Skip to content

Commit

Permalink
Contributor Training Blog on Traefik Router (#219)
Browse files Browse the repository at this point in the history
  • Loading branch information
@rfay
rfay committed Jul 8, 2024
1 parent 5d60f4c commit 93e1024
Show file tree
Hide file tree
Showing 6 changed files with 157 additions and 213 deletions.
Binary file added public/img/blog/2024/07/traefik.logo.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
82 changes: 0 additions & 82 deletions src/content/blog/ddev-local-scratch-macos.md
View file

This file was deleted.

6 changes: 3 additions & 3 deletions src/content/blog/eight-more-ways-to-get-the-most-out-of-ddev-local.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: "Eight (more) ways to get the most out of DDEV"
pubDate: 2018-12-06
modifiedDate: 2020-02-05
modifiedDate: 2024-07-06
summary: A look at some useful and often-overlooked DDEV features.
author: Randy Fay
featureImage:
Expand Down Expand Up @@ -126,7 +126,7 @@ To get the JSON output on the command line, add this global flag to any command:

`ddev describe -j`

I’ve seen this used in some creative ways. In one case, I saw someone use JSON output to find the port that MySQL was using on the host. For another example, you could grab the HTTP URL and launch it automatically. If you have ideas and you’re playing with DDEV JSON output in your projects, [ping us on Twitter,](https://twitter.com/drud) we’d love to hear your ideas.
I’ve seen this used in some creative ways. In one case, I saw someone use JSON output to find the port that MySQL was using on the host. For another example, you could grab the HTTP URL and launch it automatically. If you have ideas and you’re playing with DDEV JSON output in your projects, join us in [Discord](https://discord.com/invite/5wjP76mBJD), we’d love to hear your ideas.

### Thanks for your feedback!

Expand All @@ -136,4 +136,4 @@ Coming soon: We’ll be rolling out opt-in data collection and error reporting t

### Want more tips? Follow us on Twitter and subscribe to the newsletter.

When I come across tips and tricks from the community, I usually tweet about them. You can follow me as [@randyfay](https://twitter.com/randyfay) and the main [@drud](https://twitter.com/drud/) account where we tweet product news, tips, and other relevant info regularly. And of course, sign up to the newsletter for product updates and announcements.
When I come across tips and tricks from the community, I usually tweet about them. You can follow me as [@randyfay](https://twitter.com/randyfay).
10 changes: 5 additions & 5 deletions src/content/blog/ten-more-ways-to-increase-your-efficiency-with-ddev-local.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: "Ten more ways to increase your efficiency with DDEV"
pubDate: 2020-03-25
modifiedDate: 2024-07-06
summary: DDEV usage and feature highlight.
author: Randy Fay
featureImage:
Expand All @@ -19,9 +20,8 @@ Sometimes as the releases go by not everybody ends up noticing new features in D
4. **`ddev mysql`** launches the MySQL client in the db container and lets you interact with it, so you can do anything you might usually do with MySQL. And you don’t need to have the MySQL client installed on your local machine. I mostly use the interactive mode, but also with `ddev mysql -uroot -proot` to use root privileges, or `echo "SHOW TABLES;" | ddev mysql`
5. **`ddev share`** is a wonderful way to show off your work to a collaborator or client. You need [ngrok](https://ngrok.com/) (even without a login, even without a paid account) and you can [look at your project together](https://ddev.com/blog/sharing-a-ddev-local-project-with-other-collaborators/) with somebody else anywhere in the world.
6. **HTTPS**: Are you getting the most out of DDEV’s HTTPS support? It was the most popular feature of 2019 in our recent survey about favorite features. Run `ddev poweroff && mkcert -install` and you’ll have trusted local HTTPS URLs in most browsers (and the HTTP URLs still work fine too).
7. **NFS**: If you’re on macOS or Windows and not yet using NFS to mount files into the container, you’ll find [it provides better performance](https://ddev.readthedocs.io/en/stable/users/performance/) by quite a bit, and also provides more consistent server-like behavior than Docker mounts do on macOS or Windows.
8. **Custom Commands** are amazingly easy to create. Does your team have a workflow that isn’t built into DDEV? Add a [custom command ](https://ddev.readthedocs.io/en/stable/users/extend/custom-commands/)– it’s a simple shell script. The [ddev-contrib](https://github.com/ddev/ddev-contrib) repository has a number of [custom command examples](https://github.com/ddev/ddev-contrib#custom-command-examples) as well.
9. **Updating**: Are you updating DDEV the easy way? Homebrew for macOS and Linux and Chocolatey for Windows make it pretty painless. `ddev poweroff && brew upgrade ddev`, `ddev poweroff && choco upgrade -y ddev` Recommended! ([docs](https://ddev.readthedocs.io/en/stable/#installation)) (Note that we also maintain the ddev-bin AUR repository for ArchLinux/Manjaro users).
10. **FAQ**: Have you glanced at the[ FAQ](https://ddev.readthedocs.io/en/stable/users/faq/) lately? We’d love to hear about new things you would like to see there or anywhere in our docs, hit us up on [any of our support channels](https://ddev.readthedocs.io/en/stable/users/support/).
7. **Custom Commands** are amazingly easy to create. Does your team have a workflow that isn’t built into DDEV? Add a [custom command ](https://ddev.readthedocs.io/en/stable/users/extend/custom-commands/)– it’s a simple shell script. The [ddev-contrib](https://github.com/ddev/ddev-contrib) repository has a number of [custom command examples](https://github.com/ddev/ddev-contrib#custom-command-examples) as well.
8. **Updating**: Are you updating DDEV the easy way? See [upgrade details for every environment](https://ddev.readthedocs.io/en/stable/users/install/ddev-upgrade/).
9. **FAQ**: Have you glanced at the[ FAQ](https://ddev.readthedocs.io/en/stable/users/usage/faq/) lately? We’d love to hear about new things you would like to see there or anywhere in our docs, hit us up on [any of our support channels](https://ddev.readthedocs.io/en/stable/users/support/).

