Go app with https, nomand consul traefik

I have a go app that i need to run multiple instances under separate subdomains, i have a working nomad consul setup and got the go app to run and is accessible via a fixed ip address and dedicated port. But i am stuck on how to make it work with the unique subdomains and working https. So what i’m looking for is like
app1 runs on https://app1.example.com
app2 runs on https://app2.example.com
I tried to use traefic (got it running as a job), DNSmasq but i havent got the above to work.

Any help would be much appriciated.

Hi @goudsmit,

Traefik supports integrating with Consul through its Consul Catalog provider. See Load Balancing with Traefik | Nomad - HashiCorp Learn for an example of how to configure this when running Traefik on Nomad.

The example in that tutorial configures the tag traefik.http.routers.http.rule=Path('/myapp') on the service so that requests for /myapp are routed to the backend service instance. In your case, you’ll need to modify this to match on the HTTP Host header instead. For example:

tags = [
  "traefik.enable=true",
  "traefik.http.routers.http.rule=Host(`app1.example.com`)",
]

See https://doc.traefik.io/traefik/routing/routers/#rule for a full list of supported rules.

Hi Blake,

I followed the first link before posting, but i didnt grasped that i could change the value to a url. Thanks i’ll try this.

I presume i need to get the https to work through traefik as well?

Yes, if you want to terminate TLS at Traefik then you’ll need to configure it with an HTTPS listener.

Ok i got it to work : )
I followed this guide and that gave the desired result

I still have one remaining issue:
So i have nomad / consul and traefic working. Ssl is working and domain names are working
My app makes use of the rtmp port 1935
This is my traefic nomad file is:

job 'traefic' {
region      = "global"
  datacenters = ["dc1"]
  type        = "system"

  group "traefik" {
    task "traefik" {
      driver = "docker"

      config {
        image        = "traefik:v2.2"
        network_mode = "host"

        volumes = [
          "local/traefik.toml:/etc/traefik/traefik.toml",
        ]
      }

      template {
        data = <<EOF
[entryPoints]
    [entryPoints.http]
    address = ":80"

    [entryPoints.traefik]
    address = ":8081"

    [entryPoints.rtmp]
    address = ":1935"

    [entryPoints.websecure]
    address = ":443"

    [certificatesResolvers.myresolver.acme]
    email = "bla@bla.eu"
    storage = "acme.json"

    [certificatesResolvers.myresolver.acme.httpChallenge]
      # used during the challenge
      entryPoint = "http"

      [api]
      dashboard = true
      insecure  = true# Enable Consul Catalog configuration backend.

      [providers.consulCatalog]
      prefix           = "traefik"
      exposedByDefault = false

      [providers.consulCatalog.endpoint]
        address = "127.0.0.1:8500"
        scheme  = "http"
EOF
destination = "local/traefik.toml"
      }

      resources {
        cpu    = 100
        memory = 128

        network {
          port "http" {
            static = 80
          }

          port "https" {
            static = 443
          }

          port "api" {
            static = 8081
          }
        }
      }

      service {
        name = "traefik"

        check {
          name     = "alive"
          type     = "tcp"
          port     = "http"
          interval = "10s"
          timeout  = "2s"
        }
      }
    }
  }
}

and my app nomad file is

job "webapp" {
	# Which region are you running your job
	datacenters = ["dc1"]
	
	type = "service"

  group "web" {
		count = 1
    network {
      port "frontendPort" { to = 8080 }
      port "rtmpPort" { to = 1935 }
    }
		task "server" {
			# The driver used to manage the containers
      driver = "docker"
      config {
          # Image we want to pull
          image = ".../..." 
          ports = ["frontendPort", "rtmpPort"]
      }
      service {
        name = "webapp"
        port = "frontendPort"
        tags = [
          "traefik.enable=true",
          "traefik.http.routers.demowebapp2-https.tls=true",
          "traefik.http.routers.demowebapp2-https.rule=Host(`......`)",
          "traefik.http.routers.demowebapp2-https.tls.certresolver=myresolver",
          "traefik.http.routers.demowebapp2-https.tls.domains[0].main=.....",
          "traefik.http.routers.demowebapp2-http.rule=Host(`......`)",
        ]
        check {
          port     = "frontendPort"
          type     = "http"
          path     = "/"
          interval = "2s"
          timeout  = "2s"
        }
      }    
    }
	}
}

But it doesnt react to the rtmp request.

Any ideas where to look?

RTMP uses TCP as the transport protocol. I believe you just need to add a few additional tags to your Nomad job spec to configure Traefik to route port 1935 to your application. Something like this might work.

tags = [
  <existing tags>
  "traefik.tcp.routers.rtmprouter.entrypoints=rtmp",
  "traefik.tcp.services.rtmpservice.loadbalancer.server.port=1935"
]

I haven’t tested this config. I’m just making some assumptions based off of the docs at https://doc.traefik.io/traefik/routing/providers/consul-catalog/#tcp. I recommend reading through that page to get a better understanding of what’s needed to proxy TCP services.

Cool! will do. i’ll give feedback if it works

frustrating, i tried your solution and also extended it:

          "traefik.tcp.routers.rtmpcast.rule=HostSNI(`*`)",
          "traefik.tcp.routers.rtmpcast.entrypoints=rtmp",
          "traefik.tcp.services.rtmpcast.loadbalancer.server.port=1935",

but it still doenst resolve properly. I’ve read many other articles but nobody is explaining the use for rtmp, so weird.
I also added udp to the traefik toml file. this didnt help either.

If you have any other ideas?

Hi @goudsmit,

I’m not sure why this isn’t working. Considering this is probably an issue with Traefik’s configuration, you might have better luck getting support for this on Traefik’s community forum at https://community.traefik.io/.