Develop Reference

traefik rule not redirecting requests made to "localhost/api" to backend container

traefik rule not redirecting requests made to "localhost/api" to backend container
Whenever I change the backend
- "traefik.http.routers.api.rule=Host(`localhost`) && PathPrefix(`/api`)"
to Host('localhost') I can access the application at localhost but after adding this rule, whenever I go to localhost/api , it leads me to frontend and opens html page
version: '3'
volumes:
myvol2:
external: false
services:
traefik:
image: "traefik:v2.6"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--api.dashboard=true"
- "--api.debug=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.api.address=:5000"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443" # new
ports:
- "80:80"
- "5000:5000"
- "443:443" # new
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
api:
image: "myimagename"
ports:
- '5000'
scale: 1
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`localhost`) && PathPrefix(`/api`)"
- "traefik.http.routers.api.entrypoints=web"
- "traefik.http.services.api.loadbalancer.server.port=5000"
volumes:
- /app/node_modules
- ./server:/app
- myvol2:/resources/static/assets/uploads # Volume
environment:
- PORT=5000
web:
image: "myfrontendimage"
stdin_open: true
scale: 1
ports:
- '3000'
environment:
- CHOKIDAR_USEPOLLING=true
- CI=true
labels:
- "traefik.enable=true"
- "traefik.http.routers.web.rule=Host(`localhost`)"
- "traefik.http.routers.web.entrypoints=web"
- "traefik.http.services.web.loadbalancer.server.port=3000"
volumes:
- /app/node_modules
- ./client:/app
Tried redirecting the Tried almost all combinations of route, even tried adding regexp for matching localhost/api.
With my current nginx setup,
I have :
location /api{
rewrite /api/(.*) /$1 break;
proxy_pass http://api;
}
in my default.conf,
Trying to migrate to traefik but the requests to localhost/api are not reaching

Your configuration seems to be fine. In your question you have a bunch of placeholder values, so it's not actually possible to test your docker-compose.yaml, but we can produce a runnable version like this:
services:
traefik:
image: "traefik:v2.9"
command:
- "--api.insecure=true"
- "--api.dashboard=true"
- "--api.debug=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
# The port mappings here are to avoid conflicts with other services
# on my system
ports:
- "7080:80"
- "7443:443"
- "7090:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
api:
# Note that we don't need a `ports` configuration here because we're
# not publish any ports to the host (all access will be via the
# frontend proxy).
image: "docker.io/traefik/whoami:latest"
command:
- --name=API
- --port=5000
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`localhost`) && PathPrefix(`/api`)"
- "traefik.http.routers.api.entrypoints=web"
- "traefik.http.services.api.loadbalancer.server.port=5000"
web:
image: "docker.io/traefik/whoami:latest"
command:
- --name=WEB
- --port=3000
labels:
- "traefik.enable=true"
- "traefik.http.routers.web.rule=Host(`localhost`)"
- "traefik.http.routers.web.entrypoints=web"
- "traefik.http.services.web.loadbalancer.server.port=3000"
The significant changes here are:
I'm using Traefik v2.9 (because why use an older release?)
I've replaced all your images with docker.io/traefik/whoami, which gives us a simple endpoint for testing.
With the above configuration, a request to http://localhost hits the "web" container:
$ curl localhost:7080
Name: WEB
[...]
Whereas a request to http://localhost/api hits the "api" container:
$ curl localhost:7080/api
{...., "name": "API"}
(We're getting a JSON response in the second case because we're hitting the /api path on the whoami container.)

