I'm facing a problem on my production server with a container that contains the latest version of the image but when I'm executing it, the content is not the last one.
To update docker images, I execute a little script with theses commands
docker-compose pull
docker-compose up -d --remove-orphans
docker-compose prune -fa
Of course, the image used in the docker service is with the latest tag
image: registry.gitlab.com/xxxxx/api:latest
Here is two screenshots with the container and the image content to see the differences
Here is my docker-compose.yml
version: '3.3'
services:
traefik:
image: "traefik:v2.4"
container_name: "traefik"
command:
- "--api"
- "--providers.docker"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.address=:80"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=com#xxxxx.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--pilot.token=xxxxx"
ports:
- 80:80
- 443:443
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
# dashboard
- "traefik.http.routers.monitor.service=api#internal"
- "traefik.http.routers.monitor.rule=Host(`monitor.xxxxx.com`)"
- "traefik.http.routers.monitor.entrypoints=websecure"
- "traefik.http.routers.monitor.tls.certresolver=myresolver"
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
api:
image: registry.gitlab.com/xxxxx/api:latest
ports:
- 4200:8080
volumes:
- api-data:/app
depends_on:
- db
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`api.xxxxx.com`)"
- "traefik.http.routers.api.entrypoints=websecure"
- "traefik.http.routers.api.tls.certresolver=myresolver"
front:
image: registry.gitlab.com/xxxxx/front:latest
ports:
- 3000:3000
labels:
- "traefik.enable=true"
- "traefik.http.routers.front.rule=Host(`dev.xxxxx.com`)"
- "traefik.http.routers.front.entrypoints=websecure"
- "traefik.http.routers.front.tls.certresolver=myresolver"
panel:
image: registry.gitlab.com/xxxxx/panel:latest
ports:
- 3001:3000
depends_on:
- api
labels:
- "traefik.enable=true"
- "traefik.http.routers.panel.rule=Host(`admin.xxxxx.com`)"
- "traefik.http.routers.panel.entrypoints=websecure"
- "traefik.http.routers.panel.tls.certresolver=myresolver"
coming-soon:
image: registry.gitlab.com/xxxxx/coming-soon:latest
ports:
- 3002:3000
labels:
- "traefik.enable=true"
- "traefik.http.routers.coming-soon.rule=Host(`xxxxx.com`) || Host(`www.xxxxx.com`)"
- "traefik.http.routers.coming-soon.entrypoints=websecure"
- "traefik.http.routers.coming-soon.tls.certresolver=myresolver"
db:
image: postgres
ports:
- 5432:5432
volumes:
- db-data:/var/lib/postgresql/data/
env_file:
- .env
restart: always
adminer:
image: dpage/pgadmin4
ports:
- 5000:80
volumes:
- adminer-data:/root/.pgadmin
env_file:
- .env
depends_on:
- db
labels:
- "traefik.enable=true"
- "traefik.http.routers.adminer.rule=Host(`adminer.xxxxx.com`)"
- "traefik.http.routers.adminer.entrypoints=websecure"
- "traefik.http.routers.adminer.tls.certresolver=myresolver"
gitlab-runner:
image: gitlab/gitlab-runner:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
deploy:
mode: replicated
replicas: 2
update_config:
parallelism: 4
delay: 30s
volumes:
db-data:
api-data:
adminer-data:
Related
im trying to run adguard with docker compose. I created a lot more containers with docker compose but this one is not creating any files into the mapped folder.
I tried to rebuild the docker command of the official instruction but any time i recreate the container i end up at the setup page and all settings are deleted.
Any ideas?