Take a look at my own[ favorite commands](https://ddev.readthedocs.io/en/stable/users/cli-usage/#favorite-commands) and see if you’re using them all. Is there anything we should add there? [Give us a shout on Twitter!](http://twitter.com/drud)
Take a look at my own[ favorite commands](https://ddev.readthedocs.io/en/stable/users/cli-usage/#favorite-commands) and see if you’re using them all. Is there anything we should add there? [Give us a shout on Twitter!](http://twitter.com/randyfay).
140 changes: 140 additions & 0 deletions src/content/blog/traefik-configuration-contributor-training.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
---
title: "Contributor Training: Traefik Configuration"
pubDate: 2024-07-08
# modifiedDate: 2024-07-23
summary: Traefik Custom Configuration for DDEV
author: Randy Fay
featureImage:
src: /img/blog/2024/07/traefik.logo.png
alt: Traefik Configuration for DDEV
categories:
- Training
- Guides
---

DDEV's **router** is the system component that accepts HTTP and HTTPS requests and gets them to the right web server or other server component. It's the reason that all your DDEV projects can use the default ports 80 and 443, and it's also where TLS/SSL is terminated so HTTPS works so nicely with DDEV, and you can use "real" URLs like `https://example.ddev.site` without adding an ugly port for every different project, and without clicking around browser warnings about insecure sites.

Here's our June 19, 2024 [Contributor Training](/blog/category/training) on how the Traefik router works in DDEV:

<iframe width="560" height="315" src="https://www.youtube.com/embed/9f9Zbze7VP8?si=D9hywble6WqdqVa5" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>

## What is Traefik and the `ddev-router`?

DDEV's `ddev-router` is based on the very popular open-source [Traefik Proxy](https://traefik.io/traefik/). Only a single router runs to route to all of your DDEV projects that are running at any given time. (The older `nginx-proxy` version of `ddev-router` has been deprecated and will be removed in DDEV v1.24.)

The router's basic jobs are

* to accept incoming HTTP and HTTPS traffic and route it to where it will be handled. (In DDEV this is done via the hostname.)
* to terminate TLS/SSL for HTTPS traffic. This is normally done via the local development `mkcert` certificate authority (CA) but DDEV also supports custom certificates and Let's Encrypt.

## Configuration Components

One of the great things about Traefik is its excellent community and [configuration documentation](https://doc.traefik.io/traefik/getting-started/configuration-overview/). DDEV uses this configuration as described in the [DDEV Traefik docs](https://ddev.readthedocs.io/en/stable/users/extend/traefik-router/).

The components of DDEV's Traefik configuration are:

* **Static configuration**

This is the basic configuration that the Traefik process runs with at startup, and it can only by changed by restarting `ddev-router`, typically with a `ddev poweroff` and `ddev start`. Static configuration includes things like logging levels, plugins, and Let's Encrypt configuration. It's rarely changed by DDEV users. Static configuration is provided in the global DDEV directory, normally `~/.ddev/traefik/static_config.yaml` (or in DDEV v1.23.4+ in `~/.ddev/traefik/.static_config.yaml`).

* **Dynamic Configuration**

Traefik's "dynamic configuration" is configuration whose changes are reflected immediately without a restart. In DDEV, a `ddev start` or `ddev restart` is still required for it to take effect, because the dynamic configuration has to be pushed into the `ddev-router` container before the Traefik process can "see" it.

The dynamic configuration is automatically generated by DDEV and is stored in the project's `.ddev/traefik/config/<projectname>.yaml`, and typically includes a "router" and a "service".

