Develop Reference

'Internal Server Error' when deploying Application with Traefik and LetsEncrypt

I'm new to SSL certificates with Traefik and have been having real trouble getting a successful deployment.
I have a server and domain that I have deployed my application on using Traefik and Http without issue. I would now like to deploy the same application, running on port 9000, to be deployed in Https using LetsEncrypt following the Traefik docs . I can verify that the certificate has been properly created using an SSL checker, however, when I try to visit the site I get Internal Server Error. There are no errors reported in either of the docker logs and I cannot figure out what to try next.
docker-compose.yml
version: '2'
services:
traefik:
image: traefik:v1.7
restart: always
ports:
- 80:80
- 443:443
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/traefik/traefik.toml:/traefik.toml
- /opt/traefik/acme.json:/acme.json
container_name: traefik
app:
image: myapp_image
container_name: app
restart: always
networks:
- web
ports:
- "9000:9000"
labels:
- "traefik.docker.network=web"
- "traefik.enable=true"
- "traefik.basic.frontend.rule=Host:myapp.com"
- "traefik.basic.port=9000"
- "traefik.basic.protocol=http"
- "traefik.admin.frontend.rule=Host:myapp.com"
- "traefik.admin.protocol=https"
- "traefik.admin.port=9000"
networks:
web:
external: true
traefik.toml
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "myapp.com"
watch = true
exposedByDefault = false
[acme]
email = "myemail#email.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"

Finally was able to find a workable solution for this. I may have just been using old information but the best reference to host an application with Traefik on Https using LetsEncrypt was found here.
The working Yaml example is below. Using this example will also eliminate the need for a Toml file!
version: "3.3"
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=postmaster#example.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"

Two docker containers with Traefik on one host

I'm trying to set up a server on my raspberry pi to run Nextcloud and Firefly III with traefik as a reverse proxy. I'm using docker-compose and Portainer is working fine with https (included in the code for testing), but I cannot get Nextcloud or Firefly to run at all. When I use the official documentation for Firefly I can get it to run and when I use NextcloudPi in itself I can also get that to run, but I cannot get both of them to work at the same time. FF is giving a 403 Forbidden "You don't have permission to access / on this server." error while Nextcloud is giving a "Bad Gateway" error. I'd be grateful for any help I can get regarding this as I've already read through as many sites as possible and I don't what else to do.
This is my docker-compose.yml:
version: "3.2"
services:
# Reverse Proxy and Let's Encrypt
traefik:
container_name: traefik
image: traefik:alpine
restart: always
networks:
- srv
- firefly_iii_net
- proxy-tier
ports:
- 80:80
- 443:443
volumes:
- /opt/traefik/traefik.toml:/traefik.toml
- /var/run/docker.sock:/var/run/docker.sock
- /opt/traefik/acme.json:/acme.json
# Portainer
portainer:
container_name: portainer
image: portainer/portainer
restart: always
networks:
- srv
ports:
- "9000:9000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/portainer:/data
labels:
- traefik.enable=true
- "traefik.frontend.rule=Host:port.skdjfgsl.club"
db:
image: postgres:alpine
restart: always
volumes:
- db:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
app:
image: nextcloud:fpm-alpine
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- POSTGRES_HOST=db
- POSTGRES_PASSWORD=
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
depends_on:
- db
networks:
- proxy-tier
expose:
- 80
- 443
labels:
- traefik.enable=true
- "traefik.frontend.rule=Host:nc.skdjfgsl.club"
firefly_iii_app:
environment:
- FF_DB_HOST=firefly_iii_db
- FF_DB_NAME=firefly
- FF_DB_USER=firefly
- FF_DB_PASSWORD=firefly
- FF_APP_KEY=S0m3R#nd0mStr1ngOf32Ch#rsEx#ctly
- FF_APP_ENV=local
- FF_DB_CONNECTION=pgsql
- TZ=Europe/Amsterdam
- APP_LOG_LEVEL=debug
- TRUSTED_PROXIES=**
image: jc5x/firefly-iii
links:
- firefly_iii_db
networks:
- firefly_iii_net
volumes:
-
source: firefly_iii_export
target: /var/www/firefly-iii/storage/export
type: volume
-
source: firefly_iii_upload
target: /var/www/firefly-iii/storage/upload
type: volume
expose:
- 80
- 443
labels:
- traefik.enable=true
- "traefik.frontend.rule=Host:ff.skdjfgsl.club"
- traefik.port=443
firefly_iii_db:
environment:
- POSTGRES_PASSWORD=firefly
- POSTGRES_USER=firefly
image: "postgres:10"
networks:
- firefly_iii_net
volumes:
- "firefly_iii_db:/var/lib/postgresql/data"
networks:
srv:
firefly_iii_net:
driver: bridge
proxy-tier:
volumes:
db:
nextcloud:
firefly_iii_db: ~
firefly_iii_export: ~
firefly_iii_upload: ~
This is my traefik.toml:
defaultEntryPoints = ["http", "https"]
logLevel = "DEBUG"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "mydomain.com"
exposedByDefault = false
watch = true
[acme]
email = "email#mydomain.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"

