If I please contact domain.com/api/v0/add, I get the expected result, but if I speak at domain.com/ipfs, then get 404.
How to proxy all calls starting with the way /ipfs ??
I briefly studied the documentation traefik, but never found an answer.
I have docker-compose.yml file:
version: '3.4'
volumes:
traefik: {}
services:
ipfs0:
container_name: ipfs0
image: ipfs/go-ipfs:release
ports:
- "4001:4001"
- "5001:5001"
- "8080:8080"
volumes:
- ./compose/ipfs0:/data/ipfs
ipfs1:
container_name: ipfs1
image: ipfs/go-ipfs:release
ports:
- "4101:4001" # ipfs swarm
- "5101:5001" # expose if needed/wanted
- "8180:8080" # exposes if needed/wanted
volumes:
- ./compose/ipfs1:/data/ipfs
traefik:
build:
context: .
dockerfile: ./compose/traefik/Dockerfile
depends_on:
- ipfs0
volumes:
- traefik:/etc/traefik/acme
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
and traefik.toml file
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]
# Entrypoints, http and https
[entryPoints]
# http should be redirected to https
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
# https is the default
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Enable ACME (Let's Encrypt): automatic SSL
[acme]
# Email address used for registration
email = "*******************#gmail.com"
storage = "/etc/traefik/acme/acme.json"
entryPoint = "https"
onDemand = false
OnHostRule = true
# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
[acme.httpChallenge]
entryPoint = "http"
[file]
[backends]
[backends.ipfs0]
[backends.ipfs0.servers.server1]
path = "/api"
url = "http://ipfs0:5001"
[backends.ipfs1]
[backends.ipfs1.servers.server1]
path = "/ipfs"
url = "http://ipfs1:8180"
[frontends]
[frontends.ipfs0]
backend = "ipfs0"
passHostHeader = truea
[frontends.ipfs0.routes.dr1]
rule = "Host:domain.com"
[frontends.ipfs1]
backend = "ipfs1"
passHostHeader = true
[frontends.ipfs1.routes.dr1]
rule = "Host:domain.com"
Related
Traefik uses a different frontend rule for Jupyterhub than the one that I specified as label. I set it to 'hub.domain.com' but traefik says rule found "Host:jupyterhub.jupyterhub.domain.com". There seems to be some overwriting going on. There is no label with "Host:jupyterhub.jupyterhub.domain.com"
This is my Docker Compose:
version: '3'
services:
jupyterhub:
build: jupyterhub
container_name: jupyterhub_hub
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
DOCKER_JUPYTER_IMAGE: jupyterlab_img
DOCKER_NETWORK_NAME: ${COMPOSE_PROJECT_NAME}_default
OAUTH_CLIENT_ID: ${OAUTH_CLIENT_ID}
OAUTH_CLIENT_SECRET: ${OAUTH_CLIENT_SECRET}
OAUTH_CALLBACK_URL: ${OAUTH_CALLBACK_URL}
HUB_IP: jupyterhub_hub
labels:
- "traefik.enable=true"
- "treafik.frontend.rule=Host:${HOST}"
volumes:
- jupyterhub_data:/srv/jupyterhub
traefik:
image: traefik:1.7-alpine
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /opt/appdata/traefik/traefik.toml:/etc/traefik/traefik.toml
- /var/run/docker.sock:/var/run/docker.sock
- /opt/appdata/traefik/acme.json:/etc/traefik/acme.json
jupyterlab:
build: jupyterlab
image: jupyterlab_img
command: echo
volumes:
jupyterhub_data:
And this is my traefik.toml:
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[api]
dashboard = true
insecure = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "domain.com"
watch = true
exposedByDefault = false
[acme]
email = "info#domain.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
I'm trying to route traffic from my domain foobar.com to the backend container through traefik as a reverse proxy. But I cannot see the problem! Can anyone help?
My traefik.toml file looks like this:
debug = true
logLevel = "ERROR"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "foobar.com"
watch = true
exposedByDefault = false
network = "web"
[acme]
email = "my-email-here#gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
My docker-compose for traefik:
version: '2'
services:
traefik:
image: traefik:latest
restart: always
command: --docker --web
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/dockerfiles/traefik/traefik.toml:/traefik.toml
- /home/dockerfiles/traefik/acme.json:/acme.json
container_name: traefik
networks:
web:
external: true
I'm trying to setup a sample ghost blog. The docker-compose file looks like this:
version: '2.1'
services:
ghost:
image: ghost:1-alpine
restart: always
expose:
- "2368"
labels:
- traefik.docker.network=web
- traefik.enable=true
- traefik.frontend.rule=Host:foobar.com
- traefik.port=2368
- traefik.protocol=http
- traefik.backend=ghost
networks:
- web
networks:
web:
external: true
Do you happen to know where the Traefik logs are located? I read the documentation on Traefik and it says it will output to stdout but when I start the docker container with docker-compose up -d it doesn't show anything in stdout after I try the domain name and pull up multiple linked docker containers.