This is my compose file:
version: "3"
volumes:
homematic_data:
external: true
networks:
homematic:
services:
samba:
image: dperson/samba
container_name: samba
restart: always
ports:
- "137:137/udp"
- "138:138/udp"
- "139:139/tcp"
- "445:445/tcp"
healthcheck:
disable: true
environment:
- TZ='Europe/Berlin'
- WORKGROUP=workgroup
- RECYCLE=false
- USER1=pi;PASSWORD;1000
- SHARE1=homematic_docker;/shares/homematic_docker;yes;no;yes;pi;pi
volumes:
- /home/pi:/shares/homematic_docker
networks:
- homematic
promtail:
image: grafana/promtail:latest
container_name: promtail
volumes:
- /var/log:/var/log
- ./promtail:/etc/promtail
restart: unless-stopped
command: -config.file=/etc/promtail/promtail-config.yml
networks:
- homematic
node-exporter:
image: quay.io/prometheus/node-exporter:latest
container_name: node_exporter
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
- /:/host:ro,rslave
command:
- '--path.rootfs=/host'
- '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys'
- --collector.filesystem.ignored-mount-points
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
ports:
- 9100:9100
networks:
- homematic
restart: always
###################### portainer
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
restart: unless-stopped
security_opt:
- no-new-privileges:true
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./portainer:/data
ports:
- 9000:9000
adguard:
image: adguard/adguardhome
container_name: adguard
restart: unless-stopped
ports:
- 53:53/tcp
- 53:53/udp
- 67:67/udp
- 69:68/udp
- 80:80/tcp
- 443:443/tcp
- 443:443/udp
- 3000:3000/tcp
- 853:853/tcp
- 784:784/udp
- 853:853/udp
- 8853:8853/udp
- 5443:5443/tcp
- 5443:5443/udp
# environment:
# - TZ=Europe/Berlin
volumes:
- /home/pi/homematicDocker/adguard/work:/opt/adguardhome/work\
- /home/pi/homematicDocker/adguard/conf:/opt/adguardhome/conf\
# network_mode: host
raspberrymatic:
image: ghcr.io/jens-maus/raspberrymatic:3.67.10.20230117-27abde9
container_name: homematic
hostname: homematic-raspi
privileged: true
restart: unless-stopped
stop_grace_period: 30s
volumes:
- homematic_data:/usr/local:rw
- /lib/modules:/lib/modules:ro
- /run/udev/control:/run/udev/control
ports:
- "8080:80"
- "2001:2001"
- "2010:2010"
- "9292:9292"
- "8181:8181"
networks:
- homematic
Within the folder "/opt/adguardhome/work" I see a folder data with a database inside. After i finished the setup also the folder conf inside the container has a yaml file.
Unfortunately i copied the backslashes of the docker command into the volume mapping, thats was the problem why i didnt get any data. Thank you Mike!
I am trying to deploy Wordpress application on docker swarm stack, behind Traefik reverse proxy, I wanted to use Nginx for reverse proxying but as the the Wordpress is deployed with 2 replicas I am facing session time out issue, therefore I am trying the use Traefik instaed to configure sticky session later.
I have deployed the Traefik service successfully and can access the dashboard, but the Wordpress is not being proxied and it is not showing in the services list on the dashboard.
Traefik Dashboard Screenshot
Traefik Dashboard 2
Traefik Proxy yaml File:
version: '3.3'
services:
traefik:
image: traefik:v2.2
ports:
- 80:80
- 443:443
deploy:
placement:
constraints:
# Make the traefik service run only on the node with this label
# as the node with it has the volume for the certificates
- node.labels.traefik-public.traefik-public-certificates == true
labels:
- traefik.enable=true
- traefik.docker.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.traefik-public-http.rule=Host(`${DOMAIN?Variable not set}`)
- traefik.http.routers.traefik-public-http.entrypoints=http
- traefik.http.routers.traefik-public-http.middlewares=https-redirect
- traefik.http.routers.traefik-public-https.rule=Host(`${DOMAIN?Variable not set}`)
- traefik.http.routers.traefik-public-https.entrypoints=https
- traefik.http.routers.traefik-public-https.tls=true
- traefik.http.routers.traefik-public-https.service=api#internal
- traefik.http.routers.traefik-public-https.tls.certresolver=le
- traefik.http.routers.traefik-public-https.middlewares=admin-auth
- traefik.http.services.traefik-public.loadbalancer.server.port=8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-public-certificates:/certificates
command:
- --providers.docker
- --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
- --providers.docker.exposedbydefault=false
- --providers.docker.swarmmode
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --accesslog
- --log
- --api
networks:
- traefik-public