To go to port 443 (https) you need to adjust the protocol used by traefik to talk to the container with the following label:
- traefik.protocol=https
Bad gateway can mean traefik is trying to connect to the wrong port, wrong IP, or traefik and the container are not deployed to a common network. You can fix the first two by specifying a port and network name:
- traefik.port=80
- traefik.docker.network=project_proxy-tier
Where project is the name of your compose project (use docker network ls to see the external name of your networks).

Jira & Docker & Traefik Setup

I'm first time Traefik user and I successfully configured this docker compose setup for Jira with Traefik and Let's Encrypt Cert.
My problem is that Jira must be able to connect to his self. Their are some Jira Services like Gadgets that loads it's data via JavaScript from via his own address over http. This typ of service does not work for me. Their is a support documents that describes this problems and also shows solutions for this. But I don't know how to setup this up correctly with Traefik/Docker. https://confluence.atlassian.com/jirakb/how-to-fix-gadget-titles-showing-as-__msg_gadget-813697086.html
Your help would be great. Thanks a lot!
version: '3'
services:
reverse-proxy:
image: traefik # The official Traefik docker image
command: --docker # Enables the web UI and tells Traefik to listen to docker --api
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
- "8081:8080" # The Web UI (enabled by --api)
hostname: traefik
restart: unless-stopped
domainname: ${DOMAINNAME}
networks:
- frontend
- backend
labels:
- "traefik.enable=false"
- "traefik.frontend.rule=Host:traefik.${DOMAINNAME}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- /etc/compose/traefik:/etc/traefik
- /etc/compose/shared:/shared
jira:
image: dchevell/jira-software:${JIRAVERSION}
ports:
- 8080:8080
networks:
- backend
restart: unless-stopped
volumes:
- /data/files/jira/data:/var/atlassian/application-data/jira
environment:
- JVM_MAXIMUM_MEMORY=2048m
- JVM_MINIMUM_MEMORY=768m
- CATALINA_CONNECTOR_PROXYNAME=jira.${DOMAINNAME}
- CATALINA_CONNECTOR_PROXYPORT=443
- CATALINA_CONNECTOR_SCHEME=https
- CATALINA_CONNECTOR_SECURE=true
depends_on:
- jira-postgresql
links:
- "jira-postgresql:database"
labels:
- "traefik.enable=true"
- "traefik.backend=jira"
- "traefik.frontend.rule=Host:jira.${DOMAINNAME}"
- "traefik.port=8080"
jira-postgresql:
image: postgres:9.6.11-alpine
networks:
- backend
ports:
- 5432:5432
restart: unless-stopped
volumes:
- /data/index/postgresql/data/:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=jira
- POSTGRES_USER=jira
- POSTGRES_DB=jira
labels:
- "traefik.enable=false"
# Portainer
portainer:
image: portainer/portainer
container_name: portainer
restart: always
ports:
- 9000:9000
command: -H unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./etc-portainer/data:/data
environment:
TZ: ${TZ}
labels:
- "traefik.enable=false"
networks:
frontend:
external:
name: frontend
backend:
driver: bridge

