Traefik uses a different frontend rule for Jupyterhub than the one that I specified as label. I set it to 'hub.domain.com' but traefik says rule found "Host:jupyterhub.jupyterhub.domain.com". There seems to be some overwriting going on. There is no label with "Host:jupyterhub.jupyterhub.domain.com"
This is my Docker Compose:
version: '3'
services:
jupyterhub:
build: jupyterhub
container_name: jupyterhub_hub
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
DOCKER_JUPYTER_IMAGE: jupyterlab_img
DOCKER_NETWORK_NAME: ${COMPOSE_PROJECT_NAME}_default
OAUTH_CLIENT_ID: ${OAUTH_CLIENT_ID}
OAUTH_CLIENT_SECRET: ${OAUTH_CLIENT_SECRET}
OAUTH_CALLBACK_URL: ${OAUTH_CALLBACK_URL}
HUB_IP: jupyterhub_hub
labels:
- "traefik.enable=true"
- "treafik.frontend.rule=Host:${HOST}"
volumes:
- jupyterhub_data:/srv/jupyterhub
traefik:
image: traefik:1.7-alpine
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /opt/appdata/traefik/traefik.toml:/etc/traefik/traefik.toml
- /var/run/docker.sock:/var/run/docker.sock
- /opt/appdata/traefik/acme.json:/etc/traefik/acme.json
jupyterlab:
build: jupyterlab
image: jupyterlab_img
command: echo
volumes:
jupyterhub_data:
And this is my traefik.toml:
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[api]
dashboard = true
insecure = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "domain.com"
watch = true
exposedByDefault = false
[acme]
email = "info#domain.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
Related
If I please contact domain.com/api/v0/add, I get the expected result, but if I speak at domain.com/ipfs, then get 404.
How to proxy all calls starting with the way /ipfs ??
I briefly studied the documentation traefik, but never found an answer.
I have docker-compose.yml file:
version: '3.4'
volumes:
traefik: {}
services:
ipfs0:
container_name: ipfs0
image: ipfs/go-ipfs:release
ports:
- "4001:4001"
- "5001:5001"
- "8080:8080"
volumes:
- ./compose/ipfs0:/data/ipfs
ipfs1:
container_name: ipfs1
image: ipfs/go-ipfs:release
ports:
- "4101:4001" # ipfs swarm
- "5101:5001" # expose if needed/wanted
- "8180:8080" # exposes if needed/wanted
volumes:
- ./compose/ipfs1:/data/ipfs
traefik:
build:
context: .
dockerfile: ./compose/traefik/Dockerfile
depends_on:
- ipfs0
volumes:
- traefik:/etc/traefik/acme
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
and traefik.toml file
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]
# Entrypoints, http and https
[entryPoints]
# http should be redirected to https
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
# https is the default
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Enable ACME (Let's Encrypt): automatic SSL
[acme]
# Email address used for registration
email = "*******************#gmail.com"
storage = "/etc/traefik/acme/acme.json"
entryPoint = "https"
onDemand = false
OnHostRule = true
# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
[acme.httpChallenge]
entryPoint = "http"
[file]
[backends]
[backends.ipfs0]
[backends.ipfs0.servers.server1]
path = "/api"
url = "http://ipfs0:5001"
[backends.ipfs1]
[backends.ipfs1.servers.server1]
path = "/ipfs"
url = "http://ipfs1:8180"
[frontends]
[frontends.ipfs0]
backend = "ipfs0"
passHostHeader = truea
[frontends.ipfs0.routes.dr1]
rule = "Host:domain.com"
[frontends.ipfs1]
backend = "ipfs1"
passHostHeader = true
[frontends.ipfs1.routes.dr1]
rule = "Host:domain.com"
I'm trying to route traffic from my domain foobar.com to the backend container through traefik as a reverse proxy. But I cannot see the problem! Can anyone help?
