đ Traefik 2, usage of HTTP/3
Traefik can send and receive HTTP/3 request. This post teach you how.
From version 2.5 of Traefik, you are now able to use HTTP/3 (QUIC). Keep in mind that this protocol is not production-ready and can lead to some instabilities.
Version | Date | Comments |
---|---|---|
1 | 05/2022 | Post creation |
1.1 | 08/2023 | Update versions, update the tool link, add a picture of the final result |
Goal : Give the capability for Traefik to receive/send HTTP/3 requests
Environment : Debian 12
, Docker 24.x
, docker compose (plugin) 2.20.x
, Traefik 2.10
.
Execution context :
jho@vmi866042:/opt/docker/dc$ tree
.
âââ conf
â  âââ acme.json
â  âââ traefik.yml
â  âââ traefikdynamic
â  â  âââ general.yml
â  â  âââ routersservices.yml
âââ docker-compose.yml
âââ logs
âââ traefikAccess.log
âââ traefik.log
- path where are every folder and files :
/opt/docker/dc
- path of the principal configuration file for Traefik :
/opt/docker/dc/conf/traefik.yml
- folder where are every dynamic configuration files :
/opt/docker/dc/conf/traefikdynamic
- path of the file which is used to store SSL certificates for let's encrypt (or other provider) :
/opt/docker/dc/conf/acme.json
- folder to store logs :
/opt/docker/dc/logs/
Principe and requirements
HTTP/3 is a new web standard to increase the navigation speed. Without going into details, it is a transport protocol to send HTTP requests faster than HTTP/2 (TCP), particularly with the use of UDP.
More information here :
Traefik configuration
Before you start configuring HTTP/3, be aware that it is not possible to let Traefik listen to the same UDP port and TCP port. In addition, the entry point used for HTTP/3 needs to be the same they use with the routers which have a TLS configuration. So you don't have to modify your services or add a label.
Configuration is simple: add the bloc "experimental" and modify the entry point which have the HTTPS bloc:
experimental:
http3: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
http3:
advertisedPort: "443"
You have to restart Traefik to commit changes. With this configuration, every router with the entry point "websecure" (in this example) will be reachable in HTTP/2 and HTTP/3.
Docker-compose file configuration
You need to add the 443/UDP
port for the Traefik container. So you might have this :
---
services:
traefik:
image: traefik:saintmarcelin
container_name: traefik
restart: unless-stopped
ports:
- target : 80
published : 80
protocol: tcp
mode : host
### BEGIN dashboad
- target : 8080
published : 8080
protocol: tcp
mode : host
### END dashboard
- target : 443
published : 443
protocol: tcp
mode : host
# HTTP/3 QUIC
- target : 443
published : 443
protocol: udp
mode : host
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./conf/traefikdynamic:/dynamic
- ./conf/traefik.yml:/etc/traefik/traefik.yml:ro
- ./conf/acme.json:/etc/traefik/acme.json
- ./logs/traefik.log:/etc/traefik/applog.log
environment:
TZ: Europe/Paris
Validate your access with this tool from Domsignal :
You should have this result if your configuration works: