One of the safest ways to access the services we have on the local network, without having to open the corresponding port on our router and exposing it to the dangers of the Internet, is to use a reverse proxy to do this. A reverse proxy consists of software that we install on the local network, we open HTTPS port 443 to allow connections from the Internet, and, depending on the domain we request, the reverse proxy will take us to one service or another. Of course, we can apply quite interesting security measures such as additional authentication, filtering by source IP and country, etc. Traefik is one of the best software you can use for this, and now they have announced that they already have the Traefik Proxy v3.0 version in a “candidate” version, just the step before the final stable version. Do you want to know all the new features they have incorporated?
Currently we can use different software and techniques to access local network services from the Internet; some options are safer than others, and they also have their strengths and weaknesses. Setting up a reverse proxy is a very safe option, although the weak point is the configuration, since it is necessary to have certain knowledge of networks and systems to be able to implement it. Nowadays there are two reverse proxies that are widely used, the first is Traefik and the second is Nginx Proxy Manager.
What’s new in the new version Traefik Proxy v3.0
The Traefik v2.0 version has been a before and after in this software, and it is really popular, both for home users with a NAS and who want to access all services from abroad, as well as for professional users or companies. They use a reverse proxy to reach the services they want. It must be taken into account that we can access both with subdomains and through different URL addresses, and the Reverse Proxy itself will take us to one service or another. It is not only compatible with the HTTP and HTTPS protocols, but also directly with TCP in order to forward the information to other protocols that use TCP. In the following image, you can see the operating architecture of Traefik:
This new version of Traefik incorporates totally new features, since they are emerging technologies that will soon be used massively:
- WebAssembly (Wasm): This extension technology will be available in the latest version of the popular reverse proxy, and Wasm provides a standard ABI designed to match the HTTP handler mechanism built into Go. Now we can use this technology to develop accessories for Traefik, and all this in a much easier way.
- OpenTelemetry: serves to view all metrics centrally, in fact, Traefik has stopped supporting previous standards to focus on this one. Thanks to this feature, we can see all the records in a standard way, to have something “standard”. Also, remember that Traefik already supports several monitoring systems such as Datadog, Prometheus and many others.
- Kubernetes Gateway API: Now the latest version of Traefik supports the Gateway API which is now official.
Of course, the development team has also focused on continuing to provide maximum security and service routing, in addition, they have revamped some important parts of this routing, and have also added support for the following:
- HTTP/3 protocol: we must remember that this HTTP/3 protocol is no longer based on TCP for the transport layer, but is based on UDP (QUIC specifically). It has many built-in improvements, such as higher performance, faster connection establishment, simpler and equally secure encryption, etc.
- SPIFFE (Secure Production Identity Framework For Everyone Project): Defines a framework and set of standards to identify and protect communications between application services. Although Traefik’s syntax for routing was very powerful, they discovered that some parts could be improved and unified further to improve the user experience.
- Tailscale: If you need to protect websites within a Tailscale network, Traefik will now be able to request TLS certificates from the Tailscale API (with Let’s Encrypt certificates). This functionality is very interesting. Additionally, support has been added for the Brotli compression algorithm and SNI routing has been incorporated with Postgres STARTTLS.
- Support for gRPC: gRPC is the new protocol based on the popular RPC, so now we can use it and it also has interesting windows such as bidirectional streaming, flow control, cancellation and timeouts.
The Traefik development team knows that migrating from one version to another means knowing in detail all the changes and the new syntax. They have provided a complete migration guide to make the upgrade much easier, and have even made sure to greatly simplify the process of transitioning from version 2 to version 3, ensuring compatibility with the version 2 syntax, and at the same time, offer support for version 3 syntax moving forward.
