đź“ť Traefik 2, use the binary without docker
This post explain you how to install and configure Traefik without docker.
Traefik is a reverse proxy designed to play with containers (docker or Kubernetes). However, it is possible to use Traefik with its binary and take advantage of its features in systems which don't have containers.
Version | Date | Comments |
---|---|---|
1 | 05/2022 | Document creation |
2 | 06/2023 | Add some information about the environment and execution context, update versions, fix paths, change permalink of the post |
Goal : Install the Traefik's binary
Environment : Debian 12
, Traefik 2.10
.
Execution context :‌
- path where are every folder and files :
/etc/traefik
- path of the principal configuration file for Traefik :
/etc/traefik/traefik.yml
- folder where are every dynamic configuration files :
/etc/traefik/dynamic
- path of the file which is used to store SSL certificates for let's encrypt (or other provider) :
/etc/traefik/acme.json
- folder to store logs :
/var/logs/
The interest of using the binary instead of the container can be discussed for a long time, but it's not the objective here. No presentation around Traefik in this documentation, you can read it here.
System preparation
Start by download the binary from the official GitHub repository : https://github.com/containous/traefik/releases. I'll use the 2.10.3 version in a VM, which is a Debian 12.1. Tests were done too, with success in an Ubuntu 20.04.2.
cd /tmp && wget https://github.com/traefik/traefik/releases/download/v2.10.3/traefik_v2.10.3_linux_amd64.tar.gz && tar xzvf traefik_v2.10.3_linux_amd64.tar.gz
To quickly test its functions, start the binary and look at the listening port on your machine:
./traefik
ss -ntlp # should give this informations :
LISTEN 0 128 *:80 *:* users:(("traefik",pid=450,fd=3))
Without configuration file or option, Traefik will listen (by default) on the port 80/TCP. There is no automatic redirection, no TLS section, no redirection to your internal services, no dashboard…
Let's copy the binary to a specific path, with the needed rights for “root”:
cp /tmp/traefik /usr/bin/.
chown root: /usr/bin/traefik
chmod 755 /usr/bin/traefik
User root
is mandatory. Indeed, Traefik needs to have some system privileges to listen to system ports, like 80 and 443. If you have an idea to use Traefik without root, let's type it in the comment section !
Like docker version, Traefik is owned by the user “traefik” — its default folder is /etc/traefik
for its configuration files. After downloading the binary, you have to create this configuration (example):
groupadd traefik
useradd -g traefik --no-user-group -d /etc/traefik --no-create-home -s /usr/sbin/nologin -r traefik
mkdir -p /etc/traefik/dynamic
chown -R traefik: /etc/traefik/.
touch /var/log/traefik.log && chown traefik: /var/log/traefik.log
In my precedent configuration files for Traefik, I used to use the path /etc/traefik/dynamic
to store dynamic configuration files.
Log file are in the folder/var/log
, which is the default path. Principal configuration file of Traefik is in the folder /etc/traefik
.
Traefik preparation
Create the configuration file “/etc/traefik/traefik.yml
”:
---
global:
sendAnonymousUsage: false
checkNewVersion: false
api:
dashboard: true
log:
filePath: "/etc/traefik/applog.log"
format: json
level: "ERROR"
providers:
docker:
endpoint: unix:///var/run/docker.sock
exposedByDefault: false
watch: true
swarmMode: false
file:
directory: "/dynamic"
watch: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
I comment the block about the automatic redirection from HTTP to HTTPS. This bloc is not mandatory for the first start.
Now, create the systemd file in the path /lib/systemd/system/
. Here's the content of the file traefik.service
:
# /lib/systemd/system/traefik.service
[Unit]
Description=traefik service
After=network-online.target
[Service]
Type=simple
User=root
Group=root
Restart=on-failure
TimeoutStopSec=300
ExecStart=/usr/bin/traefik --configFile=/etc/traefik/traefik.yml
[Install]
WantedBy=multi-user.target
Give it some rights and update the systemd index :
chown root: /lib/systemd/system/traefik.service && chmod 644 /lib/systemd/system/traefik.service
systemctl daemon-reload && systemctl start traefik.service
Now, Traefik is up and ready to forward some requests. The configuration file traefik.yml
I typed in this post is simple but ready to go.
To access to the dashboard, open your navigator and type the IP of Traefik with its port 8080
. Now it's time to configure your services…!
Bonus – Ansible
Manual installation is a step to learn and try. I created an Ansible role to install Traefik, which is a resume of this post. You can take it in this GitHub repository : https://github.com/Mettmett/ansible-traefik