My traefik.toml file looks like this:
debug = true
logLevel = "ERROR"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "foobar.com"
watch = true
exposedByDefault = false
network = "web"
[acme]
email = "my-email-here#gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
My docker-compose for traefik:
version: '2'
services:
traefik:
image: traefik:latest
restart: always
command: --docker --web
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/dockerfiles/traefik/traefik.toml:/traefik.toml
- /home/dockerfiles/traefik/acme.json:/acme.json
container_name: traefik
networks:
web:
external: true
I'm trying to setup a sample ghost blog. The docker-compose file looks like this:
version: '2.1'
services:
ghost:
image: ghost:1-alpine
restart: always
expose:
- "2368"
labels:
- traefik.docker.network=web
- traefik.enable=true
- traefik.frontend.rule=Host:foobar.com
- traefik.port=2368
- traefik.protocol=http
- traefik.backend=ghost
networks:
- web
networks:
web:
external: true
Do you happen to know where the Traefik logs are located? I read the documentation on Traefik and it says it will output to stdout but when I start the docker container with docker-compose up -d it doesn't show anything in stdout after I try the domain name and pull up multiple linked docker containers.
I also tried to specify these:
[traefikLog]
filePath = "./traefik.log" #<--Tried this but It doesn't work, file empty and permissions set to 777
[accessLog]
filePath = "./access.log" #<--Tried this but doesn't work, file empty and permissions set to 777
I'm confused, am I missing something? or is Traefik supposed to be this quiet?
When I run it this is all I see, nothing afterwards.
# docker-compose up
Creating traefik ... done
Attaching to traefik
Attached is my config. Thanks.
traefik/traefik.toml:
logLevel = "DEBUG"
defaultEntryPoints = ["http","https"]
[api]
address = ":8080"
[traefikLog]
filePath = "./traefik.log" #<--Tried this but It doesn't work
[accessLog]
filePath = "./access.log" #<--Tried this but doesn't work
[entryPoints]
[entryPoints.http]
#redirect ALL http traffic to https 443
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
#Let's encrypt setup
[acme]
email = "email#email.com"
storage = "acme.json"
entryPoint = "https"
acmeLogging = true
#When new host is created, request certificate.
onHostRule = true
onDemand = false
[acme.httpChallenge]
entryPoint = "http"
#Watch Docker, when new containers are created with label create mapping.
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "exampledomain.net"
watch = true
exposedbydefault = false
docker-compose.yml:
version: '3'
services:
traefik:
hostname: traefik
domainname: exampledomain.net
image: traefik:alpine
command: --api --docker
container_name: traefik
networks:
- nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik/traefik.toml:/traefik.toml"
- "./traefik/acme.json:/acme.json"
labels:
- "traefik.enable=true"
- "traefik.port=8080"
- "traefik.frontend.rule=Host:monitor.exampledomain.net"
- "traefik.docker.network=nginx-proxy"
networks:
nginx-proxy:
external:
name: nginx-proxy
To see logs in the stdout event if you run docker-compose up -d:
docker-compose logs -f
https://docs.docker.com/compose/reference/logs/
FYI The path ./traefik.log is inside the Traefik container.
[traefikLog]
filePath = "./traefik.log"
With your files (without the section [traefikLog]), I see the logs.
However, your configuration have some issues:
version: '3'
services:
traefik:
hostname: traefik
domainname: exampledomain.net
image: traefik:v1.7.9-alpine
# command: --api --docker # <-- don't define the same configuration with CLI and TOML https://docs.traefik.io/basics/#static-traefik-configuration
container_name: traefik
networks:
- nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik/traefik.toml:/traefik.toml"
- "./traefik/acme.json:/acme.json"
labels:
- "traefik.enable=true"
- "traefik.port=8080"
- "traefik.frontend.rule=Host:monitor.exampledomain.net"
- "traefik.docker.network=nginx-proxy"
networks:
nginx-proxy:
external:
name: nginx-proxy
logLevel = "DEBUG"
defaultEntryPoints = ["http","https"]
[api]
# address = ":8080" <- this options doesn't exist. https://docs.traefik.io/v1.7/configuration/api/
# [traefikLog] # <-- remove because not needed
# filePath = "./traefik.log"
# [accessLog] # <-- remove because not needed
# filePath = "./access.log"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Let's encrypt setup
[acme]
email = "email#email.com"
storage = "acme.json"
entryPoint = "https"
acmeLogging = true
onHostRule = true
onDemand = false
[acme.httpChallenge]
entryPoint = "http"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "exampledomain.net"
# watch = true # <---- useful only for swarm
exposedbydefault = false
Just add [accessLog] to your traefik.toml file and you are fine.
