[{"data":1,"prerenderedAt":218},["ShallowReactive",2],{"nav-stories":3,"footer-stories":61,"project-traefik-mesh":74},[4,16,25,34,43,52],{"id":5,"color":6,"extension":7,"image":8,"label":9,"link":10,"meta":11,"order":12,"stem":13,"text":14,"__hash__":15},"stories\u002Fstories\u002F01-data-center.yml",null,"yml","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1558494949-ef010cbdcc31?w=1080","DATA_CENTER","https:\u002F\u002Fx.com\u002Fabbeytetteh_",{},1,"stories\u002F01-data-center","Racking new servers. 40gbit backbone online.","0QUZQbaANhdO8WemZxkDdO7vbVopfnynHtH9FxBZb_w",{"id":17,"color":6,"extension":7,"image":18,"label":19,"link":6,"meta":20,"order":21,"stem":22,"text":23,"__hash__":24},"stories\u002Fstories\u002F02-thoughts.yml","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1498050108023-c5249f4df085?w=1080","THOUGHTS",{},2,"stories\u002F02-thoughts","Late night bug hunting. Found the memory leak.","Gd1am954aasY6HRHD7hCtOuessXb6zYZ8iizS501ICg",{"id":26,"color":27,"extension":7,"image":6,"label":28,"link":6,"meta":29,"order":30,"stem":31,"text":32,"__hash__":33},"stories\u002Fstories\u002F03-coding.yml","#3b82f6","CODING",{},3,"stories\u002F03-coding","Just thinking about how much easier life is with Swarm.","vLAyiGUPtlXB2SHa5KM_U2AaK4QkG3Og85UEUE7qzgM",{"id":35,"color":6,"extension":7,"image":36,"label":37,"link":6,"meta":38,"order":39,"stem":40,"text":41,"__hash__":42},"stories\u002Fstories\u002F04-update.yml","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1591799264318-7e6ef8ddb7ea?w=1080","UPDATE",{},4,"stories\u002F04-update","New cluster nodes arrived. Prepping for installation.","kyT60N5C6Re_jMonZbgNy0PbQhzXmUWxDbD0D_v43ts",{"id":44,"color":45,"extension":7,"image":6,"label":46,"link":6,"meta":47,"order":48,"stem":49,"text":50,"__hash__":51},"stories\u002Fstories\u002F05-setup.yml","#86868b","SETUP",{},5,"stories\u002F05-setup","Optimizing the telemetry pipeline for 1M req\u002Fs.","cPOBkzoyXsCmPgRO2d80Hj3vm4MP-6nAejtlQ5iuSzw",{"id":53,"color":6,"extension":7,"image":54,"label":55,"link":6,"meta":56,"order":57,"stem":58,"text":59,"__hash__":60},"stories\u002Fstories\u002F06-travel.yml","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1560969184-10fe8719e047?w=1080","TRAVEL",{},6,"stories\u002F06-travel","Travel log — system architecture workshop in Berlin.","jnOxerdF6usAIHdR35Z-opx0LJAy9kZluXnZhtz62Z0",[62,64,66,68,70,72],{"id":5,"color":6,"extension":7,"image":8,"label":9,"link":10,"meta":63,"order":12,"stem":13,"text":14,"__hash__":15},{},{"id":17,"color":6,"extension":7,"image":18,"label":19,"link":6,"meta":65,"order":21,"stem":22,"text":23,"__hash__":24},{},{"id":26,"color":27,"extension":7,"image":6,"label":28,"link":6,"meta":67,"order":30,"stem":31,"text":32,"__hash__":33},{},{"id":35,"color":6,"extension":7,"image":36,"label":37,"link":6,"meta":69,"order":39,"stem":40,"text":41,"__hash__":42},{},{"id":44,"color":45,"extension":7,"image":6,"label":46,"link":6,"meta":71,"order":48,"stem":49,"text":50,"__hash__":51},{},{"id":53,"color":6,"extension":7,"image":54,"label":55,"link":6,"meta":73,"order":57,"stem":58,"text":59,"__hash__":60},{},{"id":75,"title":76,"body":77,"description":205,"extension":206,"hash":207,"liveUrl":6,"meta":208,"navigation":209,"order":30,"path":210,"rackBay":211,"rackStatus":212,"region":213,"seo":214,"stem":215,"thumbnail":216,"vault":209,"__hash__":217},"projects\u002Fprojects\u002Ftraefik-mesh.md","Traefik Mesh",{"type":78,"value":79,"toc":200},"minimark",[80,84,89,92,182,186,189,193,196],[81,82,83],"p",{},"Traefik Mesh is the ingress and internal routing layer for the production service cluster. It handles TLS termination, per-service rate limiting, and request authentication via a