I want to define a subdomain with Traefik using docker-compose. The subdomain should work without defining the port at the end of the url.
I can only access the service whoami via whoami.example.io:9200 instead of whoami.example.io.
Calling the endpoint without the port via postman returns:
http://whoami.example.io => 502 Bad Gateway
https://whoami.example.op => Error: connect ECONNREFUSED <SERVER_IP>:443
My docker-compose.yml:
version: '3'
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:v2.6
container_name: reverse-proxy
# Enables the web UI and tells Traefik to listen to docker
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
whoami:
image: traefik/whoami
container_name: whoami
restart: unless-stopped
ports:
- "9200:80"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.example.io`)"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.http.services.whoami.loadbalancer.server.port=9200"
Related
I'm trying to run two separate API's on a local server, and point two different DNS A Records to the same server. Something like service1.userdomain.com => [ip address] and service2.userdomain.com => [ip address]
I thought I could use Traefik and route to two different docker images based on the host name. However this isnt working as I get a 504 Gateway timeout when trying to hit the service. The services themselves are listening to port :8080
version: '3'
services:
traefik:
image: traefik:latest
restart: always
command:
- --accesslog
- --api.insecure=true
- --providers.docker
- --providers.docker.exposedbydefault=false
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- "80:80"
- "8080:8080"
service1:
image: ghcr.io/user/service1:latest
restart: always
ports:
- "8081:8080"
networks:
- fullstack
labels:
- traefik.enable=true
- traefik.http.routers.service1.rule=Host(`service1.domain.com`)
service2:
image: ghcr.io/user/serice2:latest
restart: always
ports:
- "8082:8080"
labels:
- traefik.enable=true
- traefik.http.routers.service2.rule=Host(`service2.domain.com`)
networks:
- fullstack
networks:
fullstack:
driver: bridge
I have an environment running docker containers.
This environment hosts Traefik, Nextcloud, MotionEye and Heimdall.
I also have another environment running CoreDNS in a docker container.
For some reason, I can get MotionEye to be accessible from motioneye.docker.swarm (changed the domain in here for privacy).
However, for nextcloud and Heimdall, I have to explicitly access the ports and I'm struggling to tell why.
e.g. Heimdall is gateway.docker.swarm:8091 when should be gateway.docker.swarm
When a user requests a webpage onto the local dns server X.X.X.117 it gets routed through to the traefik instance on X.X.X.106.
My traefik compose file is as follows:
version: '3'
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:v2.3
restart: always
# Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker
ports:
# The HTTP port
- "80:80"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.port=8080"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:traefik.docker.swarm"
- "traefik.docker.network=traefik_default"
My Heimdall compose is as follows:
version: "3"
services:
heimdall:
image: ghcr.io/linuxserver/heimdall
container_name: heimdall
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- /home/pi/heimdall/config:/config
ports:
- 8091:80
restart: unless-stopped
networks:
- heimdall
labels:
- "traefik.enable=true"
- "traefik.port=8091"
- "traefik.http.routers.heimdall.entrypoints=http"
- "traefik.http.routers.heimdall.rule=Host(`gateway.docker.swarm`)"
networks:
heimdall:
external:
name: heimdall
Can anyone see what I'm doing wrong here?
When you access through gateway.docker.swarm:8091 it works because you are accessing the heimdall container directly. This is possible because you defined
ports:
- 8091:80
in your docker-compose.
In order to access through traefik they must be on the same network. Also, remove the port mapping if you like this container to be only accessible through traefik. And finally correct the traefik port accordingly.
version: "3"
services:
heimdall:
image: ghcr.io/linuxserver/heimdall
container_name: heimdall
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- /home/pi/heimdall/config:/config
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.http.routers.heimdall.entrypoints=http"
- "traefik.http.routers.heimdall.rule=Host(`gateway.docker.swarm`)"
The example from the traefik quickstart guide for using the whoami image on the whoami subdomain works, but I can't get jellyfin working in a similar setup, and I can't figure out what's different:
kevin#pihost:~/personal$ curl -H Host:jellyfin.kevinm416.com http://127.0.0.1
Bad Gateway
kevin#pihost:~/personal$ curl -H Host:whoami.kevinm416.com http://127.0.0.1
Hostname: f7820e1787fe
IP: 127.0.0.1
...