I am sharing a docker-compose file, which will create a volume for both access logs and service logs:
"networks":
"network":
"external":
"name": "appliance"
"services":
"container":
"container_name": "traefik"
"image": "traefik:1.7.4"
"networks":
- "network"
"ports":
- "80:80"
- "443:443"
- "8099:8099"
"restart": "always"
"volumes":
- "/var/run/docker.sock:/var/run/docker.sock"
- "{pwd}/traefik.toml:/traefik.toml"
- "{pwd}/acme.json:/acme.json"
- "logs:/var/log/traefik"
"version": "3.4"
"volumes":
"logs":
"name": "traefik_logs"
Add the log location in traefik.toml as follows:
[accessLog]
filePath = "/var/log/traefik/access.log"
I have 3 services up and running.
A mariadb & nextcloud instance:
version: '2.1'
volumes:
nextcloud:
db:
services:
db:
image: mariadb
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=my_root_password
- MYSQL_PASSWORD=my_password
- MYSQL_DATABASE=my_database
- MYSQL_USER=my_user
app:
image: nextcloud
restart: always
networks:
- web
- default
ports:
- 9000
labels:
- "traefik.backend=app"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:my_host"
- "traefik.enable=true"
- "traefik.port=9000"
- "traefik.default.protocol=http"
networks:
web:
external: true
And a traefik service:
version: '2'
services:
traefik:
image: traefik:1.5.4
restart: always
ports:
- 80:80
- 443:443
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/traefik/traefik.toml:/traefik.toml
- /opt/traefik/acme.json:/acme.json
container_name: traefik
networks:
web:
external: true
This traefik instance is using this config file:
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "my_host"
watch = true
exposedByDefault = false
[acme]
email = "my_email"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
Now when I goto my host, it redirects to HTTPS but then it just displays bad gateway and nothing else. It should display the nextcloud web application. Anyone know why this is happening? I am running the compose files using the docker-compose up -d command.
It might be too late now but I also ran into this issue myself, so posting an answer to what resolved it for me.
Nextcloud exposes port 80 on the container's IP address which Traefik is trying to connect to. So you incorrectly specified the port for 'traefik.port' label. Change it from 9000 to 80.
Here's my Traefik configuration:
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.internal]
address = ":8080"
[entryPoints.traefik]
address = ":8081"
[retry]
[api]
entryPoint = "traefik"
dashboard = true
[file]
[backends]
[backends.traefik]
[backends.traefik.servers.default]
url = "http://127.0.0.1:8081"
[frontends]
[frontends.traefik]
entryPoints = ["internal"]
backend = "traefik"
[frontends.traefik.routes.default]
rule = "Host:localhost;PathPrefixStrip:/traefik;PathPrefix:/traefik"
[docker]
domain = "example.com"
watch = true
exposedbydefault = false
As you can see, I have Traefik dashboard configured to show on localhost:8080/traefik. This works exactly as intended.
I also have very similar configuration for RabbitMQ management UI, set up with docker-compose using labels:
version: '3'
services:
traefik:
image: traefik:alpine
container_name: traefik
ports:
- "80:80"
- "443:443"
- "127.0.0.1:8080:8080"
networks:
- web
- internal
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./config/traefik/staging.toml:/etc/traefik/traefik.toml"
rabbitmq:
image: rabbitmq:3.7-management-alpine
hostname: rabbitmq
container_name: rabbitmq
networks:
- internal
- default
depends_on:
- traefik
environment:
RABBITMQ_VM_MEMORY_HIGH_WATERMARK: 128MiB
RABBITMQ_ERLANG_COOKIE: temp_cookie_secret
RABBITMQ_NODENAME: rabbit#rabbitmq
volumes:
- "rabbitmqdata:/var/lib/rabbitmq"
labels:
- "traefik.backend=rabbitmq"
- "traefik.docker.network=internal"
- "traefik.frontend.rule=Host:localhost;PathPrefixStrip:/rabbitmq;PathPrefix:/rabbitmq"
- "traefik.enable=true"
- "traefik.port=15672"
- "traefik.protocol=http"
- "traefik.domain=localhost"
networks:
internal:
web:
volumes:
rabbitmqdata
However, this doesn't work: on http://localhost:8080/rabbitmq I get 404 page not found. Traefik dashboard shows that it found my RabbitMQ container and registered rules that are very much like those for Traefik's dashboard:
Where's the mistake here that prevents my setup from working as intended?