Hawiyat

Domains

This comprehensive guide explains how to configure domain routing for your Docker Compose applications using Hawiyat's infrastructure. You'll learn advanced domain configuration techniques, SSL/TLS setup, and best practices for production deployments.

Overview

When configuring domains in a Docker Compose environment, you'll need to understand several key components:

Core Components

  1. Hawiyat Network: A managed overlay network that enables service discovery and load balancing
  2. Traefik Integration: An advanced reverse proxy that handles routing, SSL termination, and load balancing
  3. DNS Configuration: Setting up proper DNS records for your domains
  4. SSL/TLS Certificates: Automatic certificate generation and renewal

Key Benefits

  • Automatic SSL certificate management
  • Zero-downtime deployments
  • Built-in load balancing
  • Service discovery
  • Health checking
  • Metrics and monitoring

Prerequisites

  • A Hawiyat account with appropriate permissions
  • Basic understanding of DNS and networking concepts
  • Familiarity with Docker Compose
  • One or more registered domains

Implementation Steps

  1. Add your services to the hawiyat-network for proper service discovery
  2. Configure Traefik labels for intelligent routing
  3. Set up SSL/TLS certificates
  4. Configure DNS records

Example Scenario

Let's consider an application with three components: a frontend, a backend, and a database. We'll start with a basic Docker Compose file and then enhance it with domain configuration.

version: '3.8'
 
services:
  frontend:
    build:
      context: ./frontend
      dockerfile: Dockerfile
    volumes:
      - ./frontend:/app
    ports:
      - "3000:3000"
    depends_on:
      - backend
 
  backend:
    build:
      context: ./backend
      dockerfile: Dockerfile
    volumes:
      - ./backend:/app
    ports:
      - "5000:5000"
    environment:
      - DATABASE_URL=postgres://postgres:password@database:5432/mydatabase
    depends_on:
      - database
 
  database:
    image: postgres:13
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: password
      POSTGRES_DB: mydatabase
    volumes:
      - db-data:/var/lib/postgresql/data
 
volumes:
  db-data:

Step 1: Add the Network

First, we'll add the hawiyat-network to our services:

version: '3.8'
 
services:
  frontend:
    # ... (previous configuration)
    networks:
      - hawiyat-network
 
  backend:
    # ... (previous configuration)
    networks:
      - hawiyat-network
 
  database:
    # ... (previous configuration)
    networks:
      - hawiyat-network
 
volumes:
  db-data:
 
networks:
  hawiyat-network:
    external: true

Step 2: Configuring Traefik Labels

Now, let's add Traefik labels to route domains to our services. We'll focus on the frontend and backend services:

version: '3.8'
 
services:
  frontend:
    build:
      context: ./frontend
      dockerfile: Dockerfile
    volumes:
      - ./frontend:/app
    expose:
      - 3000
    depends_on:
      - backend
    networks:
      - hawiyat-network
    labels:
      - traefik.enable=true
      - traefik.http.routers.frontend-app.rule=Host(`frontend.hawiyat.com`)
      - traefik.http.routers.frontend-app.entrypoints=web
      - traefik.http.services.frontend-app.loadbalancer.server.port=3000
 
  backend:
    build:
      context: ./backend
      dockerfile: Dockerfile
    volumes:
      - ./backend:/app
    expose:
      - 5000
    environment:
      - DATABASE_URL=postgres://postgres:password@database:5432/mydatabase
    depends_on:
      - database
    networks:
      - hawiyat-network
    labels:
      - traefik.enable=true
      - traefik.http.routers.backend-app.rule=Host(`backend.hawiyat.com`)
      - traefik.http.routers.backend-app.entrypoints=web
      - traefik.http.services.backend-app.loadbalancer.server.port=5000
 
  database:
    # ... (same as before)
 
volumes:
  db-data:
 
networks:
  hawiyat-network:
    external: true

Understanding Traefik Configuration

Label Architecture

Traefik uses a label-based configuration system that provides fine-grained control over routing, middleware, and load balancing. Here's a detailed breakdown of each label:

  1. Service Enablement

    traefik.enable=true
    • Activates Traefik routing for the service
    • Required for all services that need routing
    • Can be disabled for internal services

  2. Domain Configuration

    traefik.http.routers.<UNIQUE-RULE>.rule=Host(`your-domain.hawiyat.com`)
    • Defines the domain routing rule
    • Supports multiple domains using OR: Host(domain1.com) || Host(domain2.com)
    • Allows path-based routing: Host(api.domain.com) && PathPrefix(/v1)

  3. Entrypoint Configuration

    traefik.http.routers.<UNIQUE-RULE>.entrypoints=web
    • Defines the network entry point
    • Common values: web (HTTP), websecure (HTTPS)
    • Can specify multiple entrypoints for different protocols

  4. Load Balancer Configuration

    traefik.http.services.<UNIQUE-RULE>.loadbalancer.server.port=3000
    • Specifies the internal service port
    • Supports sticky sessions and health checks
    • Can configure load balancing algorithms

Advanced Label Options

  1. Middleware Configuration

    traefik.http.routers.<UNIQUE-RULE>.middlewares=rate-limit@file
    • Apply transformations to requests/responses
    • Examples: authentication, rate limiting, headers

  2. TLS Configuration

    traefik.http.routers.<UNIQUE-RULE>.tls.certresolver=letsencrypt
    • Enables automatic SSL/TLS certificate management
    • Supports multiple certificate resolvers

Important: Replace <UNIQUE-RULE> with a descriptive, unique identifier for each service (e.g., frontend-app, backend-api, admin-dashboard). Use consistent naming across related labels.

Production Best Practices

Security Considerations

  1. Port Management

    • Use expose instead of ports for internal service communication
    • Avoid exposing unnecessary ports to the host
    • Implement proper network segmentation
    services:
  api:
    expose:
      - "8080"  # Only exposed internally

  2. SSL/TLS Configuration

    • Always use HTTPS in production
    • Enable automatic certificate renewal
    • Configure proper SSL ciphers
    labels:
  - traefik.http.routers.myapp.tls=true
  - traefik.http.routers.myapp.tls.certresolver=letsencrypt
  - traefik.http.routers.myapp.tls.options=modern@file

  3. Network Security

    • Use internal networks for service-to-service communication
    • Implement proper access controls
    • Enable rate limiting for public endpoints
    labels:
  - traefik.http.middlewares.rate-limit.ratelimit.average=100
  - traefik.http.middlewares.rate-limit.ratelimit.burst=50

DNS Configuration

  1. Record Types

    • Create A records pointing to Hawiyat's infrastructure
    • Use CNAME records for subdomains
    • Consider CAA records for certificate authority restrictions

  2. DNS Propagation

    • Allow time for DNS changes to propagate (usually 0-48 hours)
    • Use DNS checking tools to verify propagation
    • Configure appropriate TTL values

  3. Monitoring

    • Set up DNS monitoring
    • Configure alerts for DNS issues
    • Regular DNS health checks

Deployment Strategies

  1. Zero-Downtime Deployment

    • Use rolling updates
    • Implement health checks
    • Configure proper update delays
    deploy:
  update_config:
    order: start-first
    failure_action: rollback
    delay: 10s

  2. Monitoring and Logging

    • Enable Traefik access logs
    • Configure application logging
    • Set up metrics collection
    labels:
  - traefik.http.middlewares.logger.accesslog=true
  - traefik.http.middlewares.logger.accesslog.format=json

  3. Scaling Considerations

    • Configure proper resource limits
    • Implement load balancing
    • Use Docker Compose v3+ features
    deploy:
  resources:
    limits:
      cpus: '0.50'
      memory: 512M
  replicas: 3

Advanced Configuration and Troubleshooting

SSL/TLS Certificate Management

  1. Automatic Certificate Generation

    • Let's Encrypt integration
    • Certificate renewal automation
    • Multiple domain support
    labels:
  - traefik.http.routers.myapp.tls.certresolver=letsencrypt
  - traefik.http.routers.myapp.tls.domains[0].main=example.com
  - traefik.http.routers.myapp.tls.domains[0].sans=*.example.com

  2. Manual Certificate Configuration

    • Custom certificate support
    • Certificate chain configuration
    • Private key management

Common Issues and Solutions

  1. Certificate Problems

    • Check DNS configuration
    • Verify domain ownership
    • Review Traefik logs
    # View Traefik logs
docker logs traefik-proxy

  2. Routing Issues

    • Validate label configuration
    • Check network connectivity
    • Verify service health

  3. Performance Optimization

    • Configure caching
    • Implement compression
    • Enable HTTP/2
    labels:
  - traefik.http.middlewares.compress.compress=true
  - traefik.http.middlewares.cache.headers.customresponseheaders.Cache-Control=public,max-age=3600

Additional Resources

For more detailed information and advanced configurations, refer to:

  1. SSL Certificate Management

    • Deep dive into certificate types
    • Advanced SSL configuration
    • Security best practices

  2. Docker Compose Domain Setup

    • Complete domain configuration
    • Advanced routing scenarios
    • Production deployment guides

  3. Example Implementations

    • Real-world configurations
    • Best practices examples
    • Common patterns

Community and Support

Previous

Automated Deployment System

Next

Example

On this page

OverviewCore ComponentsKey BenefitsPrerequisitesImplementation StepsStep 1: Add the NetworkUnderstanding Traefik ConfigurationLabel ArchitectureAdvanced Label OptionsProduction Best PracticesSecurity ConsiderationsDNS ConfigurationDeployment StrategiesAdvanced Configuration and TroubleshootingSSL/TLS Certificate ManagementCommon Issues and SolutionsAdditional ResourcesCommunity and Support