Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TCP proxy for MySQL connection (v2.0) #4981

Closed
cassvail opened this issue Jun 19, 2019 · 1 comment
Closed

TCP proxy for MySQL connection (v2.0) #4981

cassvail opened this issue Jun 19, 2019 · 1 comment

Comments

@cassvail
Copy link

@cassvail cassvail commented Jun 19, 2019

Do you want to request a feature or report a bug?

Bug

Did you try using a 1.7.x configuration for the version 2.0?

  • Yes
  • No

What did you do?

Using docker-compose and traefik.toml to expose a mysql database through a local domain name.
The final goal is to connect to multiple database with different domain names using the same standard port 3306.
I'm am not sure if I'm missing something from the configuration or it's actually an issue.

What did you expect to see?

Establish a connection to the database using as host
mysql.api.local or mysql.api.local:3306

What did you see instead?

Connection error / timeout

Output of traefik version: (What version of Traefik are you using?)

Version:      2.0.0-alpha4
Codename:     faisselle
Go version:   go1.12.4
Built:        2019-04-17T11:38:21Z
OS/Arch:      linux/amd64

What is your environment & configuration (arguments, toml, provider, platform, ...)?

[api]
entryPoint = "traefik"
dashboard = true

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.traefik]
    address = ":8080"
  [entryPoints.mysql]
    address = ":3306"

[providers]
  [providers.docker]
    endpoint = "unix:///var/run/docker.sock"

[docker]
domain = "local"
watch = true

docker-compose.yml

version: '3'

services:
  reverseproxy:
    image: traefik:2.0-alpine
    command: --api --providers.docker
    ports:
      - 80:80
      - 8080:8080
      - 3306:3306
    volumes:
      - ./traefik.toml:/etc/traefik/traefik.toml
      - /var/run/docker.sock:/var/run/docker.sock
    restart: always
    networks:
      - traefik
  mysql:
    image: mysql:5.7.21
    volumes:
      - ./_data/mysql/:/var/lib/mysql
    environment:
      MYSQL_DATABASE: admin
      MYSQL_USER: admin
      MYSQL_PASSWORD: admin
      MYSQL_ROOT_PASSWORD: admin
      MYSQL_ROOT_HOST: mysql.api.local
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.tcp.routers.mysql.rule=HostSNI(`mysql.api.local`)"
      - "traefik.tcp.routers.mysql.entryPoints=mysql"
    restart: always
    networks:
      - traefik

networks:
  traefik:
    external:
      name: traefik

http://localhost:8080/api/rawdata output

{
  "docker": {
    "HTTP": {
      "routers": {
        "reverseproxy_traefik": {
          "entryPoints": null,
          "service": "reverseproxy_traefik",
          "rule": "Host(`reverseproxy-traefik`)"
        }
      },
      "services": {
        "reverseproxy_traefik": {
          "loadbalancer": {
            "servers": [
              {
                "url": "http://172.29.0.2:80",
                "weight": 1
              }
            ],
            "method": "wrr",
            "passHostHeader": true
          }
        }
      }
    },
    "TCP": {
      "routers": {
        "mysql": {
          "entryPoints": [
            "mysql"
          ],
          "service": "mysql_traefik",
          "rule": "HostSNI(`mysql.api.local`)"
        }
      },
      "services": {
        "mysql_traefik": {
          "loadbalancer": {
            "servers": [
              {
                "address": "172.29.0.3:3306",
                "weight": 1
              }
            ],
            "method": "wrr"
          }
        }
      }
    },
    "TLSOptions": null,
    "TLSStores": null
  }
}

Thanks!

@SantoDE

This comment has been minimized.

Copy link
Contributor

@SantoDE SantoDE commented Jun 19, 2019

Hello @cassvail,

thanks for your interest in the project and this report. After some digging, I finally know what's going on. Let me explain the situation:

It is possible to use Traefik as TCP proxy for your desired usecase, but only, if you make use of TLS encrypted connections. Otherwise, based on the level 4 protocol, it's not possible to distinguish between the different hostnames and you would have to use one entrypoint per TCP router. I'll enhance our documents in that regards.

However, with the current version even a matcher of "traefik.tcp.routers.mysql.rule=HostSNI(*)" which is required for non-tls, will result in an error. We've implemented a fix for that behavior in #4938 which is going to be included in the next version (v.2-alpha6), which we're currently in the process of rolling-out (docker-library/official-images#6106). Once this version is released, you should not encounter any further issues.

However, In the meantime, you could give it a pre-test by using the

containous/traefik:experimental-v2.0

docker image and let us know if this fix works out for you. We would really appreciate it.

Sorry for the inconvenience.

@SantoDE SantoDE closed this Jun 19, 2019
@SantoDE SantoDE reopened this Jun 19, 2019
@SantoDE SantoDE closed this Jun 19, 2019
@ldez ldez removed the kind/bug/fix label Jun 19, 2019
@containous containous locked and limited conversation to collaborators Sep 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
4 participants
You can’t perform that action at this time.