forward-auth middleware chain backed by Keycloak.",[85,86,88],"h2",{"id":87},"ingress-configuration","Ingress Configuration",[81,90,91],{},"All services are declared via Docker labels, making the routing configuration live alongside the service definition in the compose stack:",[93,94,99],"pre",{"className":95,"code":96,"language":97,"meta":98,"style":98},"language-yaml shiki shiki-themes vitesse-light","deploy:\n  labels:\n    - \"traefik.enable=true\"\n    - \"traefik.http.routers.api.rule=Host(`api.example.com`)\"\n    - \"traefik.http.routers.api.tls.certresolver=letsencrypt\"\n    - \"traefik.http.middlewares.auth.forwardauth.address=http:\u002F\u002Fauth-service\u002Fverify\"\n    - \"traefik.http.routers.api.middlewares=auth@docker\"\n","yaml","",[100,101,102,114,121,137,148,159,170],"code",{"__ignoreMap":98},[103,104,106,110],"span",{"class":105,"line":12},"line",[103,107,109],{"class":108},"su6XF","deploy",[103,111,113],{"class":112},"sYZai",":\n",[103,115,116,119],{"class":105,"line":21},[103,117,118],{"class":108},"  labels",[103,120,113],{"class":112},[103,122,123,126,130,134],{"class":105,"line":30},[103,124,125],{"class":112},"    -",[103,127,129],{"class":128},"sSP4y"," \"",[103,131,133],{"class":132},"spphp","traefik.enable=true",[103,135,136],{"class":128},"\"\n",[103,138,139,141,143,146],{"class":105,"line":39},[103,140,125],{"class":112},[103,142,129],{"class":128},[103,144,145],{"class":132},"traefik.http.routers.api.rule=Host(`api.example.com`)",[103,147,136],{"class":128},[103,149,150,152,154,157],{"class":105,"line":48},[103,151,125],{"class":112},[103,153,129],{"class":128},[103,155,156],{"class":132},"traefik.http.routers.api.tls.certresolver=letsencrypt",[103,158,136],{"class":128},[103,160,161,163,165,168],{"class":105,"line":57},[103,162,125],{"class":112},[103,164,129],{"class":128},[103,166,167],{"class":132},"traefik.http.middlewares.auth.forwardauth.address=http:\u002F\u002Fauth-service\u002Fverify",[103,169,136],{"class":128},[103,171,173,175,177,180],{"class":105,"line":172},7,[103,174,125],{"class":112},[103,176,129],{"class":128},[103,178,179],{"class":132},"traefik.http.routers.api.middlewares=auth@docker",[103,181,136],{"class":128},[85,183,185],{"id":184},"zero-trust-auth-layer","Zero-Trust Auth Layer",[81,187,188],{},"Every service route passes through the forward-auth middleware. The auth service validates JWTs issued by Keycloak and returns a 401 for unauthenticated requests before traffic ever reaches the upstream service.",[85,190,192],{"id":191},"status","Status",[81,194,195],{},"Handling ~15k requests per minute in steady state. Rate limiting has successfully throttled three separate credential-stuffing attempts without any manual intervention. Auto-renewing Let's Encrypt certificates across 8 domains.",[197,198,199],"style",{},"html pre.shiki code .su6XF, html code.shiki .su6XF{--shiki-default:#998418}html pre.shiki code .sYZai, html code.shiki .sYZai{--shiki-default:#999999}html pre.shiki code .sSP4y, html code.shiki .sSP4y{--shiki-default:#B5695977}html pre.shiki code .spphp, html code.shiki .spphp{--shiki-default:#B56959}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":98,"searchDepth":21,"depth":21,"links":201},[202,203,204],{"id":87,"depth":21,"text":88},{"id":184,"depth":21,"text":185},{"id":191,"depth":21,"text":192},"High-performance reverse proxy configuration and zero-trust identity layer for distributed microservices running on Docker Swarm.","md","G7H8I9",{},true,"\u002Fprojects\u002Ftraefik-mesh","BAY 04","live","EU-CENTRAL-1",{"title":76,"description":205},"projects\u002Ftraefik-mesh","\u002Fimages\u002Fthumbnails\u002Ftraefik-mesh.png","OkxpNVZgJlXM3F8wDkLjH_tzGrCJXLuk21a83G5TLNM",1779361989071]