From 3c446a7eb36dcb06480ee0e8f80521767498ee74 Mon Sep 17 00:00:00 2001 From: MohammadHasan Akbari <116190942+jarqvi@users.noreply.github.com> Date: Mon, 24 Nov 2025 20:43:46 +0000 Subject: [PATCH 1/5] chore: use dhi in traefik guide --- content/guides/traefik.md | 174 ++++++++++++++++++++++++++++++++------ 1 file changed, 147 insertions(+), 27 deletions(-) diff --git a/content/guides/traefik.md b/content/guides/traefik.md index cb048188874..5cd29ccc35d 100644 --- a/content/guides/traefik.md +++ b/content/guides/traefik.md @@ -47,17 +47,71 @@ Let’s do a quick demo of starting Traefik and then configuring two additional $ docker network create traefik-demo ``` -2. Start a Traefik container using the following command. The command exposes Traefik on port 80, mounts the Docker socket (which is used to monitor containers to update configuration), and passes the `--providers.docker` argument to configure Traefik to use the Docker provider. +2. Start a Traefik container using one of the following methods. - ```console - $ docker run -d --network=traefik-demo -p 80:80 -v /var/run/docker.sock:/var/run/docker.sock traefik:v3.6.2 --providers.docker - ``` +{{< tabs >}} +{{< tab name="Using Docker Hardened Images" >}} + +Docker Hardened Images (DHI) for Traefik are available on [Docker Hub](https://hub.docker.com/hardened-images/catalog/dhi/traefik). +Before you can use a DHI image, you must mirror it into your organization’s namespace. +Follow the [DHI quickstart](/dhi/get-started/) to create a mirrored repository. + +For example — use: +`FROM /dhi-traefik:` + +Then start a container using the Hardened image: + +```console +$ docker run -d --network=traefik-demo \ + -p 80:80 \ + -v /var/run/docker.sock:/var/run/docker.sock \ + /dhi-traefik:3.6.2 \ + --providers.docker +``` + +{{< /tab >}} +{{< tab name="Using the official image" >}} + +You can also use the official image from Docker Hub: + +```console +$ docker run -d --network=traefik-demo \ + -p 80:80 \ + -v /var/run/docker.sock:/var/run/docker.sock \ + traefik:v3.6.2 \ + --providers.docker +``` + +{{< /tab >}} +{{< /tabs >}} 3. Now, start a simple Nginx container and define the labels Traefik is watching for to configure the HTTP routing. Note that the Nginx container is not exposing any ports. - ```console - $ docker run -d --network=traefik-demo --label 'traefik.http.routers.nginx.rule=Host(`nginx.localhost`)' nginx - ``` +{{< tabs >}} +{{< tab name="Using Docker Hardened Images" >}} + +If your organization uses an [Nginx DHI image](https://hub.docker.com/hardened-images/catalog/dhi/nginx), +you can use the mirrored image name below. For example: + +```console +$ docker run -d --network=traefik-demo \ + --label 'traefik.http.routers.nginx.rule=Host(`nginx.localhost`)' \ + /dhi-nginx:1.29.3 +``` + +{{< /tab >}} +{{< tab name="Using the official image" >}} + +You can also run the official NGINX image as follows: + +```console +$ docker run -d --network=traefik-demo \ + --label 'traefik.http.routers.nginx.rule=Host(`nginx.localhost`)' \ + nginx:1.29.3 +``` + +{{< /tab >}} +{{< /tabs >}} Once the container starts, open your browser to [http://nginx.localhost](http://nginx.localhost) to see the app (all Chromium-based browsers route \*.localhost requests locally with no additional setup). @@ -83,31 +137,74 @@ The application can be accessed on GitHub at [dockersamples/easy-http-routing-wi 1. In the `compose.yaml` file, Traefik is using the following configuration: - ```yaml - services: - proxy: - image: traefik:v3.6.2 - command: --providers.docker - ports: - - 80:80 - volumes: - - /var/run/docker.sock:/var/run/docker.sock - ``` +{{< tabs >}} +{{< tab name="Using DHI image" >}} + +```yaml +services: + proxy: + image: /dhi-traefik:3.6.2 + command: --providers.docker + ports: + - 80:80 + volumes: + - /var/run/docker.sock:/var/run/docker.sock +``` + +{{< /tab >}} +{{< tab name="Using official image" >}} + +```yaml +services: + proxy: + image: traefik:v3.6.2 + command: --providers.docker + ports: + - 80:80 + volumes: + - /var/run/docker.sock:/var/run/docker.sock +``` + +{{< /tab >}} +{{< /tabs >}} Note that this is essentially the same configuration as used earlier, but now in a Compose syntax. 