QNAP [ Traefik ] [ 2.4.11.0 ] [ CLI ] Modern HTTP reverse proxy and load balancer

[QoolBox]

Source : https://github.com/containous/traefik/blob/master/README.md

Download :

https://qnapclub.eu/en/qpkg/340



Note :

Warning listen on 80 and 8081
config file example inside /opt/Traefik/traefik.toml

traefik command line added to NAS $PATH (no need to enter the full path)

About :

Imagine that you have deployed a bunch of microservices on your infrastructure. You probably used a service registry (like etcd or consul) and/or an orchestrator (swarm, Mesos/Marathon) to manage all these services. If you want your users to access some of your microservices from the Internet, you will have to use a reverse proxy and configure it using virtual hosts or prefix paths:

domain api.domain.com will point the microservice api in your private network
path domain.com/web will point the microservice web in your private network
domain backoffice.domain.com will point the microservices backoffice in your private network, load-balancing between your multiple instances
But a microservices architecture is dynamic... Services are added, removed, killed or upgraded often, eventually several times a day.

Traditional reverse-proxies are not natively dynamic. You can't change their configuration and hot-reload easily.

Træfɪk can listen to your service registry/orchestrator API, and knows each time a microservice is added, removed, killed or upgraded, and can generate its configuration automatically. Routes to your services will be created instantly.

Run it and forget it!

Features

It's fast
No dependency hell, single binary made with go
Rest API
Multiple backends supported: Docker, Mesos/Marathon, Consul, Etcd, and more to come
Watchers for backends, can listen change in backends to apply a new configuration automatically
Hot-reloading of configuration. No need to restart the process
Graceful shutdown http connections
Circuit breakers on backends
Round Robin, rebalancer load-balancers
Rest Metrics
Tiny official docker image included
SSL backends support
SSL frontend support (with SNI)
Clean AngularJS Web UI
Websocket support
HTTP/2 support
Retry request if network error
Let's Encrypt support (Automatic HTTPS with renewal)
Demo

Here is a talk (in french) given by Emile Vauge at the Devoxx France 2016 conference. You will learn fundamental Træfɪk features and see some demos with Docker, Mesos/Marathon and Lets'Encrypt.

 

[QoolBox]

à toi de jouer Giopas

 

[giopas]

Wow, merci!!!!!

Je viens de recevoir aujourd'hui mes 16Go de RAM. Je l'installe, je vois que tout marche et puis je vais m'y mettre dessus!

 

[Celena-007]

Interessant

Et la x64 ??

 

[giopas]

Salut Stéphane,

si je lis correctement, ce service est capable de "publier" des services web internes (comme Sonars, Couchpotato, etc...) sur le web en utilisant la porte 80 (http) ou 8081 (https). Le tout c'est possible en utilisant une simple HTML frontend.

Question:

1. sur quelle porte je trouve ce frontend?
2. est-ce que l'accès à cette resource est sécurisé (login + mot de passe)?
3. vu que j'ai déjà pas mal de Reverse Proxy sur Apache, est-ce que je dois les désactiver avant d'installer Traefik?
4. est-ce qu'on peut continuer à utiliser Apache (Qthttpd) avec Traefik au même temps (sur la porte 80)?

Avant d'installer je voudrais m'assurer de ne rien casser

Merci!

giopas

 

[QoolBox]

il écoute sur 80 et frontend sur 8081...

à vrai dire pas vraiment testé, y a un paquet d'options..

 

[giopas]

Ok, merci Stéphane, c'est déjà un début.

Je vais alors attendre d'acheter le nouveau NAS (d'ici 1-2 mois ainsi je pourrais jouer un peu avec celui là avant de tout changer dans l'ancien)

 

[QoolBox]

updated to 1.0.2

 

[QoolBox]

updated following giopas request

 

[giopas]

Merci Stéphane !!!! ))

Édit: grâce à l'aide de Celena, d'ici quelque jour je vais publier une guide détaillée pour la configuration avec quelque exemple.

Sent from my A0001 using Tapatalk

 

[giopas]

Salut Stéphane,

la version 1.1.1. est sortie avec un peux de fix. Est-ce que tu pourrais mettre à jour le paquet (par info il faut faire le bck des fichiers de config avant l'installation sinon ils sont effacés) stp?