volumes:
traefik-public-certificates:
networks:
traefik-public:
external: true
Wordpress yaml File:
version: "3.4"
services:
db:
image: mariadb
secrets:
- db_user
- db_pass
environment:
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_pass
MYSQL_USER_FILE: /run/secrets/db_user
MYSQL_PASSWORD_FILE: /run/secrets/db_pass
MYSQL_DATABASE_NAME: wpdb
ports:
- 3306:3306
networks:
- backend
volumes:
- db-data:/var/lib/mysql
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 3
window: 60s
wp:
image: wordpress
secrets:
- db_user
- db_pass
depends_on:
- db
labels:
- traefik.enable=true
- traefik.constraint-label=traefik-public
- traefik.docker.network=traefik-public
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.wp.rule=Host(`example.com`)
- traefik.http.routers.wp.entrypoints=http
- traefik.http.routers.wp.middlewares=https-redirect
- traefik.http.routers.wp-secured.rule=Host(`example.com`)
- traefik.http.routers.wp-secured.entrypoints=https
- traefik.http.routers.wp-secured.tls=true
- traefik.http.routers.wp-secured.tls.certresolver=le
- traefik.http.services.wp.loadbalancer.server.port=8080
environment:
WORDPRESS_DB_HOST: 192.168.20.30:3306 # node IP
WORDPRESS_DB_USER_FILE: /run/secrets/db_user
WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_pass
WORDPRESS_DB_NAME: wpdb
networks:
- backend
- traefik-public
volumes:
- wp-data:/var/www/html
deploy:
replicas: 2
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 3
window: 60s
networks:
backend:
external: false
traefik-public:
external: true
volumes:
wp-data:
db-data:
secrets:
db_user:
file: ./db_user.txt
db_pass:
file: ./db_pass.txt
```
I have a working docker-compose.yaml configuration that allow me to easily expose my services on my public domain (mydomain.com). But now, I want to also expose some of my services on a local domain (myservice.lan) so need of https.
Here is my docker-compose.yaml:
version: '3.4'
services:
traefik:
image: traefik:2.5
container_name: traefik
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- ${CONFIG}/traefik/acme.json:/acme.json
- ${CONFIG}/traefik/rules.toml:/etc/traefik/rules.toml
command:
- --api.insecure=true
- --api.debug=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --providers.docker.watch=true
- --entrypoints.insecure.address=:80
- --entrypoints.secure.address=:443
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=insecure
- --certificatesresolvers.letsencrypt.acme.email=my_mail
- --certificatesresolvers.letsencrypt.acme.storage=acme.json
- --certificatesresolvers.letsencrypt.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
- --certificatesresolvers.letsencrypt.acme.keyType=EC256
- --providers.file=true
- --providers.file.filename=/etc/traefik/rules.toml
- --providers.file.watch=true
labels:
- traefik.http.middlewares.wss.headers.customrequestheaders.X-Forwarded-Proto=https
grafana:
image: grafana/grafana:latest
container_name: grafana
user: ${PUID}:${PGID}
restart: unless-stopped
volumes:
- ${DATA}/grafana:/var/lib/grafana
environment:
- GF_USERS_ALLOW_SIGN_UP=false
- GF_SERVER_DOMAIN=grafana.${DOMAIN}
- GF_SERVER_ROOT_URL=https://grafana.${DOMAIN}/
- GF_SERVER_SERVE_FROM_SUB_PATH=true
labels:
- traefik.enable=true
- traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN}`)
- traefik.http.routers.grafana.entrypoints=insecure
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.grafana-http.middlewares=https-redirect#docker
- traefik.http.routers.grafana-https.entrypoints=secure
- traefik.http.routers.grafana-https.rule=Host(`grafana.${DOMAIN}`)
- traefik.http.routers.grafana-https.tls=true
- traefik.http.routers.grafana-https.tls.certresolver=letsencrypt
esphome: #6052
image: esphome/esphome
container_name: esphome
restart: unless-stopped
privileged: true
volumes:
- ${CONFIG}/esphome:/config
- /etc/localtime:/etc/localtime:ro
labels:
- traefik.enable=true
- traefik.http.routers.esphome.rule=Host(`esphome.${DOMAIN_LOCAL}`)
- traefik.http.routers.esphome.entrypoints=insecure
- traefik.http.services.esphome.loadbalancer.server.port=6052
Grafana service is well exposed on my ${DOMAIN}(grafana.mydomain.com) but esphome (esphome.lan) doesn't work.
Does my configuration is bad ?
How can I use Sticky sessions in Traefik v2.3?
When I enable the below line in my docker compose file, my docker services (e.g. http://192.168.0.1:9086) don't work.
- "traefik.http.services.mynginximage2.loadBalancer.sticky.cookie=true"
Do you have any idea why a sticky session doesn't work?
And is it possible to make a session affinity by the labels of a service?