Configuration I got working with apps over secure - not super intuitive, but it looks like it accepts redirects secure traffic properly. I've got mine using acme on godaddy for certs, and it appears to be functioning properly over https with a forced recirect:
Forced redirect for reference:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
And the dockerfile that I made to get things deployed properly:
version: '3'
services:
jira:
image: dchevell/jira-software:8.1.0
deploy:
restart_policy:
condition: on-failure
labels:
- traefik.frontend.rule=Host:jira.mydomain.com
- traefik.enable=true
- traefik.port=8080
ports:
- "8080"
networks:
- traefik-pub
- jiranet
environment:
- CATALINA_CONNECTOR_PROXYNAME=jira.mydomain.com
- CATALINA_CONNECTOR_PROXYPORT=443
- CATALINA_CONNECTOR_SCHEME=https
- CATALINA_CONNECTOR_SECURE=true
jira-postgresql:
image: postgres:11.2-alpine
networks:
- jiranet
ports:
- "5432"
volumes:
- jira-postgres-data:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=supersecret
- POSTGRES_USER=secret_user
- POSTGRES_DB=jira_db
labels:
- "traefik.enable=false"
volumes:
jira-postgres-data:
networks:
traefik-pub:
external: true
jiranet:
driver: overlay
This still required manual configuration of the database - I may one day take the time to build my own jira dockerfile that accepts the database config already, but with this one working, I don't see much point in pre-configuring the database connection when it's 20 seconds of extra work vs. rebuilding a dockerfile that I haven't written myself.

Configure Traefik in front of two docker containers, all on port 80

I try to run three docker containers on one host. Traaefik is one of the containers to proxy traffic to the other containers.
My first goal is to reach each container through a dedicated hostname on port 80. Traefik ui should be available only through a hostname and on port 80 also, having some sort of authentication.
Using only a docker-compose.yml, I can reach all three containers using the hostnames, all on port 80. But to add authentication, I guess I need to introduce a traefik.toml. But this gives me troubles.
Next goal would be to introduce SSL using let's encrypt on all three hosts.But first things first...
Working solution with three hosts, all on port 80, lacking authorization for Traefik UI:
version: "2"
networks:
web:
services:
prox:
image: containous/traefik:latest # The official Traefik docker image
command: --api --docker # Enables the web UI and tells Træfik to listen to docker
restart: unless-stopped
ports:
- "80:80" # The HTTP port
labels:
- "traefik.port=8080"
- "traefik.backend=traefikception"
- "traefik.frontend.rule=Host:traefik.test.com"
- "traefik.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
networks:
- web
seafile_1:
image: seafileltd/seafile
container_name: seafile_1
restart: unless-stopped
environment:
SEAFILE_ADMIN_EMAIL: me#test.com
SEAFILE_ADMIN_PASSWORD: ####
SEAFILE_SERVER_HOSTNAME: 1.test.com
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:1.test.com
- traefik.port=80
- traefik.backend=seafile_1
- traefik.docker.network=web
volumes:
- /opt/seafile-data/ttt_1:/shared
networks:
- web
seafile_2:
image: seafileltd/seafile
container_name: seafile_2
restart: unless-stopped
environment:
SEAFILE_ADMIN_EMAIL: me#test2.com
SEAFILE_ADMIN_PASSWORD: #####
SEAFILE_SERVER_HOSTNAME: 2.test2.com
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:2.test2.com
- traefik.port=80
- traefik.backend=seafile_1
- traefik.docker.network=web
volumes:
- /opt/seafile-data/ttt_2:/shared
networks:
- web
Adding the following traefik.toml:
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.proxy]
address=":80"
[entryPoints.proxy.auth]
[entryPoints.proxy.auth.basic]
users = [
"joh:$apr1$RKdHyOKO$QDK1EKB4UJbsda7CXfPfK0",
]
[api]
entrypoint="proxy"
I get lot's of the following errors in the log, none of the containers is reachable from outside:
prox_1 | time="2018-06-17T19:23:26Z" level=fatal msg="Error preparing server: listen tcp :8080: bind: address already in use"
prox_1 | time="2018-06-17T19:24:26Z" level=error msg="Error opening listener listen tcp :8080: bind: address already in use"
prox_1 | time="2018-06-17T19:24:26Z" level=fatal msg="Error preparing server: listen tcp :8080: bind: address already in use"
I am pretty sure I need to adapt my docker-compose.yml and move settings to traefik.toml, but I cannot get my head around how to to that.
Thanks in advance!!

