Image 1: Laradock and traefik
Developing with Laravel feels great and comfortable due to the nice ecosystem. With Homestead or Valet (but only for Mac) one gets a ready to go development environment.
With Docker, however, it has become even more comfortable, at the latest with Laradock. Not only can the individual services be switched on and off quickly, but many configurations or environments can also be managed like with git.
But there is also a small disadvantage here - you use localhost:port to access the respective service. You can also add something to the hosts file (e.g. laradock.local), but the ports remain. Although there are entries in the docker-compose.yml for proxy, varnish and more, I wondered why traefik is missing here.
Why it could be quite useful for us, I describe in the further process. But first we make a small jump to DNS.
DNS
A website or SaaS is usually available under a domain such as audk.at. If it is a larger project, there may also be something like testing.audk.at or staging.audk.at. Locally, however, something like audk.dev or audk.local is often used. Why not *.dev.audk.at actually? We can enter 127.0.0.1 and also work with real Let’s Encrypt certificates! Fine thing, let’s do that.
For this I use docker to get a wildcard certificate manually via LE.
$ docker run -it --rm --name letsencrypt \
-v "$PWD/le/config:/etc/letsencrypt" \
-v "$PWD/le/work:/var/lib/letsencrypt" \
quay.io/letsencrypt/letsencrypt:latest \
certonly \
-d dev.audk.at \
-d *.dev.audk.at \
--manual \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory
Once this is done successfully, you can use it with traefik.
Hint: If you have your domain with certain providers who also offer an API, this process can be automated with traefik.
Traefik
Let’s define a docker-compose.yml with traefik as our LB. Here we also specify the subdomain under which the dashboard is accessible.
version: '3'
services:
traefik:
image: traefik:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- $PWD/le/config/live/dev.audk.at/cert.pem:/cert.pem
- $PWD/le/config//live/dev.audk.at/privkey.pem:/key.pem
ports:
- "80:80"
- "443:443"
networks:
- proxy
labels:
- "traefik.port=8080"
- "traefik.enable=true"
- "traefik.frontend.rule=Host:lb.dev.audk.at"
- "traefik.docker.network=proxy"
networks:
proxy:
external:
name: proxy
Hint: The network proxy was created before
Laradock
As soon as we have the LB running, we can start the individual services with Laradock. Please note that you don’t use ports 80/443 in the .env anymore, because they are used by the LB. But if we now start the services as described, that doesn’t really help us much. Under which subdomain would the individual service such as nginx or mailhog be accessible? First, think that changes to the docker-compose.yml in the laradock folder would be necessary. However, we remember that you can also extend the configurations. So you create a docker-compose.override.yml in the laradock folder (or in your own dev-repo, here you are free). The content can look something like this:
version: '3'
networks:
proxy:
external: true
services:
### NGINX Server #####################################################
nginx:
networks:
- proxy
labels:
- "traefik.port=80"
- "traefik.enable=true"
- "traefik.frontend.rule=Host:api.dev.audk.at"
- "traefik.docker.network=proxy"
...
However, the services are now started a bit differently with (e.g.) docker-compose -f docker-compose.yml -f docker-compose.override.yml up -d nginx postgres redis mailhog. Now you can either open your browser and type https://api.dev.audk.at or access an API via HTTPS with Postman.
Hint: In the docker-compose.override.yml also other additional services can be defined, e.g. Keycloak