I also tried to specify these:
[traefikLog]
filePath = "./traefik.log" #<--Tried this but It doesn't work, file empty and permissions set to 777
[accessLog]
filePath = "./access.log" #<--Tried this but doesn't work, file empty and permissions set to 777
I'm confused, am I missing something? or is Traefik supposed to be this quiet?
When I run it this is all I see, nothing afterwards.
# docker-compose up
Creating traefik ... done
Attaching to traefik
Attached is my config. Thanks.
traefik/traefik.toml:
logLevel = "DEBUG"
defaultEntryPoints = ["http","https"]
[api]
address = ":8080"
[traefikLog]
filePath = "./traefik.log" #<--Tried this but It doesn't work
[accessLog]
filePath = "./access.log" #<--Tried this but doesn't work
[entryPoints]
[entryPoints.http]
#redirect ALL http traffic to https 443
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
#Let's encrypt setup
[acme]
email = "email#email.com"
storage = "acme.json"
entryPoint = "https"
acmeLogging = true
#When new host is created, request certificate.
onHostRule = true
onDemand = false
[acme.httpChallenge]
entryPoint = "http"
#Watch Docker, when new containers are created with label create mapping.
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "exampledomain.net"
watch = true
exposedbydefault = false
docker-compose.yml:
version: '3'
services:
traefik:
hostname: traefik
domainname: exampledomain.net
image: traefik:alpine
command: --api --docker
container_name: traefik
networks:
- nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik/traefik.toml:/traefik.toml"
- "./traefik/acme.json:/acme.json"
labels:
- "traefik.enable=true"
- "traefik.port=8080"
- "traefik.frontend.rule=Host:monitor.exampledomain.net"
- "traefik.docker.network=nginx-proxy"
networks:
nginx-proxy:
external:
name: nginx-proxy
To see logs in the stdout event if you run docker-compose up -d:
docker-compose logs -f
https://docs.docker.com/compose/reference/logs/
FYI The path ./traefik.log is inside the Traefik container.
[traefikLog]
filePath = "./traefik.log"
With your files (without the section [traefikLog]), I see the logs.
However, your configuration have some issues:
version: '3'
services:
traefik:
hostname: traefik
domainname: exampledomain.net
image: traefik:v1.7.9-alpine
# command: --api --docker # <-- don't define the same configuration with CLI and TOML https://docs.traefik.io/basics/#static-traefik-configuration
container_name: traefik
networks:
- nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik/traefik.toml:/traefik.toml"
- "./traefik/acme.json:/acme.json"
labels:
- "traefik.enable=true"
- "traefik.port=8080"
- "traefik.frontend.rule=Host:monitor.exampledomain.net"
- "traefik.docker.network=nginx-proxy"
networks:
nginx-proxy:
external:
name: nginx-proxy
logLevel = "DEBUG"
defaultEntryPoints = ["http","https"]
[api]
# address = ":8080" <- this options doesn't exist. https://docs.traefik.io/v1.7/configuration/api/
# [traefikLog] # <-- remove because not needed
# filePath = "./traefik.log"
# [accessLog] # <-- remove because not needed
# filePath = "./access.log"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Let's encrypt setup
[acme]
email = "email#email.com"
storage = "acme.json"
entryPoint = "https"
acmeLogging = true
onHostRule = true
onDemand = false
[acme.httpChallenge]
entryPoint = "http"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "exampledomain.net"
# watch = true # <---- useful only for swarm
exposedbydefault = false
Just add [accessLog] to your traefik.toml file and you are fine.
I am sharing a docker-compose file, which will create a volume for both access logs and service logs:
"networks":
"network":
"external":
"name": "appliance"
"services":
"container":
"container_name": "traefik"
"image": "traefik:1.7.4"
"networks":
- "network"
"ports":
- "80:80"
- "443:443"
- "8099:8099"
"restart": "always"
"volumes":
- "/var/run/docker.sock:/var/run/docker.sock"
- "{pwd}/traefik.toml:/traefik.toml"
- "{pwd}/acme.json:/acme.json"
- "logs:/var/log/traefik"
"version": "3.4"
"volumes":
"logs":
"name": "traefik_logs"
Add the log location in traefik.toml as follows:
[accessLog]
filePath = "/var/log/traefik/access.log"
Here's my Traefik configuration:
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.internal]
address = ":8080"
[entryPoints.traefik]
address = ":8081"
[retry]
[api]
entryPoint = "traefik"
dashboard = true
[file]
[backends]
[backends.traefik]
[backends.traefik.servers.default]
url = "http://127.0.0.1:8081"
[frontends]
[frontends.traefik]
entryPoints = ["internal"]
backend = "traefik"
[frontends.traefik.routes.default]
rule = "Host:localhost;PathPrefixStrip:/traefik;PathPrefix:/traefik"
[docker]
domain = "example.com"
watch = true
exposedbydefault = false
As you can see, I have Traefik dashboard configured to show on localhost:8080/traefik. This works exactly as intended.