2. The client service has the following configuration, which will start the container and provide it with the labels to receive requests at localhost. - ```yaml {hl_lines=[7,8]} - services: - # … - client: - image: nginx:alpine - volumes: - - "./client:/usr/share/nginx/html" - labels: - traefik.http.routers.client.rule: "Host(`localhost`)" - ``` +{{< tabs >}} +{{< tab name="Using Docker Hardened Images" >}} + +If your organization mirrors the [Nginx DHI image](https://hub.docker.com/hardened-images/catalog/dhi/nginx), +you can use it as your base image as shown below: + +```yaml +services: + # … + client: + image: /dhi-nginx:1.29.3-alpine3.21 + volumes: + - "./client:/usr/share/nginx/html" + labels: + traefik.http.routers.client.rule: "Host(`localhost`)" +``` + +{{< /tab >}} +{{< tab name="Using the official image" >}} + +```yaml +services: + # … + client: + image: nginx:1.29.3-alpine3.22 + volumes: + - "./client:/usr/share/nginx/html" + labels: + traefik.http.routers.client.rule: "Host(`localhost`)" +``` + +{{< /tab >}} +{{< /tabs >}} 3. The api service has a similar configuration, but you’ll notice the routing rule has two conditions - the host must be “localhost” and the URL path must have a prefix of “/api”. Since this rule is more specific, Traefik will evaluate it first compared to the client rule. @@ -176,6 +273,26 @@ With this file, the only change is to the Compose configuration for Traefik. The 1. The configuration file is mounted into the Traefik container (the exact destination path is up to you) 2. The `command` is updated to add the file provider and point to the location of the configuration file +{{< tabs >}} +{{< tab name="Using DHI image" >}} + +```yaml +services: + proxy: + image: /dhi-traefik:3.6.2 + command: --providers.docker --providers.file.filename=/config/traefik-config.yaml --api.insecure + ports: + - 80:80 + - 8080:8080 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./dev/traefik-config.yaml:/config/traefik-config.yaml +``` + +{{< /tab >}} + +{{< tab name="Using official image" >}} + ```yaml services: proxy: @@ -189,6 +306,9 @@ services: - ./dev/traefik-config.yaml:/config/traefik-config.yaml ``` +{{< /tab >}} +{{< /tabs >}} + ### Starting the example app To run the example app that forwards requests from Traefik to native-running apps, use the following steps: From 83ae4b190e075cc0ca76e865b24a2486b2d6bd95 Mon Sep 17 00:00:00 2001 From: MohammadHasan Akbari <116190942+jarqvi@users.noreply.github.com> Date: Mon, 24 Nov 2025 20:46:08 +0000 Subject: [PATCH 2/5] fix: typo --- content/guides/traefik.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/guides/traefik.md b/content/guides/traefik.md index 5cd29ccc35d..34af8f4f6ff 100644 --- a/content/guides/traefik.md +++ b/content/guides/traefik.md @@ -47,7 +47,7 @@ Let’s do a quick demo of starting Traefik and then configuring two additional $ docker network create traefik-demo ``` -2. Start a Traefik container using one of the following methods. +2. Start a Traefik container using one of the following methods. These commands exposes Traefik on port 80, mounts the Docker socket (which is used to monitor containers to update configuration), and passes the `--providers.docker` argument to configure Traefik to use the Docker provider. {{< tabs >}} {{< tab name="Using Docker Hardened Images" >}} From 53e41109e0d1a41934f3a3f3cc5527d40e10fb91 Mon Sep 17 00:00:00 2001 From: MohammadHasan Akbari <116190942+jarqvi@users.noreply.github.com> Date: Mon, 24 Nov 2025 21:29:46 +0000 Subject: [PATCH 3/5] fix: validate --- content/guides/traefik.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/guides/traefik.md b/content/guides/traefik.md index 34af8f4f6ff..e1b4e73e22e 100644 --- a/content/guides/traefik.md +++ b/content/guides/traefik.md @@ -91,7 +91,7 @@ $ docker run -d --network=traefik-demo \ {{< tab name="Using Docker Hardened Images" >}} If your organization uses an [Nginx DHI image](https://hub.docker.com/hardened-images/catalog/dhi/nginx), -you can use the mirrored image name below. For example: +you can use the mirrored image name following. For example: ```console $ docker run -d --network=traefik-demo \ @@ -102,7 +102,7 @@ $ docker run -d --network=traefik-demo \ {{< /tab >}} {{< tab name="Using the official image" >}} -You can also run the official NGINX image as follows: +You can also run the official Nginx image