docker stack (swarm) not working but docker-compose ok - docker

I have my test service working in docker-compose but not in swarm :/
version: "3.3"
services:
traefik:
image: "traefik:v2.2"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`myurl.com`)"
- "traefik.http.routers.whoami.entrypoints=web"
Someone have an idea on my issue ?
It's like if there is an issue network only in swarm mode and note in docker-compose.

I was on old image of archlinux which is the most recent of a big french three letter networking company.
With a kernel up to date all seems to be good now.

Related

Issue with Collabora CODE, Nextcloud & Nginx using docker-compose

I am trying to get a docker-compose.yaml together to run Nextcloud and Collabora CODE via Nginx Proxy Manager.
So far I have Nginx and Nextcloud working really nicely with persistent volumes so that my configs survive kill & rm. My issue is that I cannot get my Collabora CODE instance to link to Nextcloud. There are multiple bits that I might have got wrong so I'll dump as much info as I can here.
I have the following subdomains all pointing at my server:
collabora.domain.tld nextcloud.domain.tld nginx.domain.tld
... and set up as proxy hosts:
As I mentioned, the Nginx and Nextcloud setups are great. When I point my browser at collabora.domain.tld I see the OK message. I can also access the admin page at collabora.domain.tld/loleaflet/dist/admin/admin.html
The NPM entry for collabora.domain.tld is below:
My docker-compose.yaml has gone through several iterations in an attempt to get this working, but my current attempt is below:
version: '3'
volumes:
nextcloud-data:
nextcloud-db:
npm-data:
npm-ssl:
npm-db:
networks:
frontend:
backend:
services:
code:
image: collabora/code:latest
restart: always
environment:
- password=${COLLABORA_PASSWORD:?Not defined!}
- username=${COLLABORA_USERNAME:?Not defined!}
- domain=${COLLABORA_DOMAIN:?Not defined!}
expose:
- "9980"
networks:
- frontend
- backend
nextcloud-app:
image: nextcloud:stable
restart: always
volumes:
- nextcloud-data:/var/www/html
environment:
- MYSQL_PASSWORD=${NC_MYSQL_PASSWORD:?Not defined!}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud-user
- MYSQL_HOST=nextcloud-db
networks:
- frontend
- backend
nextcloud-db:
image: mariadb
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
volumes:
- nextcloud-db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${NC_MYSQL_ROOT_PASSWORD:?Not defined!}
- MYSQL_PASSWORD=${NC_MYSQL_PASSWORD:?Not defined!}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud-user
networks:
- backend
npm-app:
image: jc21/nginx-proxy-manager:latest
restart: always
ports:
- "80:80"
- "81:81"
- "443:443"
environment:
- DB_MYSQL_HOST=npm-db
- DB_MYSQL_PORT=3306
- DB_MYSQL_USER=npm-user
- DB_MYSQL_PASSWORD=${NPM_MYSQL_PASSWORD:?Not defined!}
- DB_MYSQL_NAME=npm
volumes:
- npm-data:/data
- npm-ssl:/etc/letsencrypt
networks:
- frontend
- backend
npm-db:
image: jc21/mariadb-aria:latest
restart: always
environment:
- MYSQL_ROOT_PASSWORD=${NPM_MYSQL_ROOT_PASSWORD:?Not defined!}
- MYSQL_DATABASE=npm
- MYSQL_USER=npm-user
- MYSQL_PASSWORD=${NPM_MYSQL_PASSWORD:?Not defined!}
volumes:
- npm-db:/var/lib/mysql
networks:
- backend
$COLLABORA_DOMAIN is set to nextcloud.domain.tld.
Any ideas what I have done wrong, and how to get my Nextcloud connected to CODE?
What do your custom locations look like? See, e.g. https://www.collaboraoffice.com/code/nginx-reverse-proxy/
I have a very similar setup, except the collabora instance is not in docker compose, as that never worked for me.
Make sure you have specified your domain environmental variable correctly (dot escaping etc.)

traefik docker basic exemple return 404

I'm starting to use treafix but I facing a wall. I'm trying to start with the basic docker example provided here : https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/
version: "3.8"
services:
traefik:
image: "traefik:v2.3"
container_name: "traefik"
command:
- "--log.level=DEBUG"
- "--accessLog"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "traefik/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.http.routers.whoami.rule=Host('server.local')"
As I'm local, I've set up "server.local" in my hostfile to point to 127.0.0.1
However, when I run it with compose and try to access my server.local I only got a 404, not the whoami expected response. I don't see anything that jump to me as wrong within the logs but again, I'm starting in, the traefik area.
I'm using docker desktop on windows wityh WSL2 and running the compose inside an ubuntu WSL2 vm
I found my issue :
In the traefik rule, you should only use backtick (`) and not a single quote (') to define string litteral
so my :
- "traefik.http.routers.whoami.rule=Host('server.local')"
should be
- "traefik.http.routers.whoami.rule=Host(`server.local`)"
I wished the traefik documentation made this much more clear, especially in the default exemples ...

How to configure traefik authentication to work with webdav in docker compose?