Finally, got the traefik /api to redirect to the other backend container with the following set up
The primary issue was that even though it redirects to the container, it did not strip the /api prefix, so the API route was getting messed up
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=PathPrefix(`/api/`)"
- "traefik.http.routers.api.service=api"
- "traefik.http.services.api.loadbalancer.server.port=5000"
- "traefik.http.middlewares.api.stripprefix.prefixes=/api"
- "traefik.http.middlewares.api.stripprefix.forceSlash=false"
- "traefik.http.routers.api.middlewares=api"

No route to host with Gitea and Drone.io using Traefik

I'm trying to get self hosted Gitea instance and a self hosted drone.io (version 2) instance to work together.
Gitea is running. I added a drone.io OAuth application in Gitea settings with "https://drone.mydomain/login" as url.
When I open drone.io url (https://drone.mydomain) in my browser I get a welcome page. Clicking the "Continue" button I get a message after a few seconds:
Post "https://gitea.mydomain/login/oauth/access_token": dial tcp 192.168.82.146:443: connect: no route to host
Logs in gitea look normal to me:
router: completed GET /login/oauth/authorize?client_id=f999e784-f351-43db-a491-d0a90d8a2c57&redirect_uri=https%3A%2F%2Fdrone.mydomain%2Flogin&response_type=code&state=b80704bb7b4d7c03 for 192.168.82.40:0, 303 See Other in 20.2ms # auth/oauth.go:361(auth.AuthorizeOAuth)
Logs in dronio container look as expected:
{
"level": "error",
"msg": "oauth: cannot exchange code: gta_cgbk727fe32plbnahnok4u3543ql2xv4q3fvnfgaxwtkknafb5gq: Post \"https://gitea.mydomain/login/oauth/access_token\": dial tcp 192.168.82.146:443: connect: no route to host",
"time": "2022-12-31T01:39:18+01:00"
}
To me it looks like "https://gitea.mydomain/login/oauth/access_token" was resolved via DNS and the IP was inserted for the domain but some header informations are missing so that Traefik does not know to which service to forward the request.
I added dns information (gitea, local DNS) to drone service which did not help.
Here is my docker-compose file:
version: '3.3'
services:
gitea-db:
# Left out to shorten this file
gitea:
image: gitea/gitea:latest
container_name: gitea
restart: always
depends_on:
gitea-db:
condition: service_started
gitea-cache:
condition: service_healthy
secrets:
- mysql_user
- mysql_user_password
volumes:
- /share/Container/gitea/data:/data
environment:
- APP_NAME=Gitea
- USER_UID=1000
- USER_GID=1000
- USER=git
- HTTP_PORT=3000
- DOMAIN=`${GITEA_URL}`
- SSH_DOMAIN=`${GITEA_URL}`
- SSH_PORT=222
- SSH_LISTEN_PORT=22
- DB_TYPE=mysql
- DB_HOST=gitea-db:3306
- DB_NAME=${MYSQL_DATABASE}
- DB_USER_FILE=/run/secrets/mysql_user
- DB_PASSWD_FILE=/run/secrets/mysql_user_password
- TZ=Europe/Berlin
- RUN_MODE=prod
- APP_NAME=My Gitea
- REQUIRE_SIGNIN_VIEW=true
- ROOT_URL=`https://${GITEA_URL}`
- GITEA__cache__ENABLED=true
- GITEA__cache__ADAPTER=redis
- GITEA__cache__HOST=redis://gitea-cache:6379/0?pool_size=100&idle_timeout=180s
- GITEA__cache__ITEM_TTL=24h
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitea.entrypoints=web-secure"
- "traefik.http.routers.gitea.rule=Host(`${GITEA_URL}`)"
- "traefik.http.routers.gitea.tls=true"
- "traefik.http.routers.gitea.service=gitea-service"
- "traefik.http.services.gitea-service.loadbalancer.server.port=3000"
- "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
- "traefik.tcp.routers.gitea-ssh.entrypoints=ssh"
- "traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc"
- "traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=22"
networks:
- traefik_proxy
- default
gitea-cache:
# Left out to shorten this file
droneio:
image: drone/drone:2
container_name: droneio
restart: unless-stopped
dns: # trying to fix my issue by adding this section
- 192.168.82.153 # local DNS
- gitea
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /share/Container/drone/data:/data
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_SERVER_HOST=${DRONE_URL}
- DRONE_SERVER_PROTO=https
- DRONE_RPC_SECRET=${PRC_SECRET}
- DRONE_GITEA_SERVER=https://${GITEA_URL}/
- DRONE_GITEA_CLIENT_ID=${GITEA_CLIENT_ID} # need to change to docker secret
- DRONE_GITEA_CLIENT_SECRET=${GITEA_CLIENT_SECRET} # need to change to docker secret
- DRONE_LOGS_PRETTY=true
- DRONE_LOGS_COLOR=true
- DRONE_DEBUG=true
- DRONE_TRACE=true
labels:
- traefik.enable=true
- traefik.http.routers.drone-http.entrypoints=web
- traefik.http.routers.drone-http.rule=Host(`${DRONE_URL}`)
- traefik.http.routers.drone.entrypoints=web-secure
- traefik.http.routers.drone.rule=Host(`${DRONE_URL}`)
- traefik.http.routers.drone.tls=true
networks:
- traefik_proxy
- default
depends_on:
- gitea
drone-runner:
image: drone/drone-runner-docker:1
container_name: drone-runner
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_RPC_PROTO=https
- DRONE_RPC_HOST=${DRONE_URL}
- DRONE_RPC_SECRET=${PRC_SECRET}
- DRONE_RUNNER_CAPACITY=1
- DRONE_RUNNER_NAME=drone-runner-1
ports:
- 3000:3000
depends_on:
- droneio
networks:
- default
secrets:
mysql_root_password:
file: ./secrets/mysql_root_pw.txt
mysql_user:
file: ./secrets/mysql_user.txt
mysql_user_password:
file: ./secrets/mysql_user_pw.txt
networks:
traefik_proxy:
external:
name: traefik_proxy
default:
driver: bridge
I'd be grateful if somebody has a hint. Thank you in advance.