as follows: ```console $ docker run -d --network=traefik-demo \ @@ -110,7 +110,7 @@ $ docker run -d --network=traefik-demo \ nginx:1.29.3 ``` -{{< /tab >}} +{{< /tab >}}g {{< /tabs >}} Once the container starts, open your browser to [http://nginx.localhost](http://nginx.localhost) to see the app (all Chromium-based browsers route \*.localhost requests locally with no additional setup). @@ -176,7 +176,7 @@ services: {{< tab name="Using Docker Hardened Images" >}} If your organization mirrors the [Nginx DHI image](https://hub.docker.com/hardened-images/catalog/dhi/nginx), -you can use it as your base image as shown below: +you can use it as your base image as shown following: ```yaml services: From 399839f76b86f64adf8a43b86e738ab2913bcce1 Mon Sep 17 00:00:00 2001 From: MohammadHasan Akbari <116190942+jarqvi@users.noreply.github.com> Date: Mon, 24 Nov 2025 21:33:35 +0000 Subject: [PATCH 4/5] fix: lint --- content/guides/traefik.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/content/guides/traefik.md b/content/guides/traefik.md index e1b4e73e22e..40eeabbb57f 100644 --- a/content/guides/traefik.md +++ b/content/guides/traefik.md @@ -41,6 +41,8 @@ While there are [many Traefik-monitored labels](https://doc.traefik.io/traefik/r Let’s do a quick demo of starting Traefik and then configuring two additional containers to be accessible using different hostnames. + + 1. In order for two containers to be able to communicate with each other, they need to be on the same network. Create a network named `traefik-demo` using the `docker network create` command: ```console @@ -123,6 +125,8 @@ $ docker run -d --network=traefik-demo \ Once the container starts, open your browser to http://welcome.localhost. You should see a “Welcome to Docker” website. + + ## Using Traefik in development Now that you’ve experienced Traefik, it’s time to try using it in a development environment. In this example, you will use a sample application that has a split frontend and backend. This app stack has the following configuration: @@ -135,6 +139,8 @@ Now that you’ve experienced Traefik, it’s time to try using it in a developm The application can be accessed on GitHub at [dockersamples/easy-http-routing-with-traefik](https://github.com/dockersamples/easy-http-routing-with-traefik). + + 1. In the `compose.yaml` file, Traefik is using the following configuration: {{< tabs >}} @@ -237,6 +243,8 @@ services: And that’s it. Now, you only need to spin up the Compose stack with a `docker compose up` and all of the services and applications will be ready for development. + + ## Sending traffic to non-containerized workloads In some situations, you may want to forward requests to applications not running in containers. In the following architecture diagram, the same application from before is used, but the API and React apps are now running natively on the host machine. @@ -270,6 +278,8 @@ This configuration indicates that requests that for `localhost/api` will be forw With this file, the only change is to the Compose configuration for Traefik. There are specifically two things that have changed: + + 1. The configuration file is mounted into the Traefik container (the exact destination path is up to you) 2. The `command` is updated to add the file provider and point to the location of the configuration file @@ -309,6 +319,8 @@ services: {{< /tab >}} {{< /tabs >}} + + ### Starting the example app To run the example app that forwards requests from Traefik to native-running apps, use the following steps: From 83778d142394633b68ab0d6a2026813e2beee1bb Mon Sep 17 00:00:00 2001 From: MohammadHasan Akbari <116190942+jarqvi@users.noreply.github.com> Date: Tue, 25 Nov 2025 17:47:35 +0000 Subject: [PATCH 5/5] fix: typo --- content/guides/traefik.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/guides/traefik.md b/content/guides/traefik.md index 40eeabbb57f..ae67f338b06 100644 --- a/content/guides/traefik.md +++ b/content/guides/traefik.md @@ -112,7 +112,7 @@ $ docker run -d --network=traefik-demo \ nginx:1.29.3 ``` -{{< /tab >}}g +{{< /tab >}} {{< /tabs >}} Once the container starts, open your browser to [http://nginx.localhost](http://nginx.localhost) to see the app (all Chromium-based browsers route \*.localhost requests locally with no additional setup).