Develop Reference

Wordpress service is not showing in Traefik

I am trying to deploy Wordpress application on docker swarm stack, behind Traefik reverse proxy, I wanted to use Nginx for reverse proxying but as the the Wordpress is deployed with 2 replicas I am facing session time out issue, therefore I am trying the use Traefik instaed to configure sticky session later.
I have deployed the Traefik service successfully and can access the dashboard, but the Wordpress is not being proxied and it is not showing in the services list on the dashboard.
Traefik Dashboard Screenshot
Traefik Dashboard 2
Traefik Proxy yaml File:
version: '3.3'
services:
traefik:
image: traefik:v2.2
ports:
- 80:80
- 443:443
deploy:
placement:
constraints:
# Make the traefik service run only on the node with this label
# as the node with it has the volume for the certificates
- node.labels.traefik-public.traefik-public-certificates == true
labels:
- traefik.enable=true
- traefik.docker.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.traefik-public-http.rule=Host(`${DOMAIN?Variable not set}`)
- traefik.http.routers.traefik-public-http.entrypoints=http
- traefik.http.routers.traefik-public-http.middlewares=https-redirect
- traefik.http.routers.traefik-public-https.rule=Host(`${DOMAIN?Variable not set}`)
- traefik.http.routers.traefik-public-https.entrypoints=https
- traefik.http.routers.traefik-public-https.tls=true
- traefik.http.routers.traefik-public-https.service=api#internal
- traefik.http.routers.traefik-public-https.tls.certresolver=le
- traefik.http.routers.traefik-public-https.middlewares=admin-auth
- traefik.http.services.traefik-public.loadbalancer.server.port=8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-public-certificates:/certificates
command:
- --providers.docker
- --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
- --providers.docker.exposedbydefault=false
- --providers.docker.swarmmode
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --accesslog
- --log
- --api
networks:
- traefik-public
volumes:
traefik-public-certificates:
networks:
traefik-public:
external: true
Wordpress yaml File:
version: "3.4"
services:
db:
image: mariadb
secrets:
- db_user
- db_pass
environment:
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_pass
MYSQL_USER_FILE: /run/secrets/db_user
MYSQL_PASSWORD_FILE: /run/secrets/db_pass
MYSQL_DATABASE_NAME: wpdb
ports:
- 3306:3306
networks:
- backend
volumes:
- db-data:/var/lib/mysql
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 3
window: 60s
wp:
image: wordpress
secrets:
- db_user
- db_pass
depends_on:
- db
labels:
- traefik.enable=true
- traefik.constraint-label=traefik-public
- traefik.docker.network=traefik-public
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.wp.rule=Host(`example.com`)
- traefik.http.routers.wp.entrypoints=http
- traefik.http.routers.wp.middlewares=https-redirect
- traefik.http.routers.wp-secured.rule=Host(`example.com`)
- traefik.http.routers.wp-secured.entrypoints=https
- traefik.http.routers.wp-secured.tls=true
- traefik.http.routers.wp-secured.tls.certresolver=le
- traefik.http.services.wp.loadbalancer.server.port=8080
environment:
WORDPRESS_DB_HOST: 192.168.20.30:3306 # node IP
WORDPRESS_DB_USER_FILE: /run/secrets/db_user
WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_pass
WORDPRESS_DB_NAME: wpdb
networks:
- backend
- traefik-public
volumes:
- wp-data:/var/www/html
deploy:
replicas: 2
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 3
window: 60s
networks:
backend:
external: false
traefik-public:
external: true
volumes:
wp-data:
db-data:
secrets:
db_user:
file: ./db_user.txt
db_pass:
file: ./db_pass.txt
```

Facing issues upgrading my traefik setup to docker swarm

I have two docker-compose.*.yml files, one for the testing stage and one for production. The testing stage file is executed with docker compose and the production with docker swarm.
