I run a docker host in my homelab using ubuntu. The host is reachable via docker.mydomain.com. This is managed by my pfsense firewall.
I use the following docker-compose file:
version: "3.7"
services:
traefik:
image: "traefik:v2.9"
container_name: "traefik"
hostname: "traefik"
ports:
- "80:80"
- "8008:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik.yml:/traefik.yml:ro"
apache:
image: httpd:latest
container_name: apache
hostname: apache
labels:
- "traefik.enable=true"
- "traefik.http.routers.apache.entrypoints=web"
- "traefik.http.routers.apache.rule=Host(`apache.docker.mydomain.com`)"
Additionally i use the following traefik.yml file
log:
level: INFO
api:
insecure: true
dashboard: true
entryPoints:
web:
address: ":80"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
I can reach the traefik web ui but not the apache default site using apache.docker.mydomain.com. I'm not sure if pfsense is the problem or traefik. What am i missing here?
UPDATE:
I see the apache service in the traefik ui:
It seems to be an issue with the dns forwarding on the pfsense firewall. I added a wildcard rule to address=/.docker.mydomain.com/192.168.1.10 and now the apache is reachable via apache.docker.mydomain.com
Related
I have found many similar questions online, but I am certainly lost in this topic which is new for me and I hope somebody can guide me through my problem. In my setup, I have a docker container which runs a secure version on port 8443 and a "read-only" version on port 8080. Now I want to use Traefik as a proxy to then reroute all requests to the secure version, ignoring the read-only. While the dashboard indicates routing to the service, I am just receiving an "Unable to connect" when trying to access the webpage.
As a compose file:
version: "3.7"
services:
traefik:
image: traefik:2.5
container_name: traefik
restart: always
ports:
- "80:80"
- "433:433"
command: --api.insecure=false --providers.docker
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/cloud/traefik.yml:/etc/traefik/traefik.yml
networks:
- traefik-network
my-service:
image: my-image
env_file: variables.env
container_name: my-image
restart: always
ports:
- "8080:8080"
- "8443:8443"
networks:
- traefik-network
labels:
- "traefik.enable=true"
- "traefik.http.routers.my-service.entryPoints=websecure"
- "traefik.http.routers.my-service.rule=Host(`domain.com`)"
- "traefik.http.services.my-service.loadbalancer.server.port=8443"
networks:
traefik-network:
name: traefik-network
And the traefik.yml:
################################################################
# Provider configuration
################################################################
providers:
docker:
endpoint: "unix:///var/run/docker.sock" # default
exposedByDefault: true # default
network: traefik-network
################################################################
# Entrypoint
################################################################
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
Maybe somebody has an idea where I went in the wrong direction.
Best
I am trying to get traefik work with portainer but nothing so far.
My goal is to just type http://localhost/portainer and let traefik redirect to portainer portal.
So far my docker-compose looks like this:
services:
reverse-proxy:
image: traefik
container_name: "traefik"
networks:
- traefik_net
ports:
- "80:80"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik.yml:/traefik.yml:ro"
portainer:
image: "portainer/portainer-ce"
container_name: "portainer"
networks:
- traefik_net
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- portainer_data:/data"
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=web"
- "traefik.http.routers.portainer.rule=Host(`localhost`) && PathPrefix(`/portainer`)"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
networks:
traefik_net: {}
volumes:
portainer_data:
And my traefik.yml file is:
log:
level: INFO
api:
insecure: true
dashboard: true
entryPoints:
web:
address: ":80"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
I really do not know what is going on. When I try to connect to http://localhost/portainer I get 404 not found.
The dashboard is working fine. When I check the portainer servece is has the docker ip for portainer container and also the port 9000 so I think the problem is with the traefik receiving and redirecting the url to the portainer container.
Any help is welcomed, thanks.
Portainer doesn't support subpaths yet, you can make an issue for a request for this over here https://github.com/portainer/portainer/issues?q=is%3Aissue+is%3Aopen
I am trying to expose my docker services (like Heimdall, Plex, Tautulli, etc) on my host machines IP for internal purposes only, so without a domain name. I want each service to be accessible ith its own prefix like 192.168.0.100/heimdall, 192.168.0.100/tautulli, etc.
I would like to have the dashboard on a separate port, like 8080, but even after I specify an entry point for 8080 as traefik and set traefik as the entry point for the service it still goes to the port 80 named http.