I also have very similar configuration for RabbitMQ management UI, set up with docker-compose using labels:
version: '3'
services:
traefik:
image: traefik:alpine
container_name: traefik
ports:
- "80:80"
- "443:443"
- "127.0.0.1:8080:8080"
networks:
- web
- internal
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./config/traefik/staging.toml:/etc/traefik/traefik.toml"
rabbitmq:
image: rabbitmq:3.7-management-alpine
hostname: rabbitmq
container_name: rabbitmq
networks:
- internal
- default
depends_on:
- traefik
environment:
RABBITMQ_VM_MEMORY_HIGH_WATERMARK: 128MiB
RABBITMQ_ERLANG_COOKIE: temp_cookie_secret
RABBITMQ_NODENAME: rabbit#rabbitmq
volumes:
- "rabbitmqdata:/var/lib/rabbitmq"
labels:
- "traefik.backend=rabbitmq"
- "traefik.docker.network=internal"
- "traefik.frontend.rule=Host:localhost;PathPrefixStrip:/rabbitmq;PathPrefix:/rabbitmq"
- "traefik.enable=true"
- "traefik.port=15672"
- "traefik.protocol=http"
- "traefik.domain=localhost"
networks:
internal:
web:
volumes:
rabbitmqdata
However, this doesn't work: on http://localhost:8080/rabbitmq I get 404 page not found. Traefik dashboard shows that it found my RabbitMQ container and registered rules that are very much like those for Traefik's dashboard:
Where's the mistake here that prevents my setup from working as intended?
I try to use caddy server with traefik in a simple container.
Unfortunatly i get a Gateway Timeout error when i visite the domain. I can't understand if the error is due to traefik or my container.
My docker-compose file:
version: '2'
#
# [ server stack ]
#
services:
web:
image: abiosoft/caddy
container_name: caddy
restart: unless-stopped
networks:
- caddy_network
ports:
- 2015:2015
volumes:
# app
- ./localhost:/srv
# configs
- ./config/Caddyfile:/etc/Caddyfile
labels:
- "traefik.frontend.rule=Host:domain.com"
- "traefik.port=2015"
- "traefik.backend=domain.com"
- "traefik.frontend.entryPoints=http,https"
- "traefik.enable=true"
#
# [ networks definition ]
#
networks:
caddy_network:
driver: bridge
My caddy file:
0.0.0.0:2015
browse
gzip
log stdout
errors stderr
For information, the let's encrypt certificat is perfectly generate by traefik.
Any idea? Could it be a problem with the port config?
[edit]
The traefik config:
################################################################
# Global configuration
################################################################
defaultEntryPoints = ["http", "https"]
logLevel = "DEBUG"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "admin#domain.com"
storageFile = "/etc/traefik/acme/acme.json"
entryPoint = "https"
OnHostRule = true
onDemand = true
[[acme.domains]]
main = "domain.com"
sans = ["docker.domain.com", "traefik.domain.com"]
################################################################
# Web configuration backend
################################################################
[web]
address = ":8080"
# MD5
[web.auth.basic]
users = ["admin:xxx"]
################################################################
# Docker configuration backend
################################################################
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "traefik.domain.com"
watch = true
# Tous les conteneurs seront utilisables par Traefik
# Pour qu'il ne le soit pas, il est nécessaire d'ajouter le label "traefik.enable=false"
# lors de la création du conteneur
exposedbydefault = false
Thank you in advance for the help.
jB
Working solution:
version: '2'
#
# [ server stack ]
#
services:
web:
image: abiosoft/caddy
container_name: caddy
restart: unless-stopped
networks:
- traefik_network
ports:
- 2015:2015
volumes:
# app
- ./localhost:/srv
# configs
- ./config/Caddyfile:/etc/Caddyfile
labels:
- "traefik.frontend.rule=Host:domain.com"
- "traefik.port=2015"
- "traefik.backend=domain.com"
- "traefik.frontend.entryPoints=http,https"
- "traefik.enable=true"
- "traefik.docker.network=traefik_network"
#
# [ networks definition ]
#
networks:
traefik_network:
external: true
It is not necessary to open the port in that container, I meant this line, it is unnecessary and not recomended:
ports:
- 2015:2015