J'ai encore quelque problème avec https, sousdirectories et jetty, mais si/quand j'arrive à resoudre, je vais poster une guide

Merci,

giopas

 

[QoolBox]

ok je met ca à jours rapidement

 

[giopas]

Merci!

Sent from my A0001 using Tapatalk

 

[QoolBox]

updated

pour notre Giopas (se partout)

 

[giopas]

Merci chef!!!

Sent from my A0001 using Tapatalk

 

[giopas]

Salut les amis!

J'ai écris ici un petit [Tuto] pour utiliser Traefik.

Je remercie Celena-007 pour tout le support donné mrgreen et pour tout le support qu'il pourra encore donner, car c'est lui le Pro en Traefik!!

Je reporte ici les steps (en anglais) pour le bénéfice de notre communauté et ainsi que petit à petit on puisse le compléter.

D'ailleurs, Stéphane, il y a la version 1.2 qui va sortir...

Hi,

Few months ago I tried to set up Traefik with the fantastic support of Celena-007. Unfortunately I stopped at the end as Traefik was still not fitting all my requirements.

However I think it is time to share some information, as I remember (I may have skipped some steps, in case please tell me and I will clarify).

Important note
As Traefik in intended to work as a reverse proxy on port 80 (and 443 if needed), the easiest way to do not interfere with the built-in QTS apache service is to make Traefik listening on a specific network interface (e.g. 192.168.1.09) and make the built-in QTS apache running on the other(s) (e.g. 192.168.1.10).

This means that - in the easiest situation - you will have to run Traefik on a NAS having at least 2 ethernet ports.

Installation

1. on QTS activate the "service binding" feature and exclude ALL services from the interface where Traefik will run.

2. from the general settings panel of QTS, ensure the NAS WebUI is not accessible from port 80 (nor 443)

3. change built-in QTS apache service to listen on a specific interface. To do so, from an SSH terminal, modify /etc/config/apache/apache.conf to obtain the line below:

Listen 192.168.1.10:80

4. install Traefik (pay attention to download the right x32 or x64 version otherwise it does not work!)

5. as suggested by Celena-007 the easiest is to separate the config file (traefik.toml) with the server one (servers.toml) of Traefik which will be available on /opt/Traefik/.

I will attach here a simple configuration file, knowing that you are of course free to read, adjust and add additional parameters (I have only configured the plain HTTP part):

################################################################
# Global configuration
################################################################

# Entrypoints definition

[entryPoints]
	[entryPoints.http]
		address = "192.168.1.9:80"
#       [entryPoints.https]
#               address = "192.168.1.9:443"
#	[entryPoints.http.redirect]
#		entryPoint = "https"
#	[entryPoints.https]
#		address = "192.168.1.9:443"
#	[entryPoints.https.tls]
#	[[entryPoints.https.tls.certificates]]
#	CertFile = "/opt/Traefik/certificate.crt"
#	KeyFile = "/opt/Traefik/certificate.key"

# Traefik logs file
# If not defined logs to stdout

traefikLogsFile = "traefik.log"

################################################################
# Web configuration backend
################################################################

# Enable web configuration backend
#
# Optional
#
	[web]

# Web administration port
#
# Required
#
	address = "127.0.0.1:8088"

# SSL certificate and key used
#
# Optional
#
# CertFile = "traefik.crt"
# KeyFile = "traefik.key"
#
# Set REST API to read-only mode
#
# Optional
	ReadOnly = false

################################################################
# File configuration backend
################################################################

# Enable file configuration backend
#
# Optional
#
	[file]

# Rules file
# If defined, traefik will load rules from this file,
# otherwise, it will load rules from current file (cf Sample rules below).
#
# Optional
#
	filename = "servers.toml"

# Enable watch file changes
#
# Optional
#
	watch = true

The following is the servers.toml:

loglevel = "DEBUG"

[backends]

## QTS access
[backends.server1]
        [backends.server1.servers.server1]
            url = "http://192.168.1.10:8080"
[backends.server2]
        [backends.server2.servers.server1]
            url = "http://127.0.0.1:8080"