This is a simplified dynamic configuration for a project called "d10":

```yaml
http:
routers:
d10-web-80-http:
entrypoints:
- http-80
rule: HostRegexp(`d10.ddev.site`)
service: "d10-web-80"
tls: false

d10-web-80-https:
entrypoints:
- http-443
rule: HostRegexp(`d10.ddev.site`)
service: "d10-web-80"
tls: true
services:
d10-web-80:
loadbalancer:
servers:
- url: http://ddev-d10-web:80
```

It defines two routers (named "d10-web-80-http" and "d10-web-80-https"). One accepts HTTP traffic (without TLS) on port 80, and the other accepts HTTPS traffic on port 443. They both capture traffic with the same hostname, "d10.ddev.site", and they both deliver their traffic to the same back-end web server service (the `ddev-webserver`) at `http://ddev-d10-web:80`.

* **Routers**

Routers define where HTTP/S traffic is accepted from, and are the TLS termination for HTTPS traffic. Then a "rule" defines which hostname patterns are eligible to be routed. For example, a typical router might look like this:

```yaml
http:
routers:
d10-web-80-http:
entrypoints:
- http-80
rule: HostRegexp(`d10.ddev.site`)
service: "d10-web-80"
tls: false
```

This router has the name `d10-web-80-http`; this is an arbitrary name, but must be unique.

It listens to traffic coming in on the entrypoint named `http-80` (which is also an arbitrary and unique name, but in DDEV it's just "port 80 on ddev-router").

It checks to see if the hostname in the URL is `d10.ddev.site`. If traffic comes in on `http-80` and has the hostname "d10.ddev.site" in the URL, then this router delivers the traffic to the service named "d10-web-80", which is also an arbitrary but unique name.

* **Middlewares**

Middlewares are content processors that can be invoked after traffic is accepted by a router and before it's delivered to a service. Multiple middlewares can be defined and added. By default, DDEV v1.23.4+ does not inject any middlewares, but they can be added with custom configuration.

A classic middleware to add would be the built-in [redirectScheme](https://doc.traefik.io/traefik/middlewares/http/redirectscheme/) HTTP->HTTPS redirection, for example:

```yaml
http:
middlewares:
redirectHttps:
redirectScheme:
scheme: https
permanent: true
```

* **Services**:

Services define where traffic should be sent after it is captured by a router and optionally processed by a set of middlewares. The trivial service in the DDEV-generated dynamic configuration above demonstrates it.


## "File" provider configuration, not "Docker" provider configuration

Many non-DDEV uses of Traefik use the "Docker" provider, which can automatically listen to activity inside the Docker world. That feature enables a Traefik process to automatically listen to what's going on and automatically discover Docker services with particular tags on them. However, it means that the Traefik container must have the Docker socket mounted into it, which is a massive security concern. As a result, DDEV uses the *file* provider, and pushes the needed (generated) files into the `ddev-router` container for Traefik to use.

This means that some tutorials you may find which use the "Docker" provider will be misleading.

## Traefik Dashboard

DDEV provides the Traefik dashboard graphical representation at http://127.0.0.1:10999. This link is shown at the bottom of `ddev list`.

## Experimenting with dynamic configuration

When you're trying to understand how dynamic configuration works, it's handy to make changes interactively. I sometimes use two terminal windows, one where I run `docker exec -it ddev-router bash` and `cd config` to get into the dynamic configuration directory. In the other I run `docker logs -f ddev-router` to see the various things that traefik is trying to tell me. I can edit the configuration files to my heart's delight inside the container, and see everything that's happening in the logs. And when I'm done, a simple `ddev start` will replace any of my edits with the original files from my project.

## Casual Hosting

DDEV can be configured for ["casual hosting"](https://ddev.readthedocs.io/en/stable/users/topics/hosting/), meaning live-on-the-internet hosting of websites. It works fine, and people use it for staging sites, demonstrating current status to stakeholders, and even live hosting. I have been running a few small sites on a $20 Linode server for several years without trouble. But these sites do not have specific performance requirements and don't get a lot of traffic. Although "casual hosting" works fine, DDEV and its Docker images are designed for local development use, both from a performance and a security perspective, so your mileage may vary.

"Casual hosting" even encompasses using [Let's Encrypt](https://letsencrypt.org/) to get free "real" TLS/SSL certificates.

In DDEV v1.23.4+ Casual hosting will be possible using Traefik, but until that release it requires the deprecated nginx-proxy router. The new capabilities use Traefik features, and were just [pulled into DDEV HEAD recently](https://github.com/ddev/ddev/pull/6317).

## Contributions welcome!

Your suggestions to improve this blog are welcome. You can do a PR to this blog adding your techniques. Info and a training session on how to do a PR to anything in ddev.com is at [DDEV Website For Contributors](/blog/ddev-website-for-contributors/).

Join us for the next [DDEV Live Contributor Training](/blog/contributor-training/). Sign up at [DDEV Live Events Meetup](https://www.meetup.com/ddev-events/events/).
Loading

0 comments on commit 93e1024

Please sign in to comment.