moving my web server: move all Docker Websites

For more information on my Traefik setup, see also: secure https connection: Traefik Reverse Proxy + Let's Encrypt.

positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

Publication: 2022-09-12 from Bernhard 🔔


Top articles in this section


Nextcloud Server Docker | Setup + https: Let's Encrypt [ssl]
To synchronize contacts, appointments, and photos of my NAS, I tested Nextcloud and thus turned my back on other cloud providers for my private data. Thanks to Docker, the installation is easier and more flexible than ever, allowing Nextcloud to run on almost any hardware.

Running Bitwarden in Docker - Setup step by step
Bitwarden is a web-based password manager, similar to LastPass, but open source and the ability to run (host) it yourself. How Bitwarden compares to other password managers, I have considered on the following page: Password Managers Secure? KeePass vs LastPass vs Bitwarden. Bitwarden consists of several services, which can be provided via different containers. The relatively complex setup has been simplified with "Bitwarden Unified" especially for self-hosting by packing all services into one co...

Commissioning Zigbee2MQTT in Docker - step by step
Zigbee2MQTT is an open source Zigbee bridge which can be easily integrated into existing smart home solutions thanks to the MQTT network protocol. As an example, Zigbee2MQTT combined with MQTT broker Mosquitto and Home Assistant can collect, display, record and control data from Zigbee devices. The setup described here uses Docker as a base. Manufacturer's website: https://www.zigbee2mqtt.io

Questions / Comments


By continuing to browse the site, you agree to our use of cookies. More Details