The following is my docker compose file:
version: "3.8"
services:
traefik:
image: traefik:v2.3
deploy:
mode: global
networks:
- traefik-net
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.mynginximage2_ep.address=:8086"
ports:
- 80:80
- 9086:8086
- 8080:8080
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "traefik/whoami"
deploy:
replicas: 2
networks:
- traefik-net
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.http.routers.whoami.rule=Host(`192.168.0.1`) || Host(`192.168.0.2`)"
#- "traefik.http.services.whoami.loadBalancer.sticky.cookie=true"
- "traefik.http.services.whoami-service.loadbalancer.server.port=80"
mynginximage2:
image: mynginximage2
deploy:
replicas: 2
networks:
- traefik-net
#ports:
# - 9080:8086
labels:
- "traefik.enable=true"
- "traefik.http.routers.mynginximage2.entrypoints=mynginximage2_ep"
- "traefik.http.routers.mynginximage2.rule=Host(`192.168.0.1`) || Host(`192.168.0.2`)"
#- "traefik.http.services.mynginximage2.loadBalancer.sticky.cookie=true"
- "traefik.http.services.mynginximage2-service.loadbalancer.server.port=8086"
networks:
traefik-net:
external: true
name: traefik-net
I found the issue why my Traefik routers don't work when I enable a sticky session feature.
The solution is that each service has a different cookie name. So, I added cookie names. For example:
version: "3.8"
services:
#...
whoami:
#...
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.http.routers.whoami.rule=Host(`192.168.0.1`) || Host(`192.168.0.2`)"
- "traefik.http.services.whoami-service.loadBalancer.sticky.cookie=true"
- "traefik.http.services.whoami-service.loadBalancer.sticky.cookie.name=whoami_cookie_name"
- "traefik.http.services.whoami-service.loadbalancer.server.port=80"
mynginximage2:
#...
labels:
- "traefik.enable=true"
- "traefik.http.routers.mynginximage2.entrypoints=mynginximage2_ep"
- "traefik.http.routers.mynginximage2.rule=Host(`192.168.0.1`) || Host(`192.168.0.2`)"
- "traefik.http.services.mynginximage2-service.loadBalancer.sticky.cookie=true"
- "traefik.http.services.mynginximage2-service.loadBalancer.sticky.cookie.name=mynginximage2_cookie_name"
- "traefik.http.services.mynginximage2-service.loadbalancer.server.port=8086"
#...
I am trying to configure traefik to connect between my 3 docker containers.
I tried with this configuration but I got net::ERR_NAME_NOT_RESOLVED on my browser console.
searchservice:
hostname: searchservice
image: searchservice:0.0.3-SNAPSHOT
container_name: searchservice
networks:
- es-network
#ipv4_address: 172.21.0.12
ports:
- 8070:8080
restart: always
depends_on:
- elasticsearch
- reverseproxy
labels:
- "traefik.frontend.rule=PathPrefix:/searchservice,Host:localhost"
- "traefik.port: 8070"
- "traefik.enable=true"
subscriber-service:
hostname: subscriber-service
image: subscriberservice:0.0.4-SNAPSHOT
container_name: subscriber-service
networks:
- es-network
#ipv4_address: 172.21.0.13
ports:
- 8090:8090
restart: always
depends_on:
- mongo1
- mongo2
- reverseproxy
labels:
- "traefik.frontend.rule=PathPrefix:/api,Host:localhost"
- "traefik.port: 8090"
- "traefik.enable=true"
searchappfront:
hostname: searchappfront
image: frontservice:latest
container_name: searchappfront
networks:
- es-network
ports:
- 80:80
restart: always
depends_on:
- subscriber-service
- searchservice
- reverseproxy
labels:
- "traefik.frontend.rule=PathPrefix:/"
- "traefik.enable=true"
- "traefik.port=80"
# - "traefik.frontend.rule=Host:localhost"
reverseproxy:
image: traefik:v2.1
command:
- '--providers.docker=true'
- '--entryPoints.web.address=:80'
- '--providers.providersThrottleDuration=2s'
- '--providers.docker.watch=true'
- '--providers.docker.defaultRule=Host("local.me")'
- '--accessLog.bufferingSize=0'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
#ports:
# - '80:80'
# - '8080:8080'
The searchappfront is an angular application where the http endPoints have this pattern
http://subscriber-service:8090/
http://searchservice:8070/
if I use localhost instead of hostnames, requests work fine but I need to deploy these containers in a cloud instance.
You are using traefik 2, but your annotation is for traefik 1. This is not going to work.