Traefik - Configure Ping Endpoint
Before, we learned how to deploy Traefik, but now we will extend that knowledge to learn how to
apply a few configuration changes so that we can hit a /ping endpoint just to check whether the proxy is up or not.
This will allow our monitoring services like Uptime Kuma,
to let us know if the proxy has gone down, rather than just any of the underlying sites.
Steps
Update Docker Compose File
We are going to have the ping endpoint run on a separate port to make things easier,
so there is no worry about mixing it up with the normal web traffic on port 80/44s and possibly any other authentication/middleware etc.
Thus we need to update our docker-compose.yml file to open up port 8082.
# ...
services:
reverse-proxy:
container_name: traefik
image: traefik:v2.8
restart: unless-stopped
networks:
- traefik-net
ports:
- "80:80" # "web" HTTP listener
- "443:443" # "websecure" SSL listener
- "8080:8080" # Traefik dashboard
- "8082:8082" # Traefik /ping
volumes:
# ...
Update Static Configuration File
Now we need to update our static configuration file to tell it about ping.
This involves adding ping to the entryPoints block, as well as adding its own root level section like api, as shown in the snippet below.
global:
checkNewVersion: true
sendAnonymousUsage: false
entryPoints:
web:
address: :80
websecure:
address: :443
ping:
address: :8082
# other stuff...
api:
insecure: false
dashboard: true
ping:
entryPoint: ping
manualRouting: true
providers:
# more stuff...
manualRouting so that we can configure various options in the routing of the dynamic-conf.yml file later.
The PHP generator code would have:
$arrayForm = [
'entryPoints' => [
'web' => [
'address' => ":80",
],
'websecure' => [
'address' => ":443"
],
'ping' => [
'address' => ":8082"
]
],
'api' => [
'insecure' => false,
'dashboard' => true,
],
'ping' => [
'entryPoint' => 'ping',
'manualRouting' => true,
],
# other stuff....
];
Update Dynamic Config
Finally, we need to update oiur dynamic-conf.yml file with the ping router that we referred to in the static config earlier.
Here I am stating that I want it to respond on the ping entrypoint (which specifies port 8082), and that it should listen for the FQDN we gave for traefik itself, and localhost, on the /ping path.
tls:
stores:
default:
defaultCertificate:
certFile: /ssl/site.crt
keyFile: /ssl/private.pem
# Securing the dashboard with HTTP auth according to https://bit.ly/3fxKdJq
http:
routers:
dashboard:
rule: (Host(`localhost`) || Host(`traefik.mydomain.com`)) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
service: api@internal
tls: {} # Enables TLS
middlewares:
- auth
# Expose a ping endpoint, for healthcheck services to check traefik is still up.
ping:
rule: "(Host(`localhost`) || Host(`traefik.mydomain.com`)) && PathPrefix(`/ping`)"
service: "ping@internal"
tls: {}
entryPoints:
- ping
middlewares:
# other stuff...
tls {} tells it to use the default TLS certificate store, because I am using a wildcard.
Test
Now re-deploy traefik, and you should be able to hit the ping endpoint in your browser at https://traefik.mydomain.com:8082/ping, which responds with the body OK on a 200 HTTP status code.
This is the case even if you have HTTP basic auth configured on the normal web routing as I have.
First published: 29th June 2023
