Develop Reference

ioBroker with Node-RED behind traefik on Synlogy NAS with Docker

To control some Tasmota driven WiFi Sockets and some other stuff I want to install a Docker based SmartHome central on my Synology DS218+.
This installation is to be reachable only from inside my LAN while some other Docker containers on my NAS are accessible from the Internet.
So I decided to use a docker-compose Setup based on a Traefik-script with one single Traefik-container and a SmartHome-script with some SmartHome related containers (both scripts see below).
During a step-wise installation I first implemented the ioBroker container, finished the initial Setup and installed the Node-RED adapter.
After that I added a Mosquitto container to my SmartHome-script and a dependency to let the ioBroker container start after Mosquitto.
All containers of the above setup come up without any problems but ioBroker is the only Service that's accessible.
Whether my Tasmota-deices nor ioBroker seem to have access to Mosquitto and when I try to start the Node-RED-instance, I get an Error "404 page not found"
Traefik-script:
version: "3.9"
services:
traefik:
image: traefik:v2.4
command:
- --log.level=ERROR
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=web-secure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.web-secure.address=:443
- --entrypoints.web-secure.http.tls.certresolver=lets-encrypt
- --entrypoints.something.address=:1234
...
- --entrypoints.node-red.address=:1880
- --entrypoints.mosquitto.address=:1883
- --entrypoints.iobroker.address=:8081
...
- --entrypoints.something-different.address=:23456
- --entrypoints.something-different.http.redirections.entrypoint.to=something-different
- --entrypoints.something-different.http.redirections.entrypoint.scheme=https
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.file.directory=/etc/traefik/dynamic/
- --providers.file.watch=true
- --certificatesresolvers.lets-encrypt.acme.email=my.email#internet.com
- --certificatesresolvers.lets-encrypt.acme.storage=/etc/traefik/acme.json
- --certificatesresolvers.lets-encrypt.acme.tlschallenge=true
restart:
- unless-stopped
ports:
- 80:80
- 443:443
- 1234:1234
...
- 1880:1880
- 1883:1883
- 8081:8081
...
- 23456:23456
volumes:
- /etc/localtime:/etc/localtime:ro
- ${PWD}/traefik:/etc/traefik
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
- traefik.enable=false
networks:
- traefik
networks:
traefik:
external: false
driver: bridge
name: traefik
SmartHome-script
version: "3.9"
services:
mosquitto:
image: eclipse-mosquitto:latest
restart:
- unless-stopped
volumes:
- ${PWD}/mosquitto-config:/mosquitto/config
- ${PWD}/mosquitto-data:/mosquitto/data
- ${PWD}/mosquitto-log:/mosquitto/log
labels:
- traefik.enable=true
- traefik.tcp.routers.mosquitto.entrypoints=mosquitto
- traefik.tcp.routers.mosquitto.rule=HostSNI(`my.synology.nas.local`)
- traefik.tcp.routers.mosquitto.service=svc-mosquitto
- traefik.tcp.services.svc-mosquitto.loadbalancer.server.port=1883
networks:
- traefik
iobroker:
image: iobroker/iobroker:latest
restart:
- unless-stopped
depends_on:
- mosquitto
environment:
- LANG=de_DE.UTF‑8
- LANGUAGE=de_DE:de
- LC_ALL=de_DE.UTF-8
- TZ=Europe/Berlin
volumes:
- ${PWD}/iobroker-data:/opt/iobroker
labels:
- traefik.enable=true
- traefik.http.routers.iobroker.entrypoints=iobroker
- traefik.http.routers.iobroker.rule=Host(`my.synology.nas.local`)
networks:
- traefik
networks:
traefik:
external: true
I suspect that the inaccessible Mosquitto-server is related to the "labels" section of the Mosquitto-container, because this is the first time I try to use TCP routing.
The inaccessible Node-RED instance within ioBroker might be related to using more than one HTTP-port with this container but I have no idea, where to begin troubleshooting.
What's the "correct way" to handle such use cases in docker-compose scripts respectively in Traefik?
Thanx in advance for your hints!
Lanzi