The docker compose setup works fine. In case of the production docker swarm setup I am getting a timeout 504 http status code when accessing the rabbitmq management endpoint.
Since the logs of both containers, traefik as well as rabbitmq do not display any error I do not know how to debug this.
Here are both files:
docker-compose.testing-stage.yml
(working example, executed with docker compose)
version: '3.7'
services:
traefik:
image: traefik:v2.2
hostname: traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/acme.json:/root/acme.json
- /root/credentials.txt:/root/credentials.txt
ports:
- 80:80
- 443:443
command:
- --api=true
- --log.level=WARN
- --providers.docker=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker.exposedByDefault=false
- --certificatesresolvers.secure.acme.httpchallenge=true
- --certificatesresolvers.secure.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.secure.acme.email=${MAIL_ADDRESS}
- --certificatesresolvers.secure.acme.storage=/root/acme.json
labels:
- traefik.enable=true
# dashboard
- traefik.http.routers.traefik.service=api#internal
- traefik.http.routers.traefik.rule=Host(`monitor.example.org`)
- traefik.http.routers.traefik.tls.certresolver=secure
- traefik.http.routers.traefik.middlewares=auth
- traefik.http.services.traefik.loadbalancer.server.port=8080
- traefik.http.middlewares.auth.basicauth.usersfile=/root/credentials.txt
# https redirect
- traefik.http.routers.detour.rule=hostregexp(`{host:[a-z-.]+}`)
- traefik.http.routers.detour.entrypoints=web
- traefik.http.routers.detour.middlewares=redirect-to-https
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.services.dummy-svc.loadbalancer.server.port=9999
rabbitmq:
image: registry.exampe.com/root/blicc/rabbitmq:test
hostname: rabbitmq
environment:
- RABBITMQ_ERLANG_COOKIE=${RABBITMQ_PASSWORD}
- RABBITMQ_DEFAULT_PASS=${RABBITMQ_PASSWORD}
- RABBITMQ_DEFAULT_USER=admin
ports:
- 15672:15672
labels:
- traefik.enable=true
- traefik.http.routers.rabbitmq.rule=Host(`messaging.example.org`)
- traefik.http.routers.rabbitmq.tls.certresolver=secure
- traefik.http.services.rabbitmq.loadbalancer.server.port=15672
docker-compose.prod.yml
(example which gives a timeout on messaging.prod-example.org, executed with docker swarm)
version: '3.7'
services:
traefik:
image: traefik:v2.2
hostname: traefik
ports:
- 80:80
- 443:443
command:
# entry points
- --api=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
# tls certificates
- --certificatesresolvers.secure.acme.httpchallenge=true
- --certificatesresolvers.secure.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.secure.acme.email=${MAIL_ADDRESS}
- --certificatesresolvers.secure.acme.storage=/root/acme.json
# metrics
- --metrics=true
- --metrics.prometheus=true
# docker
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --providers.docker.swarmMode=true
- --providers.docker.network=traefik-public
- --providers.docker.endpoint=unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/acme.json:/root/acme.json
- /root/credentials.txt:/root/credentials.txt
deploy:
replicas: 1
update_config:
parallelism: 1
order: start-first
failure_action: rollback
delay: 10s
rollback_config:
parallelism: 0
order: stop-first
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
# dashboard
- traefik.http.routers.traefik.service=api#internal
- traefik.http.routers.traefik.rule=Host(`monitor.prod-example.org`)
- traefik.http.routers.traefik.tls.certresolver=secure
- traefik.http.routers.traefik.middlewares=auth
- traefik.http.middlewares.auth.basicauth.usersfile=/root/credentials.txt
- traefik.http.services.traefik.loadbalancer.server.port=8080
# https redirect
- traefik.http.routers.detour.rule=hostregexp(`{host:[a-z-.]+}`)
- traefik.http.routers.detour.entrypoints=web
- traefik.http.routers.detour.middlewares=redirect-to-https
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.services.dummy-svc.loadbalancer.server.port=9999
rabbitmq:
image: registry.exampe.com/root/blicc/rabbitmq:latest
hostname: rabbitmq
environment:
- RABBITMQ_ERLANG_COOKIE=${RABBITMQ_PASSWORD}
- RABBITMQ_DEFAULT_PASS=${RABBITMQ_PASSWORD}
- RABBITMQ_DEFAULT_USER=admin
ports:
- 15672:15672
deploy:
replicas: 1
update_config:
parallelism: 1
order: start-first
failure_action: rollback
delay: 10s
rollback_config:
parallelism: 0
order: stop-first
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.routers.rabbitmq.rule=Host(`messaging.prod-example.org`)
- traefik.http.routers.rabbitmq.tls.certresolver=secure
- traefik.http.services.rabbitmq.loadbalancer.server.port=15672
Both server run the ubuntu 18.04 with the same firewall and the same ports exposed. I am guessing that I do some mistakes on the docker swarm setup for traefik, but I can not figure out what. The only thing I basically changed was putting the labels under deploy.
