undefined | Better HN

0 points3np5y ago0 comments

I'm doing exactly that, actually!

Two bastion hosts/lbs sharing a virtual IP (keepalived), with two Traefik instances each (private and public). I actually schedule them through Nomad (on the host network interfaces) as well - since they solved the host networking issue I mentioned above it's properly set up with service checks. Super smooth to add and change services with consul catalog, and ACME-TLS included.

Things I don't like that make me want to try envoy instead:

* It eats A LOT of CPU once number of peers ramp up - there's an issue on their GH that this seems to have been introduced in 2.1.

* UDP is completely broken. For the time being I'm doing per-job nginxes for that until I have a better solution.

* It's very brittle. Did you ever misspell the wrong thing in your label? If so you probably also wondered why half of your services all stopped working as Traefik arbitrarily let it hijack everything.

* The thing I metioned above with Consul Connect. Each service can integrate with either but not both.

It was great for months though, but I guess I grew out of it just by the time I started properly understanding how all the configuration actually works (:

0 comments

GordonS5y ago

I recently setup Traefik 2.x to front a self-hosted Docker Registry, with automated Let's Encrypt renewals - I found the config to be really unintuitive and confusing! It feels like an awful lot of really finicky config for such a simply setup. Next time I'll try something else.

64mb5y ago

Traefik v1 is much simpler, v2 seemed to introduce so many extra layers which makes the simple stuff harder.

rugwirobaker5y ago

Caddy v2 seems to be doing something right although I don't think it comes with the same number of features out of the box. Plus it's more of http reverse proxy.

j / k navigate · click thread line to collapse