The time had come for me to start posting live demo versions of some of my projects online. Initially, I was focused on just getting those projects up and running, without putting much thought into how I will actually host any of them. One of my projects was already Dockerized, and I knew that this would be a big help in deployment.
The problem was this: even if I deployed a server with one project running successfully, I was still limited to one application per server. After building a few portfolio projects, spending $5/mo per server seemed wasteful and unsustainable. There had to be a way to route traffic through the exposed ports (80/443) on a web server to different internal ports that are not publicly exposed (Docker containers).
Also, I had multiple projects requiring different versions of PHP. I had no choice but to Dockerize everything, and so I was on the hunt for a platform that would help manage multiple container/projects on one single server.
Enter Docker & Traefik
After I had looked around for the best solutions, I settled on a DigitalOcean Droplet running Ubuntu 18.04 with Docker and Traefik installed. Traefik, which was new territory for me, is a reverse proxy. As mentioned above, the problem was getting the ports correctly routed from the exposed ports to the internal Docker ports. On a basic level, Traefik takes the requests entering through the exposed ports (80/443) and uses the configuration in each project's Docker files to decide which (if any) containers should receive this traffic.
This solved all my problems. Now that Traefik could handle the internal routing, I could just start deploying Dockerized projects. As an added bonus, Traefik will handle Let's Encrypt certificate generation for all hosted applications too.
To be honest, the setup process was touted by many as "easy". I didn't find it easy.
My first step in setting up my fancy little server was actually starting one up. I went over to DigitalOcean and I deployed a $5/mo droplet in Toronto, and used a "One-click" Docker app as a starting point.
I then SSH'ed into the droplet and reset the root password. Next I created a new user with sudo permissions. This is really important, and instructions can be found here for that process.
Then, I used my newly created user to install docker-compose. I needed this because some of my projects use docker-compose, and the one-click Docker Droplet app does not have it installed by default. The tutorial can be found here.
Only then was I ready to start installing Traefik. I highly recommend using this tutorial and reading it from top to bottom. This part of the setup is tricky, and Traefik is well documented but can be set up in multiple ways. Finding one tutorial and sticking to it is the best way to avoid countless configuration errors because of slightly differing instructions. The tutorial from DigitalOcean I linked above worked for me.
Once Traefik was installed and I was able to access the admin page, I started trying to configure my projects. Traefik requires the use of Dockerized projects because it uses the Docker files to determine which traffic belongs where. A basic configuration is mentioned in the DigitalOcean tutorial above, however Googling for my specific use cases proved to be very helpful as well.
Mistakes Were Made
I'll admit it, I made some mistakes. The problems I encountered were mostly due to getting confused by all the moving parts in configuring this server. If Traefik is set up incorrectly, none of the linked projects will work. If your projects' Traefik configs are set up incorrectly, then Traefik will not work. It's a vicious cycle.
Words of Wisdom
- Understand the different ways Traefik is installed and configured. The tutorial above runs it as a Docker container - but there are other ways!
- Make sure the tutorials you follow all use the same software versions. All of my tutorials were based on Ubuntu 18.04.
- Make sure you can load the Traefik admin dashboard before trying to add any of your projects.
- Configure Traefik to route to the port of your web app, not it's database (yes, I did this).
- Ensure your database configurations are secure once they are deployed, DigitalOcean will email you if they find that your config is unsecure.