## Traefik WebUI
[backends.traefik]
        [backends.traefik.servers.server1]
            url = "http://127.0.0.1:8088"

## Router
[backends.router]
        [backends.router.servers.server1]
            url = "http://192.168.1.1"

# Other apps
[backends.keybox]
        [backends.keybox.servers.server1]
            url = "http://127.0.0.1:58000"
[backends.sonarr]
        [backends.sonarr.servers.server1]
            url = "http://127.0.0.1:8989"
[backends.couchpotato]
        [backends.couchpotato.servers.server1]
            url = "http://127.0.0.1:5050"
[backends.transmission]
        [backends.transmission.servers.server1]
            url = "http://127.0.0.1:9091"
[backends.jackett]
        [backends.jackett.servers.server1]
            url = "http://127.0.0.1:9117"
[backends.cardigann]
        [backends.cardigann.servers.server1]
            url = "http://127.0.0.1:5060"
[backends.plex]
        [backends.plex.servers.server1]
            url = "http://127.0.0.1:32400"

## External sites
[backends.pastebin]
        [backends.pastebin.servers.server1]
            url = "http://pastebin.com"

[frontends]

## QTS access
[frontends.server1]
    backend = "server1"
    entrypoints = ["http"]
        [frontends.server1.routes.server1_1]
        rule = "Host:server1.mydomain.com"
[frontends.server2]
    backend = "server2"
    entrypoints = ["http"]
        [frontends.server2.routes.server2_1]
        rule = "Host:server2.mydomain.com"

## Traefik WebUI
[frontends.traefik]
    backend = "traefik"
    entrypoints = ["http"]
        [frontends.traefik.routes.traefik_1]
        rule = "Host:traefik.mydomain.com"

## Router
    [frontends.router]
    backend = "router"
    entrypoints = ["http"]
        [frontends.router.routes.router_1]
        rule = "Host:router.mydomain.com"

## server2 installed applications
[frontends.keybox]
     backend = "keybox"
     entrypoints = ["http"]
         [frontends.keybox.routes.keybox_1]
         rule = "Host:keybox.mydomain.com"
[frontends.sonarr]
    backend = "sonarr"
    entrypoints = ["http"]
        [frontends.sonarr.routes.sonarr_1]
        rule = "Host:sonarr.mydomain.com"
[frontends.couchpotato]
   backend = "couchpotato"
    entrypoints = ["http"]
        [frontends.couchpotato.routes.couchpotato_1]
        rule = "Host:couchpotato.mydomain.com"
[frontends.transmission]
    backend = "transmission"
    entrypoints = ["http"]
        [frontends.transmission.routes.transmission_1]
        rule = "Host:transmission.mydomain.com"
[frontends.jackett]
    backend = "jackett"
    entrypoints = ["http"]
        [frontends.jackett.routes.jackett_1]
        rule = "Host:jackett.mydomain.com"
[frontends.cardigann]
    backend = "cardigann"
    entrypoints = ["http"]
        [frontends.cardigann.routes.cardigann_1]
        rule = "Host:cardigann.mydomain.com"
[frontends.plex]
    backend = "plex"
    entrypoints = ["http"]
        [frontends.plex.routes.plex_1]
        rule = "Host:plex.mydomain.com"

## External sites
[frontends.pastebin]
    backend = "pastebin"
    entrypoints = ["http"]
        [frontends.pastebin.routes.pastebin_1]
        rule = "Host:pastebin.mydomain.com"

6. restart the NAS (it is easier).

7. start Traefik (if it is not running already, it is also useful to see if there is a problem):

[~] # /etc/init.d/Traefik.sh restart

8. on the router portforward requests to port 80 to 192.168.1.09.

9. from outside of your network (unless your router is smart enough to understand that you are actually requesting a local content), go to any of the addresses above and see if Traefik works.

I hope this is helpful. Please leave a feedback as I may want to try again later. :lol:

giopas

ps: I leave here a list of useful commands to understand if Traefik and QTS built-in apache are listening correctly on the right interfaces:

a) receive a list of available network interfaces and their ipv4 address:

[~] # /sbin/ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }'

b) know which services are listening on port 80:

[~] # lsof -Pnl +M -i4 |grep :80

c) know which services are using ports:

[~] # lsof -i :80 | grep LISTEN

d) quickly see if apache.conf is well pointing to the right ip:

[~] # cat /etc/config/apache/apache.conf |grep Listen

e) quickly see if Traefik is well pointing to the right ip:

[~] # cat /opt/Traefik/traefik.toml |grep 80

f) quickly know if Traefik is running:

[~] # ps aux |grep Traefik

 

[QoolBox]

merci GioPas

 

[QoolBox]

updated to 1.2.00

 

[QoolBox]

updated to 1.3.0

 

[QoolBox]

updated to 1.3.1