Drone CI runner can't find gitea server

I am trying to run a gitea server with drone. They are currently both hosted on the same ubuntu machine and the docker containers are set up through a docker-compose.yml file.
When starting up all services I get the following error in the logs of the drone runner service:
time="2020-08-12T19:10:42Z" level=error msg="cannot ping the remote server" error="Post http://drone:80/rpc/v2/ping: dial tcp: lookup drone on 127.0.0.11:53: no such host"
Both http://gitea and http://drone point to localhost (via /etc/hosts). I sadly don't understand how or why the drone runner can not find the server. Calling "docker container inspect" on all my 4 containers shows they are all connected to the same network (drone_and_gitea_giteanet). Which is also the network I set in the DRONE_RUNNER_NETWORKS environment variable.
This is how my docker-compose.yml file looks:
version: "3.8"
# Create named volumes for gitea server, gitea database and drone server
volumes:
gitea:
gitea-db:
drone:
# Create shared network for gitea and drone
networks:
giteanet:
external: false
services:
gitea:
container_name: gitea
image: gitea/gitea:1
#restart: always
environment:
- APP_NAME="Automated Student Assessment Tool"
- USER_UID=1000
- USER_GID=1000
- ROOT_URL=http://gitea:3000
- DB_TYPE=postgres
- DB_HOST=gitea-db:5432
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=gitea
networks:
- giteanet
ports:
- "3000:3000"
- "222:22"
volumes:
- gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- gitea-db
gitea-db:
container_name: gitea-db
image: postgres:9.6
#restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
networks:
- giteanet
volumes:
- gitea-db:/var/lib/postgresql/data
drone-server:
container_name: drone-server
image: drone/drone:1
#restart: always
environment:
# General server settings
- DRONE_SERVER_HOST=drone:80
- DRONE_SERVER_PROTO=http
- DRONE_RPC_SECRET=topsecret
# Gitea Config
- DRONE_GITEA_SERVER=http://gitea:3000
- DRONE_GITEA_CLIENT_ID=<CLIENT ID>
- DRONE_GITEA_CLIENT_SECRET=<CLIENT SECRET>
# Create Admin User, name should be the same as Gitea Admin user
- DRONE_USER_CREATE=username:AdminUser,admin:true
# Drone Logs Settings
- DRONE_LOGS_PRETTY=true
- DRONE_LOGS_COLOR=true
networks:
- giteanet
ports:
- "80:80"
volumes:
- drone:/data
depends_on:
- gitea
drone-agent:
container_name: drone-agent
image: drone/drone-runner-docker:1
#restart: always
environment:
- DRONE_RPC_PROTO=http
- DRONE_RPC_HOST=drone:80
- DRONE_RPC_SECRET=topsecret
- DRONE_RUNNER_CAPACITY=1
- DRONE_RUNNER_NETWORKS=drone_and_gitea_giteanet
networks:
- giteanet
volumes:
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- drone-server
It would help me a lot if somebody could maybe take a look at the issue and help me out! :)

multiple docker compose files with traefik (v2.1) and database networks

I would like to build a docker landscape. I use a container with a traefik (v2. 1) image and a mysql container for multiple databases.
traefik/docker-compose.yml
version: "3.3"
services:
traefik:
image: "traefik:v2.1"
container_name: "traefik"
restart: always
command:
- "--log.level=DEBUG"
- "--api=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=proxy"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.traefik-dashboard.address=:8080"
- "--certificatesresolvers.devnik-resolver.acme.httpchallenge=true"
- "--certificatesresolvers.devnik-resolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.devnik-resolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.devnik-resolver.acme.email=####"
- "--certificatesresolvers.devnik-resolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "./data:/etc/traefik"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- "proxy"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`devnik.dev`)"
- "traefik.http.routers.traefik.entrypoints=traefik-dashboard"
- "traefik.http.routers.traefik.tls.certresolver=devnik-resolver"
#basic auth
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.usersfile=/etc/traefik/.htpasswd"
#Docker Networks
networks:
proxy:
database/docker-compose.yml
version: "3.3"
services:
#MySQL Service
mysql:
image: mysql:5.7
container_name: mysql
restart: always
ports:
- "3306:3306"
volumes:
#persist data
- ./mysqldata/:/var/lib/mysql/
- ./init:/docker-entrypoint-initdb.d
networks:
- "mysql"
environment:
MYSQL_ROOT_PASSWORD: ####
TZ: Europe/Berlin
#Docker Networks
networks:
mysql:
driver: bridge
For the structure I want to control all projects via multiple docker-compose files. These containers should run on the same network as the traefik container and some with the mysql container.
This also works for the following case (but only sometimes)
dev-releases/docker-compose.yml
version: "3.3"
services:
backend:
image: "registry.gitlab.com/devnik/dev-releases-backend/master:latest"
container_name: "dev-releases-backend"
restart: always
volumes:
#laravel logs
- "./logs/backend:/app/storage/logs"
#cron logs
- "./logs/backend/cron.log:/var/log/cron.log"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dev-releases-backend.rule=Host(`dev-releases.backend.devnik.dev`)"
- "traefik.http.routers.dev-releases-backend.entrypoints=websecure"
- "traefik.http.routers.dev-releases-backend.tls.certresolver=devnik-resolver"
networks:
- proxy
- mysql
environment:
TZ: Europe/Berlin
#Docker Networks
networks:
proxy:
external:
name: "traefik_proxy"
mysql:
external:
name: "database_mysql"
As soon as I restart the containers in dev-releases/ via docker-compose up -d I get the typical error "Gateway timeout" when calling them in the browser.
As soon as I comment the network networks: #- mysql and restart the docker-compose in dev-releases/ it works again.
My guess is that I have not configured the external networks correctly. Is it not possible to use 2 external networks?
I'd like some container have access to the 'mysql' network but it should not be accessible for the whole traefik network.
Let me know if you need more information
EDIT (26.03.2020)
I make it running.
I put all my containers into one network "proxy". It seems mysql also have to be in the proxy network.
So I add following to database/docker-compose.yml
networks:
proxy:
external:
name: "traefik_proxy"
And removed the database_mysql network out of dev-releases/docker-compose.yml

based on the names of the files, your mysql network should be mysql_mysql.
you can verify this by executing
$> docker network ls
You are also missing a couple of labels for your services such as
traefik command line
- '--providers.docker.watch=true'
- '--providers.docker.swarmMode=true'
labels
- traefik.docker.network=proxy
- traefik.http.services.dev-releases-backend.loadbalancer.server.port=yourport
- traefik.http.routers.dev-releases-backend.service=mailcatcher
You can check this for more info

Docker: how to mount local folder inside container?