The rabbitmq container has the ui exposed on port 15672 which I am mapping with the load balancer to port 443 on messaging.prod-example.org. Nevertheless this endpoint gives me an timeout.
Does anyone sees the misconfiguration I am doing here?

Maybe you forget to set a "entrypoints" in rabbitmq labels, like below:
traefik.http.routers.rabbitmq.entrypoints=XXX

How to mae Traefik as reverse-proxy with docker-compose?

I have docker-compose build with symfony on apache and angular on nginx. It is possible that more docker-compositions can be run, so now I want to make my own DNS using traefik - I want to set hostname of each app, make docker-compose up and resolve apps with hostname when they are ready.
Traefik docker-compose:
version: '3.1'
networks:
proxy:
external: true
internal:
external: false
services:
traefik:
image: traefik:v2.1
command: --api.insecure=true --providers.docker
labels:
- traefik.frontend.rule=Host:monitor.docker.localhost
- traefik.port=8080
networks:
- proxy
ports:
- 80:80
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
Apps docker-compose:
# Run docker-compose build
# Run docker-compose up
# Live long and prosper
version: '3.1'
networks:
proxy:
external: true
internal:
external: false
services:
apache:
build: .docker/apache
container_name: sf4_apache
volumes:
- .docker/config/vhosts:/etc/apache2/sites-enabled
- ./backend:/home/wwwroot/sf4
depends_on:
- php
labels:
- traefik.http.routers.sf4_apache.rule=Host(`symfony.docker.localhost`)
- traefik.http.services.apache.loadbalancer.server.port=80
networks:
- internal
- proxy
php:
build: .docker/php
container_name: sf4_php
volumes:
- ./backend:/home/wwwroot/sf4
- ./executor:/home/wwwroot/pipe
networks:
- internal
labels:
- traefik.enable=false
nginx:
container_name: angular_nginx
build: .docker/nginx
volumes:
- ./frontend/dist/frontend:/usr/share/nginx/html
ports:
- "81:80"
- "443:443"
labels:
- traefik.http.routers.angular_nginx.rule=Host(`angular.docker.localhost`)
networks:
- internal
- proxy
node:
build: .docker/node
container_name: angular_node
ports:
- 4200:4200
volumes:
- ./frontend:/home/node/app/frontend
tty: true
command:
- /bin/sh
- -c
- |
cd /home/node/app/frontend && npm start
expose:
- "4200"
networks:
- internal
labels:
- traefik.enable=false
Can't make it work: sometimes I get Bad Gateway at domains (symfony.docker.localhost), sometimes it crushed because both servers using one port, so please help me to run this correctly

First, docker frontend and backend are deprecated in version 2.1 check this link
here is an example of doing the same in traefik 2.1
version: '3.7'
networks:
traefik:
external: true
volumes:
db_data:
services:
proxy:
image: traefik:v2.1
command:
- '--providers.docker=true'
- '--entryPoints.web.address=:80'
- '--providers.providersThrottleDuration=2s'
- '--providers.docker.watch=true'
- '--providers.docker.swarmMode=true'
- '--providers.docker.swarmModeRefreshSeconds=15s'
- '--providers.docker.exposedbydefault=false'
- '--providers.docker.defaultRule=Host("local.me")'
- '--accessLog.bufferingSize=0'
- '--api=true'
- '--api.dashboard=true'
- '--api.insecure=true'
- '--ping.entryPoint=web'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
ports:
- '80:80'
- '8080:8080'
deploy:
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
update_config:
delay: 10s
order: start-first
parallelism: 1
rollback_config:
parallelism: 0
order: stop-first
logging:
driver: json-file
options:
'max-size': '10m'
'max-file': '5'
networks:
- traefik
mysql:
image: mysql:5.7
command: mysqld --general-log=1 --general-log-file=/var/log/mysql/general-log.log
deploy:
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
update_config:
delay: 10s
order: start-first
parallelism: 1
rollback_config:
parallelism: 0
order: stop-first
logging:
driver: json-file
options:
'max-size': '10m'
'max-file': '5'
networks:
- traefik
volumes:
- db_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: dummy
MYSQL_DATABASE: rails_blog_production
rails_blog_web:
image: wshihadeh/rails_blog:demo-v1
command: 'web'
deploy:
labels:
- traefik.enable=true
- traefik.http.services.blog.loadbalancer.server.port=8080
- traefik.http.routers.blog.rule=Host(`blog.local.me`)
- traefik.http.routers.blog.service=blog
- traefik.http.routers.blog.entrypoints=web
- traefik.docker.network=traefik
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
update_config:
delay: 10s
order: start-first
parallelism: 1
rollback_config:
parallelism: 0
order: stop-first
logging:
driver: json-file
options:
'max-size': '10m'
'max-file': '5'
networks:
- traefik
depends_on:
- mysql
environment:
DATABASE_URL: mysql2://root:dummy#mysql/rails_blog_production
RAILS_SERVE_STATIC_FILES: 'true'
for more information, you can check this blog post

Portainer in Docker swarm stack with Traefik refuses to connect

I am trying to include Portainer in a docker-compose swarm, consisting of WordPress + MySQL and Traefik (reverse proxy). I am using the following definition:
version: '3'
services:
traefik:
image: "traefik:v2.0.0-rc3"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.swarmmode=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik
deploy:
mode: global
placement:
constraints: [node.role==manager]
portainer:
image: portainer/portainer:latest
command: -H unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./portainer:/data
networks:
- traefik
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role==manager]
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=web"
db:
image: mysql:5.7
volumes:
- ./db/initdb.d:/docker-entrypoint-initdb.d
networks:
- traefik
environment:
MYSQL_ROOT_PASSWORD: <root_password>
MYSQL_DATABASE: <db_name>
MYSQL_USER: <db_user>
MYSQL_PASSWORD: <user_password>
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
app:
image: my-repo/wordpress:latest
networks:
- traefik
deploy:
replicas: 2
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
labels:
- "traefik.enable=true"
- "traefik.http.routers.app.rule=Host(`example.org`)"
- "traefik.http.routers.app.entrypoints=web"
- "traefik.http.services.app.loadbalancer.server.port=80"
networks:
traefik:
Everything works except portainer. When I visit localhost:9000 I just get a refused connection. The following non-swarm-mode docker-compose works, however:
version: '3'
services:
traefik:
image: "traefik:v2.0.0-rc3"
container_name: "traefik"
restart: always
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik
portainer:
image: portainer/portainer
command: -H unix:///var/run/docker.sock
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./portainer:/data
ports:
- "9000:9000"
- "8000:8000"
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=web"
db:
image: mysql:5.7
restart: always
volumes:
- ./db/initdb.d:/docker-entrypoint-initdb.d
networks:
- traefik
environment:
MYSQL_ROOT_PASSWORD: <root_password>
MYSQL_DATABASE: <db_name>
MYSQL_USER: <db_user>
MYSQL_PASSWORD: <user_password>
app:
image: my-repo/wordpress:latest
restart: always
depends_on:
- db
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.app.rule=Host(`example.org`)"
- "traefik.http.routers.app.entrypoints=web"
networks:
traefik:
What am I doing wrong? The logs in each case are the same. In non-swarm-mode I can log in to the Portainer UI and see all my containers running, etc. But the swarm version simply refuses to connect, even when I pass Host rule (portainer.example.org). I have only been using Traefik for a few days, and am very likely to be making a simple configuration error (hopefully!).