Issue with Collabora CODE, Nextcloud & Nginx using docker-compose

I am trying to get a docker-compose.yaml together to run Nextcloud and Collabora CODE via Nginx Proxy Manager.
So far I have Nginx and Nextcloud working really nicely with persistent volumes so that my configs survive kill & rm. My issue is that I cannot get my Collabora CODE instance to link to Nextcloud. There are multiple bits that I might have got wrong so I'll dump as much info as I can here.
I have the following subdomains all pointing at my server:
collabora.domain.tld nextcloud.domain.tld nginx.domain.tld
... and set up as proxy hosts:
As I mentioned, the Nginx and Nextcloud setups are great. When I point my browser at collabora.domain.tld I see the OK message. I can also access the admin page at collabora.domain.tld/loleaflet/dist/admin/admin.html
The NPM entry for collabora.domain.tld is below:
My docker-compose.yaml has gone through several iterations in an attempt to get this working, but my current attempt is below:
version: '3'
volumes:
nextcloud-data:
nextcloud-db:
npm-data:
npm-ssl:
npm-db:
networks:
frontend:
backend:
services:
code:
image: collabora/code:latest
restart: always
environment:
- password=${COLLABORA_PASSWORD:?Not defined!}
- username=${COLLABORA_USERNAME:?Not defined!}
- domain=${COLLABORA_DOMAIN:?Not defined!}
expose:
- "9980"
networks:
- frontend
- backend
nextcloud-app:
image: nextcloud:stable
restart: always
volumes:
- nextcloud-data:/var/www/html
environment:
- MYSQL_PASSWORD=${NC_MYSQL_PASSWORD:?Not defined!}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud-user
- MYSQL_HOST=nextcloud-db
networks:
- frontend
- backend
nextcloud-db:
image: mariadb
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
volumes:
- nextcloud-db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${NC_MYSQL_ROOT_PASSWORD:?Not defined!}
- MYSQL_PASSWORD=${NC_MYSQL_PASSWORD:?Not defined!}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud-user
networks:
- backend
npm-app:
image: jc21/nginx-proxy-manager:latest
restart: always
ports:
- "80:80"
- "81:81"
- "443:443"
environment:
- DB_MYSQL_HOST=npm-db
- DB_MYSQL_PORT=3306
- DB_MYSQL_USER=npm-user
- DB_MYSQL_PASSWORD=${NPM_MYSQL_PASSWORD:?Not defined!}
- DB_MYSQL_NAME=npm
volumes:
- npm-data:/data
- npm-ssl:/etc/letsencrypt
networks:
- frontend
- backend
npm-db:
image: jc21/mariadb-aria:latest
restart: always
environment:
- MYSQL_ROOT_PASSWORD=${NPM_MYSQL_ROOT_PASSWORD:?Not defined!}
- MYSQL_DATABASE=npm
- MYSQL_USER=npm-user
- MYSQL_PASSWORD=${NPM_MYSQL_PASSWORD:?Not defined!}
volumes:
- npm-db:/var/lib/mysql
networks:
- backend
$COLLABORA_DOMAIN is set to nextcloud.domain.tld.
Any ideas what I have done wrong, and how to get my Nextcloud connected to CODE?

