Experimental Docker - Add reverse-proxy traefik + update legacy setup commands

Hova25 · December 28, 2023, 11:08am

Hello everyone,

I talked about the Traefik stack on Discord, and you invited me to make this post to explain my ideas around it. So, I will try to be as clear as possible about my thoughts and also propose things that I have already experimented with.

What is Traefik?

Traefik is a reverse proxy that allows for quick and easy configuration of various microservices present in the Docker Compose through subdomains. It also enables the creation of auto-signed SSL certificates using Let’s Encrypt.

Moreover, Traefik can be integrated into Docker Swarm to facilitate high-availability deployment of different applications. It can also be integrated into Kubernetes (although, unfortunately, I haven’t practiced that yet, perhaps in the future ).

I think this makes sense in the context of all the microservices already present on Redwood! For example, Storybook, OpenTelemetry, Studio, and potentially an API documentation in the future, all managed within Docker Compose in both development and production.

We would abandon using ports in favor of subdomains:

api.localhost / api.mydomain.com
storybook.localhost / storybook.mydomain.com
studio.localhost / studio.mydomain.com

etc…

The integration might be a bit complex, and I might need your help on certain points. I could, of course, handle the backend/frontend base (redwood/packages/cli/src/commands/experimental/templates/docker/…), but afterward, we would need to include in all commands that create microservices:

Check if Traefik - Docker is implemented?
If yes, then add the necessary container and route it with Traefik in the Docker Compose.

I don’t have enough experience with Redwood at the moment to know all the currently present microservices.

We should also consider whether to add an option to include Traefik or add it by default.

In each container, we would just need to add something like this:

    labels:
      - traefik.enable=true
      - traefik.http.routers.backend.rule=Host(`backend.${SERVER_NAME:-localhost}`)
      - traefik.http.routers.backend.entrypoints=websecure
      - traefik.http.routers.backend.tls.certresolver=myresolver

The command to bring up the project with Docker in development would remain the same:

docker compose -f ./docker-compose.dev.yml up

The command for the production project (without Swarm, with Swarm just a bit more complex) could also be the same, just by adding the SERVER_NAME variable:

SERVER_NAME=mydomain.com docker compose -f ./docker-compose.prod.yml up

I will conduct a proof of concept on this topic if you are interested.

Thanks

dthyresson · December 28, 2023, 12:13pm

Thanks for this write up! Sure it will be helpful to @dom and @Josh-Walker-GM and everyone working on Docker support.

Josh-Walker-GM · December 30, 2023, 1:02pm

Hey @Hova25

This sounds interesting! I think it could be good to have something like this setup. Although it would make the configuration in the dockerfile/compose files more complex, it would perhaps make the URLs more friendly like you say; web.localhost, api.localhost etc. We might run into other gotchas, maybe CORS or something else but we can work through those.

I think the first setup would be for us to get a github repo we can work from. This would just be an example redwood app and we’d setup the dockerfiles/compose files to integrate traefik. Then after we have that working well we could then consider how best to implement it into the setup commands or if it would make more sense a guide on the forums or our docs.

Does that sound reasonable/thoughts on that? Do you want us to create one we can work from?

Hova25 · January 2, 2024, 7:44pm

I’m ok with this.
I will work on this during my personal time in parallel with my other activities. If it takes too long, don’t hesitate to get back to me. I will come back to you if I encounter any difficulties.