Port Detection
Docker Swarm does not provide any port detection information to Traefik.
Therefore you must specify the port to use for communication by using the label traefik.http.services.<service_name>.loadbalancer.server.port (Check the reference for this label in the routing section for Docker).

traefik entire wildcard certificate chain configuration

We have a Docker Swarm Cluster with Consul + Traefik as a proxy for our microservices. Traefik v1.6.1 was installed and now we have to configure de wildcard certificate I have the own wild card certificate. This certificate is a wildcard certificate (*.mydomain.com) to support our micro services availables in subdomains as "microservice2.mydomain.com".
Cureently my configuration works with ACme certificates very well. SInce I have my own certificates now,
currently I do not find documentation of how to store the certificate in secrets or consul and how to make it work with command line arguements and docker labels as below?
How can I add certificates in the below configuration to make it work
version: "3.2"
services:
traefik_init:
image: traefik:1.6
command:
- "storeconfig"
- "--api"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--defaultentrypoints=http,https"
- "--acme"
- "--acme.storage=traefik/acme/account"
- "--acme.entryPoint=https"
- "--acme.httpChallenge.entryPoint=http"
- "--acme.onHostRule=true"
- "--acme.onDemand=false"
- "--acme.email=foobar#example.com"
- "--docker"
- "--docker.swarmMode"
- "--docker.domain=mydomain.com"
- "--docker.watch"
- "--consul"
- "--consul.endpoint=consul:8500"
- "--consul.prefix=traefik"
- "--debug"
networks:
- internal
deploy:
restart_policy:
condition: on-failure
depends_on:
- consul
traefik:
image: traefik:1.6
depends_on:
- traefik_init
- consul
command:
- "--consul"
- "--consul.endpoint=consul:8500"
- "--consul.prefix=traefik"
- "--logLevel=DEBUG"
- "--api"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--defaultentrypoints=http,https"
- "--acme"
- "--acme.storage=traefik/acme/account"
- "--acme.entryPoint=https"
- "--acme.httpChallenge.entryPoint=http"
- "--acme.onHostRule=true"
- "--acme.onDemand=false"
- "--acme.email=foobar#example.com"
- "--docker"
- "--docker.swarmMode"
- "--docker.domain=mydomain.com"
- "--docker.watch"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- internal
- traefik_proxy
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8080
published: 8080
mode: host
deploy:
mode: global
placement:
constraints:
- node.role == manager
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
labels:
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:traefik.mydomain.com"
- "traefik.port=8080"
- "traefik.docker.network=traefik_proxy"
consul:
image: consul:latest
command: "agent -server -bootstrap-expect=1 -ui -client 0.0.0.0 -bind '{{ GetInterfaceIP \"eth0\" }}'"
volumes:
- consul-data:/consul/data
environment:
- CONSUL_LOCAL_CONFIG={"datacenter":"us_east2","server":true}
- CONSUL_BIND_INTERFACE=eth0
- CONSUL_CLIENT_INTERFACE=eth0
ports:
- 8500:8500
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
networks:
- internal
networks:
traefik_proxy:
external: true
internal:
driver: overlay
volumes:
consul-data:
driver: local