With the help of traefik support on slack I was able to solve this.
you may not have more than one entryPoint per Port
The Authorization can be configured in the docker-compose.yml
add acme.json and configure https and Let's encrypt only in traefik.toml
In /opt/traefik put the following three files:
acme.json:
may be empty but must be well secured:
touch acme.json
chmod 600 acme.json
docker-compose.yml:
version: "2"
networks:
web:
services:
prox:
image: containous/traefik:latest # The official Traefik docker image
command: --api --docker # Enables the web UI and tells Træfik to listen to docker
restart: unless-stopped
ports:
- "80:80"
- "443:443"
# - "8080:8080" # Don't want this port open (on all hostnames!)
labels:
- "traefik.port=8080"
- "traefik.backend=traefikception"
- "traefik.frontend.rule=Host:traefik.example.me"
- "traefik.enable=true"
- "traefik.frontend.auth.basic=admin:$$ert2$$RKdHyOKO$$QDK1EKB4UJbsda7CXfPfK0"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock" # So that Traefik can listen to the Docker events
- "./traefik.toml:/traefik.toml"
- "./acme.json:/acme.json"
networks:
- web
seafile_org1:
image: seafileltd/seafile
container_name: seafile_org1
restart: unless-stopped
environment:
SEAFILE_ADMIN_EMAIL: mail#mail.me
SEAFILE_ADMIN_PASSWORD: ####
SEAFILE_SERVER_HOSTNAME: org1.example.me
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:org1.example.me
- traefik.port=80
- traefik.backend=seafile_org1
- traefik.docker.network=web
volumes:
- /opt/seafile-data/org1:/shared
networks:
- web
seafile_org2:
image: seafileltd/seafile
container_name: seafile_org2
restart: unless-stopped
environment:
SEAFILE_ADMIN_EMAIL: mail#mail.com
SEAFILE_ADMIN_PASSWORD: ####
SEAFILE_SERVER_HOSTNAME: org2.example.com
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:org2.example.com
- traefik.port=80
- traefik.backend=seafile_org2
- traefik.docker.network=web
volumes:
- /opt/seafile-data/org2:/shared
networks:
- web
get what you need to put as value to traefik.frontend.auth.basic issuing:
htpasswd -n admin
traefik.toml:
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[api]
dashboard = true
# Enable ACME (Let's Encrypt): automatic SSL.
[acme]
email = "you#mail.com"
storage = "acme.json"
entryPoint = "https"
# If true, display debug log messages from the acme client library.
# acmeLogging = true
# Enable certificate generation on frontends host rules.
onHostRule = true
# CA server to use.
# Uncomment the line to use Let's Encrypt's staging server,
# leave commented to go to prod.
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# Use a HTTP-01 ACME challenge.
# Optional (but recommended)
[acme.httpChallenge]
entryPoint = "http"
This uses Let's encrypt staging environment to get you three certs. Comment the line with caServer to get the real certs! Recreate an empty acme.json as well!
The seafile-data is stored in
/opt/seafile-data/org1
and
/opt/seafile-data/org2
respectively.
In /opt/traefik you can start the system:
docker-compose up -d
and watch the logs with
docker-compose logs
Startup takes some time on first run to setup seafile, get the certs,...
Your hosts should be reachable, giving no SSL errors or warnings on
http://traefik.example.me (Asking your credentials to see the page)
http://org1.example.me
http://org2.example.com
What's left to do is to edit the ccnet.conf file in each of the seafile installation directories (/opt/seafile-data/org1/seafile/conf/ccnet.conf) and change the protocol to "http" and remove the port ":8000" from SERVICE_URL so that shared links are correct for that setup as well. The line should read:
SERVICE_URL = https://org1.example.me