This is my docker-compose file, which has all the traefik config:
version: "3"
volumes:
jellyfin-config:
jellyfin-cache:
services:
reverse-proxy:
image: traefik:v2.2
# Enables the web UI and tells Traefik to listen to docker
command:
- "--api.insecure=true"
- "--providers.docker"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
ports:
- "80:80"
- "443:443"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
whoami:
image: containous/whoami
labels:
- "traefik.http.routers.whoami.rule=Host(`whoami.kevinm416.com`)"
jellyfin:
image: jellyfin/jellyfin
network_mode: "host"
environment:
TZ: 'America/Los_Angeles'
ports:
- "8096:8096"
volumes:
- jellyfin-config:/config
- jellyfin-cache:/cache
- /home/kevin/microcenter:/microcenter:ro
labels:
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.kevinm416.com`)"
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
restart: always
I guess there could be two problems:
you haven't specified entrypoints for your containers, e.g. for whoami it could be (maybe you want new one for jellyfin with port 8096?):
- "traefik.http.routers.whoami.entrypoints=web"
network_mode: "host" in jellyfin -- traefik should be in the same network as container (or try to use traefik.docker.network setting), so I would suggest just remove that line.
I am trying to setup Traefik with a test app on a non-standard port.
IIS is currently using port 80 on my machine so I am using port 9000 for my test app.
I keep getting back Bad Gateway.
The test application is an empty .net core application with a welcome page
From the Bad Gateway response I assume that Traefik is not routing the request correctly or that the container is not picking up the request.
I have tried numerous traefik labels and cannot still get the request to oute correctly.
I can access the Traefik dashboard on docker.localhost:8080
But if I access my app on webapp3.localhost:9000 I get a "Bad Request"
docker-compose.yml
version: '3.4'
services:
webapp3:
container_name: webapp3
image: ${DOCKER_REGISTRY-}webapp3
build:
context: .
dockerfile: WebApp3/Dockerfile
networks:
- web
labels:
- "traefik.backend=webapp3"
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:webapp3.localhost"
- "traefik.port=80"
traefik:
container_name: traefik
image: traefik
command: --api --docker --logLevel=DEBUG
restart: always
ports:
- "443:443"
- "9000:80"
- "8080:8080"
volumes:
- ./docker/traefik:/etc/traefik/
- /var/run/docker.sock:/var/run/docker.sock:ro
- /dev/null:/traefik.toml
networks:
- web
labels:
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:docker.localhost"
- "traefik.port=8080"
- "traefik.docker.network=web"
networks:
web:
external : true
docker-compose.override.yml
version: '3.4'
services:
webapp3:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80;http://+:9000
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
I am trying to understand Traefik but I am not sure I understan how it works due to my lack of knowledge. I am tying to create following scenario
Frontend --> Static. www.example.com example.com with LE
Backend --> api.example.com LE
Redis --> Local network only
Mongodb --> Local network only.
I read the documentation and I came up with following docker-compose.yml file but I don't know it is correct or not. I am not sure about how nginx will map to port 80 and how traefik will create LE certificates.
version: '3'
services:
redis:
restart: always
image: redis:alpine
networks:
- internal
mongo:
restart: always
image: mongodb
networks:
- internal
frontend:
image: nginx:1-alpine
command: [nginx-debug, '-g', 'daemon off; error_log /dev/stdout info;']
volumes:
- "./static_assets:/usr/share/nginx/html:ro"
- "./nginx_config/default.conf:/etc/nginx/conf.d/default.conf"
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=PathPrefixStrip: /assets"
- "traefik.port=80"
- "traefik.frontend.rule=Host:example.com,www.example.com"
api:
image: MYAPIIMAGE
ports:
- "3000:3000"
networks:
- web
- internal
labels:
- "traefik.backend=api"
- "traefik.docker.network=web"
- "traefik.enable=true"
- "traefik.port=3000"
- "traefik.frontend.rule=Host:api.example.com"
traefik:
image: traefik:1.4.5
restart: always
ports:
- 80:80
- 443:443
networks:
- web
volumes:
- "./acme.toml:/etc/traefik/conf/acme.toml:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./acme.json:/etc/traefik/conf/acme.json:rw"
container_name: traefik
networks:
web:
external:
name: web
internal:
external:
name: internal
Traefik will take a request and map it to a container's port based on your frontend rules. Unless otherwise specified in your Traefik config, traefik will always map its port 80 to you whatever port you specify in traefik.port. These are configured in the entrypoints.http configuration for Traefik.
Any time you specify a host, Traefik will attempt to get a Let's Encrypt cert for it as long as in the traefik config you have acme.OnHostRule set to true.