Jafner/homelab
1
1
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity

Figure Out How to Distribute Services Across Multiple Hosts #71

New Issue
Open
opened 2022-11-25 17:15:12 -08:00 by Jafner · 7 comments
Jafner commented 2022-11-25 17:15:12 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

The biggest obstacle to this is SSL termination and routing. Our current configuration looks like this:

graph TD;
Internet --:80,:443--> Router
Router --Port Forward--> Server[Main Server]
Server --Docker Port Mapping--> Traefik1[Main Server Traefik Instance]
Traefik1 --Traefik Routing Rules--> Apps[App Containers]

But we ultimately want a system with the capacity to support additional hosts with proper SSL/TLS termination. Something like this:

graph TD;
Internet --:80,:443--> Router  
Router --Port forward--> Server[Main Server]
Server --Docker Port Mapping-->Traefik1[Traefik Instance to Route to Host]
Traefik1 --Traefik TCP Router--> Traefik2[Main Server Traefik Instance]
Traefik1 --Traefik TCP Router--> Server2[Second Server Traefik Instance]
Traefik2 --Traefik HTTP Routing--> Apps1[App Containers on Main Server]
Server2 --> Apps2[App Containers on Second Server]

This should be possible using TCP routers.
https://www.reddit.com/r/Traefik/comments/k79hjt/how_to_proxy_from_one_traefik_instance_to_another/
https://doc.traefik.io/traefik/routing/routers/#rule_1

The biggest obstacle to this is SSL termination and routing. Our current configuration looks like this: ```mermaid graph TD; Internet --:80,:443--> Router Router --Port Forward--> Server[Main Server] Server --Docker Port Mapping--> Traefik1[Main Server Traefik Instance] Traefik1 --Traefik Routing Rules--> Apps[App Containers] ``` But we ultimately want a system with the capacity to support additional hosts with proper SSL/TLS termination. Something like this: ```mermaid graph TD; Internet --:80,:443--> Router Router --Port forward--> Server[Main Server] Server --Docker Port Mapping-->Traefik1[Traefik Instance to Route to Host] Traefik1 --Traefik TCP Router--> Traefik2[Main Server Traefik Instance] Traefik1 --Traefik TCP Router--> Server2[Second Server Traefik Instance] Traefik2 --Traefik HTTP Routing--> Apps1[App Containers on Main Server] Server2 --> Apps2[App Containers on Second Server] ``` This should be possible using TCP routers. https://www.reddit.com/r/Traefik/comments/k79hjt/how_to_proxy_from_one_traefik_instance_to_another/ https://doc.traefik.io/traefik/routing/routers/#rule_1
Jafner commented 2022-11-25 17:15:13 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

assigned to @Jafner

assigned to @Jafner
Jafner commented 2023-03-26 11:57:28 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

https://community.traefik.io/t/traefik-dispatcher-infront-of-other-traefik-instances/12962/6

https://community.traefik.io/t/traefik-dispatcher-infront-of-other-traefik-instances/12962/6
Jafner commented 2023-10-05 08:26:47 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

changed title from {-Evaluate Running Multiple Traefik Instance-}s to {+Figure Out How to Distribute Services Across Multiple Host+}s

changed title from **{-Evaluate Running Multiple Traefik Instance-}s** to **{+Figure Out How to Distribute Services Across Multiple Host+}s**
Jafner commented 2023-10-05 08:26:47 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

changed the description

changed the description
Jafner commented 2023-10-05 08:32:05 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

changed the description

changed the description
Jafner commented 2023-10-05 08:41:34 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

It might be worthwhile to consider the possibility of a host whose job is to handle networking tasks: VPN, PiHole, Traefik "outside" instance to route without SSL/TLS termination, DDNS, and maybe even an SSH bastion. These are all low-compute operations, so running on a low-power host like a Wyse is probably fine.

It might be worthwhile to consider the possibility of a host whose job is to handle networking tasks: VPN, PiHole, Traefik "outside" instance to route without SSL/TLS termination, DDNS, and maybe even an SSH bastion. These are all low-compute operations, so running on a low-power host like a Wyse is probably fine.
Jafner commented 2023-10-05 12:19:52 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

Here's our updated plan visualized:

graph TD;
Internet --DNS--> Cloudflare[Cloudflare DNS]
Cloudflare --Jafner.net--> Wizard[Router 'Wizard']
Cloudflare --Jafner.chat--> Wizard
Cloudflare --Jafner.dev--> Wizard
Cloudflare --Jafner.tools--> Druid[Digital Ocean Droplet 'Druid']
Wizard--Port forward :80,:443--> Paladin[Networking Server 'Paladin']
Paladin --Traefik TCP Router--> Fighter[Fighter Traefik Instance]
Paladin --Traefik TCP Router--> Warlock[Warlock Traefik Instance]
Paladin --Traefik HTTP Router--> Barbarian[Barbarian TrueNAS WebUI]
Paladin --Traefik HTTP Router--> Monk[Monk TrueNAS WebUI]
Paladin --Traefik HTTP Router--> Ranger[Ranger PiHole WebUI]
Fighter --Traefik HTTP Router--> FighterApps[Fighter Docker Apps]
Warlock --Traefik HTTP Router--> WarlockApps[Warlock Docker Apps]
Here's our updated plan visualized: ```mermaid graph TD; Internet --DNS--> Cloudflare[Cloudflare DNS] Cloudflare --Jafner.net--> Wizard[Router 'Wizard'] Cloudflare --Jafner.chat--> Wizard Cloudflare --Jafner.dev--> Wizard Cloudflare --Jafner.tools--> Druid[Digital Ocean Droplet 'Druid'] Wizard--Port forward :80,:443--> Paladin[Networking Server 'Paladin'] Paladin --Traefik TCP Router--> Fighter[Fighter Traefik Instance] Paladin --Traefik TCP Router--> Warlock[Warlock Traefik Instance] Paladin --Traefik HTTP Router--> Barbarian[Barbarian TrueNAS WebUI] Paladin --Traefik HTTP Router--> Monk[Monk TrueNAS WebUI] Paladin --Traefik HTTP Router--> Ranger[Ranger PiHole WebUI] Fighter --Traefik HTTP Router--> FighterApps[Fighter Docker Apps] Warlock --Traefik HTTP Router--> WarlockApps[Warlock Docker Apps] ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Jafner/homelab#71
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?