Traefik

Traefik overview

Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.

It can route HTTP requests like Zuul, so it has some overlap with a JHipster gateway, but it works on a lower level than an API Gateway: it only routes HTTP requests and does not provide rate limiting, security or Swagger documentation aggregation.

One of the benefits of Traefik is that is can work with many different service discovery solutions: with JHipster, however, it only works with Consul by default.

It can be used in two different architecture styles, described below.

Architecture diagram 1: default configuration

As Traefik is a reverse proxy and load balancer, it supercedes Zuul, and it routes directly all HTTP requests to the correct service.

Diagram

In that architecture, a JHipster “gateway” is not a real gateway anymore, it is mostly here to serve the Angular application.

This is our default configuration.

Architecture diagram 2: Traefik and Zuul

Traefik can also work with Zuul: in that case, an HTTP request to a microservice goes through Traefik and then through Zuul before reaching its destination.

Diagram

This makes one more network request, and thus is less efficient than the previous architecture. However, this allows to use a JHipster gateway to its full potential: it can handle rate limiting or Swagger documentation aggregation.

As a result, Traefik can be used as an edge service, which allows to scale JHipster gateways.

This configuration works out-of-the-box with JHipster: the only issue is that client-side applications use an absolute URL, so for example, for “microservice1”:

  • The default URL is “/services/microservice1”, which goes only through Traefik (this is the “default configuration” above).
  • The “/services/gateway/microservice1” URL would use the “gateway” application configured in Traefik, which would then use Zuul to reach the “microservice1” application.

Getting started

Please note that Traefik only works with Consul, so this cannot work if you use a JHipster Registry.

To use Traefik in a microservice architecture, run the docker-compose sub-generator and select Traefik when you have the question asking you which gateway you want to use.

This will generate a traefik.yml configuration for running Traefik in Docker, as well as a traefik/traefik.toml file, which is Traefik’s configuration file.

This configuration file is set up so that:

As Traefik is using Consul, it will also be useful to check the Consul administration UI, which is available on port 8500: http://localhost:8500.

Configure your Base HREF

Before building the gateway’s Docker image, you will need to configure the base attribute value in the webpack.common.js to match the gateway base name. For example, if the gateway base name is gateway, the base attribute value should be /services/gateway/.

Configure for OAuth 2.0

If you have separated the frontend and the api, you don’t need to perform additional configuration locally. Use npm start and go to http://localhost:9000

Before building the gateway’s Docker image, it is necessary to Configure your Base HREF and update various files.

Server

In src/main/java/.../config/SecurityConfiguration.java, you have to change the defaultSuccessUrl in spring. For example, if the gateway base name is gateway, under .oauth2Login() you have to add .defaultSuccessUrl("/services/gateway/").

To handle oauth2 redirection, you need to change default spring.security.oauth2.client.registration.oidc.redirect-uri in spring application.yml configuration file. For example, if the gateway base name is gateway, you have to add redirect-uri as below :

oauth2:
    client:
    registration:
        oidc:
        # replace 'gateway' by the gateway base name
        redirect-uri: "{baseUrl}/services/gateway/login/oauth2/code/{registrationId}"

You can now launch all your infrastructure by running docker-compose up -d.