Is there any issue with my config or is it an issue on traefik side?
docker-compose.yml
version: '3'
services:
traefik:
image: traefik
container_name: traefik
ports:
- "80:80"
- "8080:8080"
restart: always
volumes:
- ./traefik:/etc/traefik
- "/var/run/docker.sock:/var/run/docker.sock:ro"
traefik.yml
entryPoints:
http:
address: ":80"
traefik:
address: ":8080"
api: {}
log:
level: "DEBUG"
providers:
file:
directory: /etc/traefik/dynamic
docker:
endpoint: unix:///var/run/docker.sock
exposedByDefault: false
dashboard.yml
http:
routers:
api:
rule: PathPrefix(`/api`) || PathPrefix(`/dashboard`)
entrypoints:
- traefik
service: api#internal
According to documentation (https://docs.traefik.io/v2.2/operations/api/#insecure), this could help:
api:
insecure: true
It should implicitly use special entrypoint traefik with port 8080.
You can also check this for more info about dashboard: https://docs.traefik.io/operations/dashboard/
EDIT
I have just tried it and it works on port 8080 with this configuration:
docker-compose.yml
version: '3'
services:
traefik:
image: traefik
container_name: traefik
restart: always
ports:
- "80:80"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./dockerfiles/traefik/traefik.yml:/etc/traefik/traefik.yml:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.dashboard.entrypoints=traefik"
- "traefik.http.routers.dashboard.service=api#internal"
traefik.yml (I have used yours without file provider):
entryPoints:
http:
address: ":80"
traefik:
address: ":8080"
api: {}
log:
level: "DEBUG"
providers:
docker:
endpoint: unix:///var/run/docker.sock
exposedByDefault: false
I'm setting up a gitlab server behind traefik proxy, but my gitlab sshd logs says traefik send http request over 22 port to gitlab, causing Internal server error.
==> /var/log/gitlab/sshd/current <==
gitlab | 2019-08-27_03:39:15.42508 Bad protocol version identification 'GET / HTTP/1.1' from 192.168.144.2 port 33462
I found there is a similar discuss here, however the answer did not work, is there any way to change gitlab backend from 22 to 80?
The following is my code and configs.
# traefik docker-compose.yaml
version: '3'
services:
traefik:
container_name: traefik
image: traefik
command: --api
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
networks:
- web
ports:
- 8080:8080
- 80:80
- 443:443
networks:
web:
external: true
# traefik.toml
debug = false
logLevel = "INFO"
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "mydomain.com"
watch = true
exposedByDefault = false
# gitlab docker-compose.yaml
version: '3'
services:
# expose 22 80 443
gitlab:
container_name: gitlab
image: gitlab/gitlab-ee
volumes:
- /nsrv/gitlab/config:/etc/gitlab
- /nsrv/gitlab/logs:/var/log/gitlab
- /nsrv/gitlab/data:/var/opt/gitlab
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:gitlab.mydomain.com
- traefik.prot=80
networks:
- web
restart: always
networks:
web:
external: true
Looks like you have a typo in your gitlab docker-compose.yaml file.
Replace traefik.prot by traefik.port and it should work better.
I have docker compose with nginx running with the following config:
version: "3"
services:
web:
image: nginx:alpine
volumes:
- ./nginx:/etc/nginx/conf.d/rainloop
ports:
- "8081:80"
labels:
- "traefik.frontend.rule=Host:www.example.com"
- "traefik.port=8081"
and traefik in docker-compose with the following config:
version: '3'
services:
reverse-proxy:
image: traefik:alpine
command: --api --docker
ports:
- "80:80" # The HTTP port
- "8080:8080" # The Web UI (enabled by --api)
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- ./traefik.toml:/etc/traefik/traefik.toml
the traefik.toml is kept basic and looks like this
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
The Web UI shows the following
When calling my domain www.example.com I get a timeout.
Add the following in your traefik.toml
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
Create a network with docker network create traefik-net
Deploy traefik with
version: '3'
services:
traefik:
image: traefik:latest
command: --api
ports:
- 80:80
- 8080:8080 # Port for the web UI
networks:
- traefik-net
Deploy nginx with
version: '3'
services:
frontend:
image: nginx
networks:
- traefik-net
labels:
- "traefik.docker.network=traefik-net"
- "traefik.frontend.rule=Host:${DOMAIN}"
- "traefik.backend=nginx"
- "traefik.port=80" # you should use exposed port, not published
You need to put both container on same network.
Create a docker network inside your host machine. docker network create {network name}.
In your docker-compose use the existing network that you created to connect both containers. You can read https://docs.docker.com/compose/networking/#use-a-pre-existing-network on how to use it.
Add each service to the above network.