You can do it all in the Docker Stacks file:
version: "3.7"
services:
traefik:
image: traefik:1.7.13
command: >
--api
--docker
--docker.swarmmode
--docker.watch
--docker.exposedbydefault=false
# --debug=true
--loglevel=error # debug
--defaultentrypoints=https,http
--entryPoints="Name:http Address::80 Redirect.EntryPoint:https"
--entryPoints="Name:https Address::443 TLS"
--retry
--acme=true
--acme.entrypoint=https
--acme.httpchallenge
--acme.httpchallenge.entrypoint=http
--acme.domains="..."
--acme.email="..."
--acme.storage=/certs/acme.json
ports:
- 80:80 # HTTP
- 443:443 # HTTPS
- 8080:8080 # The Web UI (enabled by --api)
volumes:
- acme:/certs
- /var/run/docker.sock:/var/run/docker.sock:ro
whoami:
image: containous/whoami
deploy:
labels:
traefik.frontend.rule: Path:/whoami
traefik.enable: "true"
traefik.port: 80
volumes:
acme:

Traefik with docker backend leads to bad gateway

I set up a debian server where I installed docker and docker-compose.
I created in the home of my sudo user a folder with the following hierarchy:
~/docker-project
- docker-compose.yml
- /traefik/traefik.toml
I do a docker-compose up -d everything is started I can reach traefik.mydomain.com that has working ssl certificate as does the other subdomains. But if I go to any of my subdomain to reach my dockerized web service, I get a bad gateway message in my browser. If I go to my server IP adress and put the right port, I see my webservice working perfectly.
So I think I've made a mistake configuring the docker / traefik relationship but I'm unable to find where.
Here is my traefik.toml:
defaultEntryPoints = ["http", "https"]
################################################################
# Web configuration backend
################################################################
[web]
address = ":8080"
[web.auth.basic]
# User: user | Password: password
users = ["user:hashedpassword"]
################################################################
# Entry-points configuration
################################################################
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
################################################################
# Docker configuration backend
################################################################
[docker]
domain = "mydomain.com"
watch = true
exposedbydefault = false
################################################################
# Let's encrypt
################################################################
[acme]
email = "my-email#mail.com"
storageFile = "/etc/traefik/acme.json"
onDemand = false
onHostRule = true
entryPoint = "https"
Here is my docker-compose.yml:
version: '2'
services:
traefik:
restart: always
image: traefik
container_name: traefik
ports:
- '80:80'
- '443:443'
- '8080:8080'
labels:
- 'traefik.enable=true'
- 'traefik.docker.network=dockerplatform_default'
- 'traefik.port=8080'
- 'traefik.frontend.rule=Host:traefik.mydomain.com'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/etc/traefik
plex:
image: linuxserver/plex
container_name: plex
environment:
- VERSION=latest
- PUID=1000
- PGID=1000
- TZ=TZ
labels:
- 'traefik.enable=true'
- 'traefik.docker.network=dockerplatform_default'
- 'traefik.port=9001'
- 'traefik.frontend.rule=Host:plex.mydomain.com'
ports:
- '9001:32400'
volumes:
- 'plex:/config'
- 'plex_transcode:/transcode'
- '/home/downloader/Downloads:/data/'
plexpy:
image: linuxserver/plexpy
container_name: plexpy
environment:
- PUID=1000
- PGID=1000
- TZ=TZ
labels:
- 'traefik.enable=true'
- 'traefik.docker.network=dockerplatform_default'
- 'traefik.port=9002'
- 'traefik.frontend.rule=Host:plexpy.mydomain.com'
ports:
- '9002:8181'
volumes:
- 'plexpy:/config'
transmission:
image: linuxserver/transmission
container_name: transmission
environment:
- PGID=1000
- PUID=1000
- TZ=TZ
labels:
- 'traefik.enable=true'
- 'traefik.docker.network=dockerplatform_default'
- 'traefik.port=9003'
- 'traefik.frontend.rule=Host:bt.mydomain.com'
ports:
- '9003:9091'
- '51413:51413'
- '51413:51413/udp'
volumes:
- 'transmission:/config'
- '/home/downloader/Downloads:/downloads'
- '/home/downloader/Downloads:/watch'
volumes:
plex:
driver: local
plex_transcode:
driver: local
plexpy:
driver: local
transmission:
driver: local
Thank you for your help.