I want to build a private webdav server behind traefik with authentication.
Here is the docker-compose.yml file:
version: '3.7'
services:
reverse-proxy:
image: traefik:v2.2
command: --api.insecure=true --providers.docker
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=${AUTHUSER}"
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
webdav:
image: mwader/webdav
labels:
- "traefik.http.routers.webdav.rule=Host(`localhost`)||Host(`mydomain`)"
volumes:
- /data:/webdav
After "# docker-compose up -d", webdav is working, but without any authentication, which should be digest auth. Now anyone knows the domain can access my files. That's not acceptable.
So is there any where I did wrong? How can I get it right?
Thanks!
It is not enough to define the middleware, you must use it with routers. Try to use this stack
version: '3.7'
services:
reverse-proxy:
image: traefik:v2.2
command: --api.insecure=true --providers.docker
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=${AUTHUSER}"
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
webdav:
image: mwader/webdav
labels:
- "traefik.http.routers.webdav.rule=Host(`localhost`)||Host(`mydomain`)"
- "traefik.http.routers.webdav.middlewares=test-auth"
volumes:
- /data:/webdav
More information, details, and examples can be found in this article

multiple docker compose files with traefik (v2.1) and database networks

I would like to build a docker landscape. I use a container with a traefik (v2. 1) image and a mysql container for multiple databases.
traefik/docker-compose.yml
version: "3.3"
services:
traefik:
image: "traefik:v2.1"
container_name: "traefik"
restart: always
command:
- "--log.level=DEBUG"
- "--api=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=proxy"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.traefik-dashboard.address=:8080"
- "--certificatesresolvers.devnik-resolver.acme.httpchallenge=true"
- "--certificatesresolvers.devnik-resolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.devnik-resolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.devnik-resolver.acme.email=####"
- "--certificatesresolvers.devnik-resolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "./data:/etc/traefik"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- "proxy"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`devnik.dev`)"
- "traefik.http.routers.traefik.entrypoints=traefik-dashboard"
- "traefik.http.routers.traefik.tls.certresolver=devnik-resolver"
#basic auth
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.usersfile=/etc/traefik/.htpasswd"
#Docker Networks
networks:
proxy:
database/docker-compose.yml
version: "3.3"
services:
#MySQL Service
mysql:
image: mysql:5.7
container_name: mysql
restart: always
ports:
- "3306:3306"
volumes:
#persist data
- ./mysqldata/:/var/lib/mysql/
- ./init:/docker-entrypoint-initdb.d
networks:
- "mysql"
environment:
MYSQL_ROOT_PASSWORD: ####
TZ: Europe/Berlin
#Docker Networks
networks:
mysql:
driver: bridge
For the structure I want to control all projects via multiple docker-compose files. These containers should run on the same network as the traefik container and some with the mysql container.
This also works for the following case (but only sometimes)
dev-releases/docker-compose.yml
version: "3.3"
services:
backend:
image: "registry.gitlab.com/devnik/dev-releases-backend/master:latest"
container_name: "dev-releases-backend"
restart: always
volumes:
#laravel logs
- "./logs/backend:/app/storage/logs"
#cron logs
- "./logs/backend/cron.log:/var/log/cron.log"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dev-releases-backend.rule=Host(`dev-releases.backend.devnik.dev`)"
- "traefik.http.routers.dev-releases-backend.entrypoints=websecure"
- "traefik.http.routers.dev-releases-backend.tls.certresolver=devnik-resolver"
networks:
- proxy
- mysql
environment:
TZ: Europe/Berlin
#Docker Networks
networks:
proxy:
external:
name: "traefik_proxy"
mysql:
external:
name: "database_mysql"
As soon as I restart the containers in dev-releases/ via docker-compose up -d I get the typical error "Gateway timeout" when calling them in the browser.
As soon as I comment the network networks: #- mysql and restart the docker-compose in dev-releases/ it works again.
My guess is that I have not configured the external networks correctly. Is it not possible to use 2 external networks?
I'd like some container have access to the 'mysql' network but it should not be accessible for the whole traefik network.
Let me know if you need more information
EDIT (26.03.2020)
I make it running.
I put all my containers into one network "proxy". It seems mysql also have to be in the proxy network.
So I add following to database/docker-compose.yml
networks:
proxy:
external:
name: "traefik_proxy"
And removed the database_mysql network out of dev-releases/docker-compose.yml
based on the names of the files, your mysql network should be mysql_mysql.
you can verify this by executing
$> docker network ls
You are also missing a couple of labels for your services such as
traefik command line
- '--providers.docker.watch=true'
- '--providers.docker.swarmMode=true'
labels
- traefik.docker.network=proxy
- traefik.http.services.dev-releases-backend.loadbalancer.server.port=yourport
- traefik.http.routers.dev-releases-backend.service=mailcatcher
You can check this for more info

Traefik configuration inside docker-compose with subdomains

I try to setup subdomains configuration using traefik but is doesn't work. This is my docker-compose config :
traefik:
image: "traefik:v2.0.0-rc3"
container_name: "traefik"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8282:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
#- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.frontend.port=80"
- "traefik.frontend.rule=Host:whoami.mydomain.com"
When I replace the host by mydomain.com/whoami it does works correctly. I also tried to add the subdomain to /etc/hosts file but nothing changes when I go to whoami.mydomain.com nothing appears.
Do you have suggestions ?
Thanks.
I'm not an expert with Docker or Traefik, but I have been doing some work in that regard. The only thing I see that looks a bit weird to be is that you may want to throw a common network option on both to ensure they are sharing, such as:
networks:
- web
The only other guess would be if you are missing the DNS entry for whoami.yourdomain.com
For the record,
If append the following content to my /etc/hosts:
127.0.0.1 whoami.mydomain.com
the following snippet works on my machine:
version: '3'
services:
traefik:
image: "traefik:v2.5"
container_name: "traefik"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8282:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
An yours with traefik:2.5 answers with a 404 not found on my machine.
Note: the port 8282 on my machine gives nothing (which is normal as nothing is listening in port 8080 in the container).

Resources