I have a service running on port 8080 that accepts both http and gRPC. I understand that there are some limitations with gRPC in traefik, so here is the ultimate goal.
- Accept ipWhitelisted traffic on port 8080
- Accept traffic from :80 /graphql and route to :8080 /graphql
- Eventually I would like to accept this on route / and route to /graphql
- Accept ipWhitelisted traffic from :80 /admin/schema and route to :8080 /admin/schema
- Eventually I would like to accept this on route /admin and route to /graphql
If I get this working, I believe I can get the next part done:
- Enable https with letsencrypt and accept traeffic from :443 to the /graphql and /admin endpoints.
For configuration I am using a docker compose file.
version: "3.2"
services:
reverse-proxy:
image: traefik:v2.2
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.dgraph.address=:8080"
ports:
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
# there is another service here `zero` that is not using traefik so I ommitted its config.
alpha:
image: dgraph/dgraph:master
volumes:
- /dgraph/data:/dgraph
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.adminIps.ipwhitelist.sourcerange=1.1.1.1" # my ip address instead of 1.1.1.1
- "traefik.http.routers.alpha.rule=Host(`api.mydomain.com`) && Path(`/graphql`)"
- "traefik.http.routers.alpha.entrypoints=dgraph"
- "traefik.http.routers.schema.rule=Host(`api.mydomain.com`) && Path(`/admin/schema`)"
- "traefik.http.routers.schema.middlewares=adminIps@docker"
- "traefik.http.routers.schema.entrypoints=dgraph"
- "traefik.http.routers.all.rule=Host(`api.mydomain.com`)"
- "traefik.http.routers.all.middlewares=adminIps@docker"
- "traefik.http.routers.all.entrypoints=dgraph"
restart: always
command: dgraph alpha --my=alpha:7080 --zero=zero:5080 --whitelist 172.0.0.0:172.254.254.254
I have tried creating another entry point on port 80 and then use that in the routers and added a loadbalancer, but that does not seem to work. Here is that modified config:
version: "3.2"
services:
reverse-proxy:
image: traefik:v2.2
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.dgraph.address=:8080"
- "--entrypoints.web.address=:80"
ports:
- "8080:8080"
- "80:80"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
# there is another service here `zero` that is not using traefik so I ommitted its config.
alpha:
image: dgraph/dgraph:master
volumes:
- /dgraph/data:/dgraph
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.adminIps.ipwhitelist.sourcerange=1.1.1.1" # my ip address instead of 1.1.1.1
- "traefik.http.routers.alpha.rule=Host(`api.mydomain.com`) && Path(`/graphql`)"
- "traefik.http.routers.alpha.entrypoints=web"
- "traefik.http.services.alpha.loadbalancer.server.port=80"
- "traefik.http.routers.schema.rule=Host(`api.mydomain.com`) && Path(`/admin/schema`)"
- "traefik.http.routers.schema.middlewares=adminIps@docker"
- "traefik.http.routers.schema.entrypoints=dgraph"
- "traefik.http.routers.all.rule=Host(`api.mydomain.com`)"
- "traefik.http.routers.all.middlewares=adminIps@docker"
- "traefik.http.routers.all.entrypoints=dgraph"
restart: always
command: dgraph alpha --my=alpha:7080 --zero=zero:5080 --whitelist 172.0.0.0:172.254.254.254
The first docker-compose.yml file above works. By works I mean that it correctly applies the routing, rules, and middleware all on port 8080.
The second docker-compose.yml file above I expect to open port 80 and apply the rules to route http api.mydomain.com/graphql to alpha:8080/graphql. This does not happen though. I do not get any errors when I push it up with docker-compose up -d
but when I use yougetsignal.com and check for open port 80 I get the response that port 80 is closed, and when I try to use port 8080 that was working before with route all (api.mydomain.com:8080), I get the response in the browser "Bad Gateway"
You said your service alpha is listening on
8080
, so you should use that inloadbalancer
:You can think of it like this:
entrypoint
is incoming connection andloadbalancer
is where Traefik redirects the requests.