So I managed to get an answer thanks to the terrific traefik slack channel!
So my containers are all in the same docker network including my traefik container.
The problem is that I mapped all my containers port to be accessible from the host machine.
Instead I should have only mapped traefik ports to the host machine and just exposed the ports of my web services containers so that traefik can listen to them inside the docker network where they are all in.
Change : - add expose
- change traefik.port
I just had to do this changes in my docker-compose.yml:
version: '2'
services:
traefik:
restart: always
image: traefik
container_name: traefik
ports:
- '80:80'
- '443:443'
- '8080:8080'
labels:
- 'traefik.enable=true'
- 'traefik.docker.network=dockerplatform_default'
- 'traefik.port=8080'
- 'traefik.frontend.rule=Host:traefik.mydomain.com'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/etc/traefik
plex:
image: linuxserver/plex
container_name: plex
environment:
- VERSION=latest
- PUID=1000
- PGID=1000
- TZ=TZ
labels:
- 'traefik.enable=true'
- 'traefik.docker.network=dockerplatform_default'
- 'traefik.port=32400'
- 'traefik.frontend.rule=Host:plex.mydomain.com'
#ports:
# - '9001:32400'
expose:
- 32400
volumes:
- 'plex:/config'
- 'plex_transcode:/transcode'
- '/home/downloader/Downloads:/data/'
plexpy:
image: linuxserver/plexpy
container_name: plexpy
environment:
- PUID=1000
- PGID=1000
- TZ=TZ
labels:
- 'traefik.enable=true'
- 'traefik.docker.network=dockerplatform_default'
- 'traefik.port=8181'
- 'traefik.frontend.rule=Host:plexpy.mydomain.com'
#ports:
# - '9002:8181'
expose:
- 8181
volumes:
- 'plexpy:/config'
transmission:
image: linuxserver/transmission
container_name: transmission
environment:
- PGID=1000
- PUID=1000
- TZ=TZ
labels:
- 'traefik.enable=true'
- 'traefik.docker.network=dockerplatform_default'
- 'traefik.port=9091'
- 'traefik.frontend.rule=Host:bt.mydomain.com'
#ports:
# - '9003:9091'
# - '51413:51413'
# - '51413:51413/udp'
expose:
- 9091
- 51413
volumes:
- 'transmission:/config'
- '/home/downloader/Downloads:/downloads'
- '/home/downloader/Downloads:/watch'
volumes:
plex:
driver: local
plex_transcode:
driver: local
plexpy:
driver: local
transmission:
driver: local

As Traefik v2 is out now, this question deserves an update:
The expose port defnition isn't necessary anymore.
Neither is a port mapping definition for that container.
The only thing necessary is, that something in the container is listening.
Note: If you define for e.g. an Nginx container, add the label
- 'traefik.port=9091'
but also add a server conf that listens on port 9091.