đź“ť Traefik 2, use the binary without docker

This post explain you how to install and configure Traefik without docker.

logo traefik

Traefik is a reverse proxy designed to play with containers (docker or Kubernetes). However, it is possible to use Traefik with its binary and take advantage of its features in systems which don't have containers.

Version Date Comments
1 05/2022 Document creation
2 06/2023 Add some information about the environment and execution context, update versions, fix paths, change permalink of the post

Goal : Install the Traefik's binary

Environment : Debian 12, Traefik 2.10.

Execution context :‌

jho@vmi866042:/etc/traefik$ tree
.
├── dynamic
│   ├── general.yml
│   ├── routersservices.yml
├── traefik.yml
├── acme.json
RĂ©sultat de la commande "tree" dans le dossier /etc/traefik
  • path where are every folder and files : /etc/traefik
  • path of the principal configuration file for Traefik : /etc/traefik/traefik.yml
  • folder where are every dynamic configuration files : /etc/traefik/dynamic
  • path of the file which is used to store SSL certificates for let's encrypt (or other provider) : /etc/traefik/acme.json
  • folder to store logs : /var/logs/

The interest of using the binary instead of the container can be discussed for a long time, but it's not the objective here. No presentation around Traefik in this documentation, you can read it here.

System preparation

Start by download the binary from the official GitHub repository : https://github.com/containous/traefik/releases. I'll use the 2.10.3 version in a VM, which is a Debian 12.1. Tests were done too, with success in an Ubuntu 20.04.2.

cd /tmp && wget https://github.com/traefik/traefik/releases/download/v2.10.3/traefik_v2.10.3_linux_amd64.tar.gz && tar xzvf traefik_v2.10.3_linux_amd64.tar.gz

To quickly test its functions, start the binary and look at the listening port on your machine:

./traefik
ss -ntlp # should give this informations :

LISTEN  0       128                  *:80                  *:*      users:(("traefik",pid=450,fd=3))  

Without configuration file or option, Traefik will listen (by default) on the port 80/TCP. There is no automatic redirection, no TLS section, no redirection to your internal services, no dashboard…

Let's copy the binary to a specific path, with the needed rights for “root”:

cp /tmp/traefik /usr/bin/.
chown root: /usr/bin/traefik
chmod 755 /usr/bin/traefik

User root is mandatory. Indeed, Traefik needs to have some system privileges to listen to system ports, like 80 and 443. If you have an idea to use Traefik without root, let's type it in the comment section !

Like docker version, Traefik is owned by the user “traefik” — its default folder is /etc/traefik for its configuration files. After downloading the binary, you have to create this configuration (example):

groupadd traefik
useradd -g traefik --no-user-group -d /etc/traefik --no-create-home -s /usr/sbin/nologin -r traefik

mkdir -p /etc/traefik/dynamic
chown -R traefik: /etc/traefik/.

touch /var/log/traefik.log && chown traefik: /var/log/traefik.log

In my precedent configuration files for Traefik, I used to use the path /etc/traefik/dynamic to store dynamic configuration files.

Log file are in the folder/var/log, which is the default path. Principal configuration file of Traefik is in the folder /etc/traefik.

Traefik preparation

Create the configuration file “/etc/traefik/traefik.yml”:

---
global:
  sendAnonymousUsage: false
  checkNewVersion: false

api:
  dashboard: true

log:
  filePath: "/etc/traefik/applog.log"
  format: json
  level: "ERROR"

providers:
  docker:
    endpoint: unix:///var/run/docker.sock
    exposedByDefault: false
    watch: true
    swarmMode: false
  file:
    directory: "/dynamic"
    watch: true

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"

I comment the block about the automatic redirection from HTTP to HTTPS. This bloc is not mandatory for the first start.

Now, create the systemd file in the path /lib/systemd/system/. Here's the content of the file traefik.service :

# /lib/systemd/system/traefik.service
[Unit]
Description=traefik service
After=network-online.target

[Service]
Type=simple
User=root
Group=root
Restart=on-failure
TimeoutStopSec=300
ExecStart=/usr/bin/traefik --configFile=/etc/traefik/traefik.yml

[Install]
WantedBy=multi-user.target

Give it some rights and update the systemd index :

chown root: /lib/systemd/system/traefik.service && chmod 644 /lib/systemd/system/traefik.service

systemctl daemon-reload && systemctl start traefik.service

Now, Traefik is up and ready to forward some requests. The configuration file traefik.yml I typed in this post is simple but ready to go.

To access to the dashboard, open your navigator and type the IP of Traefik with its port 8080. Now it's time to configure your services…!


Bonus – Ansible

Manual installation is a step to learn and try. I created an Ansible role to install Traefik, which is a resume of this post. You can take it in this GitHub repository : https://github.com/Mettmett/ansible-traefik