What do your custom locations look like? See, e.g. https://www.collaboraoffice.com/code/nginx-reverse-proxy/
I have a very similar setup, except the collabora instance is not in docker compose, as that never worked for me.
Make sure you have specified your domain environmental variable correctly (dot escaping etc.)

Allow both http and https with Traefik on Docker

I am using Traefik in my VPS to route the traffic to my websites, after hours of messing around with it I finally managed to get it working with https using Le's Encrypt.
Now, one thing that I need to do is be able to also access my website via plain http as this is a hobby project for older browsers and the only reason I added tls is because Firefox doesn't like my website without it.
The problem is that, with my current configuration, I can access my website via https normally but when I try it with plain http I get a 404 error.
Here's what my config on docker-compose looks like:
version: "3"
services:
traefik:
image: "traefik:v2.5"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.teeresolver.acme.tlschallenge=true"
- "--certificatesresolvers.teeresolver.acme.email=me#gmail.com"
- "--certificatesresolvers.teeresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "80:80"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- mywebsite
# [...]
mywebsite:
image: my-web-site/site
build:
context: ~/mywebsite-runner/_work/my-web-site-php/my-web-site-php
dockerfile: Dockerfile
volumes:
- ./tee-downloads:/var/www/build/downloads
- ./tee-contents:/var/www/build/contents
ports:
- "0.0.0.0:8001:80"
labels:
- "traefik.enable=true"
- "traefik.http.routers.themywebsite.rule=Host(`mywebsite.com`, `www.mywebsite.com`)"
- "traefik.http.routers.themywebsite.entrypoints=websecure,web"
- "traefik.http.routers.themywebsite.tls.certresolver=teeresolver"
networks:
- mywebsite
networks:
mywebsite:
I have been searching for a solution for hours but the only things I can find on google are configs to redirect http to https, which I can't do.
Does anyone know how to do that?
Thanks in advance for the help.

In traefik , each router defines a set of policies to apply depending of rules and entrypoints.
If you want 2 policies, one for http and one for https, you need to define 2 traefik routers :
mywebsite:
...
labels:
- "traefik.enable=true"
- "traefik.http.routers.themywebsite.entrypoints=websecure"
- "traefik.http.routers.themywebsite.tls.certresolver=teeresolver"
- "traefik.http.routers.themywebsite.rule=Host(`mywebsite.com`, `www.mywebsite.com`)"
- "traefik.http.routers.httpwebsite.entrypoints=web"
- "traefik.http.routers.httpwebsite.rule=Host(`mywebsite.com`, `www.mywebsite.com`)"
One called themywebsite
Another one called httpwebsite
As a result, you do not use a certresolver for httpwebsite router.