I need to share a folder from my OSX machine with a running Docker container, but I can't find how to do it.
Here's a working Docker-compose file:
version: '2'
services:
mariadb:
image: 'bitnami/mariadb:10.3'
environment:
- MARIADB_ROOT_PASSWORD=bitnami
- MARIADB_USER=bn_moodle
- MARIADB_DATABASE=bitnami_moodle
- ALLOW_EMPTY_PASSWORD=yes
volumes:
- 'mariadb_data:/bitnami'
phpmyadmin:
image: 'bitnami/phpmyadmin:4'
ports:
- '8081:80'
- '4430:443'
depends_on:
- mariadb
volumes:
- 'phpmyadmin_data:/bitnami'
moodle:
image: 'bitnami/moodle:3'
environment:
- MARIADB_HOST=mariadb
- MARIADB_PORT_NUMBER=3306
- MOODLE_DATABASE_USER=bn_moodle
- MOODLE_DATABASE_NAME=bitnami_moodle
- ALLOW_EMPTY_PASSWORD=yes
ports:
- '80:80'
- '443:443'
volumes:
- 'moodle_data:/bitnami'
depends_on:
- mariadb
volumes:
mariadb_data:
driver: local
phpmyadmin_data:
driver: local
moodle_data:
driver: local
This file correctly starts 3 Docker containers, 1 for Moodle, 1 for MariaDb and 1 for Phpmyadmin.
What I need to do now is to share the content of a local folder with a folder inside the Moodle container. But I can't figure out how to change the Volumes key to reflect that. I tried with a mapping like:
moodle_data:
- moodle_data:/Users/macbook/Code/Php/moodle-docker/moodle/Users/macbook/Code/Php/moodle-docker/moodle
But it didn't work.. what am I doing wrong here? Thanks in advance to anybody who can help!

You need to map your host_folder with your container_folder using host_folder:container_folder. As mentioned on the comments:
moodle:
image: 'bitnami/moodle:3'
environment:
- MARIADB_HOST=mariadb
- MARIADB_PORT_NUMBER=3306
- MOODLE_DATABASE_USER=bn_moodle
- MOODLE_DATABASE_NAME=bitnami_moodle
- ALLOW_EMPTY_PASSWORD=yes
ports:
- '80:80'
- '443:443'
volumes:
- /Users/macbook/Code/Php/moodle-docker/moodle:/bitnami/gatto
- moodle_data:/bitnami
depends_on:
- mariadb
Remember: Your folder on host_folder must be acessible by docker daemon

How to share local host's files with docker machine

I am fairly new to docker, i have been having issues for days now setting up docker-machine to share local files on my windows pc through the use of volumes.
Basically, i am using the github repo as staerting point https://github.com/koutsoumposval/laravel-microservices. I noticed that when i do not use docker-machine the files are shared using the 'volumes' configuration in my docker-compose file.
However, when i host the same project on the docker machine the files do not show. i can see the top level folders when i ssh into the docker machine but they are all empty.
Also i was able to get the local files to show up in the docker-machine by using the 'COPY' directive in the Dockerfile. but i am not comfortable with this, as changes made to the local files are not automatically reflected in the docker machine.
So my question is how can i synchronize the local files with the docker-machine since the 'volumes' directory is obviously not working. Also please point me in the right direction if i am thinking about this in the wrong way.
DOCKER-COMPOSE.YML
version: '3'
services:
proxy:
image: traefik
command: --web --docker --docker.domain=lm.local --docker.exposedbydefault=false --logLevel=DEBUG
networks:
- webgateway
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /dev/null:/traefik.toml
order:
build:
context: order/php-apache
volumes:
- ../order:/var/www/html
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:order.lm.local"
- "traefik.backend=order"
networks:
- webgateway
- web
restart: always
user:
build:
context: user/php-apache
volumes:
- ../user:/var/www/html
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:user.lm.local"
- "traefik.backend=user"
networks:
- webgateway
- web
restart: always
inventory:
build:
context: inventory/php-apache
volumes:
- ../inventory:/var/www/html
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:inventory.lm.local"
- "traefik.backend=inventory"
networks:
- webgateway
- web
restart: always
api:
build:
context: api-gateway/php-apache
volumes:
- ../api-gateway:/var/www/html
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:api.lm.local"
- "traefik.backend=api"
networks:
- webgateway
- web
restart: always
networks:
webgateway:
driver: bridge
web:
external:
name: traefik_webgateway
The image below shows the errors i am experiencing as a result of the local files not being copied to the the virtual machine. So the 'html' folder which is suppose to contain the full microservice repo is empty.