Request with Symfony HttpClient returns code 0, when the same request with postman works fine

I have a weird problem where a request I make (to my mercure hub) with postman works fine, however the Publisher class (from the Symfony mercure bundle), which uses the Symfony HttpClient will yield in a response code 0.
According to my research that means that the URL can't be found, or no Response was returned?
I first thought it might have to do something with the Publisher class itself, which is why opened this Issue on Github, but after some playing around I thought that maybe there is a communication error with my containers? I tried giving my mercure container "networks: internal", which some other containers use aswell, but that didn't help either.
Any ideas are greatly appreciated..
/e: my docker-compose:
version: "3"
services:
traefik:
image: traefik:v1.7
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./.docker/traefik/traefik.toml:/etc/traefik/traefik.toml
networks:
- proxy
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.frontend.rule=Host:traefik.heracles.local
- traefik.port=8080
nginx:
image: nginx:1.17-alpine
volumes:
- ./Source:/var/www
- ./.docker/nginx/conf/nginx.conf:/etc/nginx/nginx.conf
links:
- php
networks:
- internal
- proxy
labels:
- traefik.docker.network=proxy
- traefik.enable=true
- traefik.basic.frontend.rule=Host:heracles.local
- traefik.basic.port=80
php:
build:
args:
USER_ID: ${USER_ID}
context: ./.docker/php
volumes:
- ./Source:/var/www
- ./.docker/php/conf/cli.ini:/etc/php/7.4/cli/conf.d/zz-symfony.ini
- ./.docker/php/conf/fpm.ini:/etc/php/7.4/fpm/conf.d/zz-symfony.ini
- ./.docker/php/conf/xdebug.ini:/etc/php/7.4/fpm/conf.d/zz-xdebug.ini
- ./.docker/php/conf/opcache.ini:/etc/php/7.4/fpm/conf.d/zz-opcache.ini
- ./.docker/php/conf/pool.conf:/etc/php/7.4/fpm/pool.d/www.conf
networks:
- internal
labels:
- traefik.enable=false
db:
image: mysql:5.7
env_file:
- .env
volumes:
- db_data:/var/lib/mysql
- ./.docker/mysql/conf.d:/etc/mysql/conf.d
command:
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci
- --skip-character-set-client-handshake
networks:
- internal
labels:
- traefik.enable=false
restart: always
adminer:
image: adminer
networks:
- internal
- proxy
labels:
- traefik.docker.network=proxy
- traefik.enable=true
- traefik.basic.frontend.rule=Host:db.heracles.local
- traefik.basic.port=8080
blackfire:
image: blackfire/blackfire
networks:
- internal
labels:
- traefik.enable=false
mailhog:
image: mailhog/mailhog
networks:
- internal
- proxy
labels:
- traefik.docker.network=proxy
- traefik.enable=true
- traefik.basic.frontend.rule=Host:mail.heracles.local
- traefik.basic.port=8025
mercure:
image: dunglas/mercure
environment:
- ALLOW_ANONYMOUS=1
- CORS_ALLOWED_ORIGINS=*
- JWT_KEY=ASD
- PUBLISH_ALLOWED_ORIGINS=http://heracles.local
- ADDR=:3000
ports:
- 3000:3000
networks:
internal:
proxy:
external: true
volumes:
db_data:

In reference to your comment, your MERCURE_PUBLISH_URL .env variable must indeed refer to your Mercure container, but there's no need for the port indication. If the name of your Mercure container is "mercure", the environment variable should be set like so :
MERCURE_PUBLISH_URL=http://mercure/.well-known/mercure
(Replace http by https if your connection is secured)

Alright guys it's working now. In fact the correct url is
MERCURE_PUBLISH_URL=http://mercure:3000/.well-known/mercure
So if you're using Docker Containers make sure to pass the correct host + the port and give your mercure containers the network of your other containers (internal in my case).