compose that declares a traefik reverse-proxy container :
reverse-proxy:
image: traefik:v2.0
container_name: "traefik"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
And a plex service :
plex:
image: linuxserver/plex
container_name: plex
labels:
- "traefik.enable=true"
- "traefik.http.routers.plex.rule=Host(`plex.baptiste-arnaud.fr`)"
- "traefik.http.routers.plex.entrypoints=web"
- "traefik.http.services.plex.loadbalancer.server.port=32400"
network_mode: host
environment:
- PUID=1000
- PGID=1000
- VERSION=docker
volumes:
- /home/pi/hdd1/plex/library:/config
- /home/pi/hdd1/plex/tvshows:/tv
- /home/pi/hdd1/plex/movies:/movies
restart: unless-stopped
It uses the host network mode. I try to request plex.baptiste-arnaud.fr and it gives me a "Bad gateway". I have other services that work well. Can it work when a container is started with the host network?
Related
I've got my docker environment setup using traefik and I've got two services running at the moment.
I'm using Google OAuth for authentication which redirects to my web application with auth-code. The redirect URL isn't allowed anything but localhost or localhost:<any-port> or any CDN. I've setup my docker for http://portal.local.
I now want http://localhost/user/googleLogin?code=xxxxxxxxxx to be translated to http://portal.local/user/googleLogin?code=xxxxxxxx for further processing of authentication.
Right now, I'm having to manually change localhost to portal.local in browser URL after it gives site not found error, which then takes me to further processing.
Below is my docker-compose.yml file.
version: "3.9"
services:
portal-traefik:
container_name: portal-traefik
command:
- --api.insecure=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
# - --entrypoints.websecure.address=:443
# - --certificatesresolvers.myresolver.acme.httpchallenge=true
# - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
# - --certificatesresolvers.myresolver.acme.email=ssl#idealsalessolutions.com
# - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json
image: traefik:latest
networks:
api_driven:
ports:
- "80:80"
- "8080:8080"
# - "443:443"
restart: unless-stopped
volumes:
- portal_acme:/acme
- /var/run/docker.sock:/var/run/docker.sock:ro
api-i4f:
container_name: api-i4f
depends_on:
- php-i4f
- portal-traefik
image: nginx:stable-alpine
labels:
- traefik.enable=true
- traefik.http.routers.api.rule=Host(`api.local`)
networks:
api_driven:
restart: unless-stopped
volumes:
- ../docker.sites/api.local:/usr/share/nginx/api.local
- ./conf/nginx/conf.d:/etc/nginx/conf.d:ro
command: [nginx, '-g', 'daemon off;']
hostname: api.local
portal-i4f:
container_name: portal-i4f
depends_on:
- php-i4f
- portal-traefik
image: nginx:stable-alpine
labels:
- traefik.enable=true
- traefik.http.routers.portal.rule=Host(`portal.local`)
networks:
api_driven:
restart: unless-stopped
volumes:
- ../docker.sites/portal.local:/usr/share/nginx/portal.local
- ./conf/nginx/conf.d:/etc/nginx/conf.d:ro
command: [nginx, '-g', 'daemon off;']
hostname: portal.local
php-i4f:
container_name: php-i4f
depends_on:
- portal-traefik
image: isshub/core:php7.4.30-fpm-alpine3.16-intl-mysql
networks:
api_driven:
restart: unless-stopped
volumes:
- ../docker.sites/api.local:/usr/share/nginx/api.local
- ../docker.sites/portal.local:/usr/share/nginx/portal.local
networks:
api_driven:
name: "api_driven"
volumes:
portal_acme:
I've tried to use multiple router rules to listen to both localhost and portal.local using regex/replacement middlewares as well but that stops the service at all and gives 404 error.
I'm trying to run a Nextcloud instance on my Raspbery Pi 3B+ using a docker-compose file from this source: https://blog.ssdnodes.com/blog/installing-nextcloud-docker/
This works out of the box without any issues on a Ubuntu Server.
I've replaced the following images to be compatible with the arm infrastructure of the Pi:
jwilder/nginx-proxy:alpine with braingamer/nginx-proxy-arm or budry/jwilder-nginx-proxy-arm (I tried both)
jrcs/letsencrypt-nginx-proxy-companion with budry/jrcs-letsencrypt-nginx-proxy-companion-arm
mariadb with linuxserver/mariadb
nextcloud:latest with linuxserver/nextcloud
Unfortunately this doesn't work on the Pi, the Pi returns first a 502 Bad Gateway, then after some time the error ERR_TOO_MANY_REDIRECTS.
What am I doing wrong?
Thanks
My docker-compose.yml:
version: '3'
services:
proxy:
image: braingamer/nginx-proxy-arm
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
container_name: nextcloud-proxy
networks:
- nextcloud_network
ports:
- 80:80
- 443:443
volumes:
- ./proxy/conf.d:/etc/nginx/conf.d:rw
- ./proxy/vhost.d:/etc/nginx/vhost.d:rw
- ./proxy/html:/usr/share/nginx/html:rw
- ./proxy/certs:/etc/nginx/certs:ro
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
restart: unless-stopped
letsencrypt:
image: budry/jrcs-letsencrypt-nginx-proxy-companion-arm
container_name: nextcloud-letsencrypt
depends_on:
- proxy
networks:
- nextcloud_network
volumes:
- ./proxy/certs:/etc/nginx/certs:rw
- ./proxy/vhost.d:/etc/nginx/vhost.d:rw
- ./proxy/html:/usr/share/nginx/html:rw
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: unless-stopped
db:
image: linuxserver/mariadb
container_name: nextcloud-mariadb
networks:
- nextcloud_network
volumes:
- db:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
environment:
- PUID=1000
- PGID=1000
- MYSQL_ROOT_PASSWORD=***PASSWORD***
- MYSQL_PASSWORD=***PASSWORD***
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
ports:
- 3306:3306
restart: unless-stopped
app:
image: linuxserver/nextcloud
container_name: nextcloud-app
networks:
- nextcloud_network
depends_on:
- letsencrypt
- proxy
- db
volumes:
- nextcloud:/var/www/html
- ./app/config:/var/www/html/config
- ./app/custom_apps:/var/www/html/custom_apps
- ./app/data:/var/www/html/data
- ./app/themes:/var/www/html/themes
- /etc/localtime:/etc/localtime:ro
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- VIRTUAL_HOST=nextcloud.domain.tld
- LETSENCRYPT_HOST=nextcloud.domain.tld
- LETSENCRYPT_EMAIL=mail#nextcloud.domain.tld
volumes:
nextcloud:
db:
networks:
nextcloud_network:
The tutorial used a Nginx reverse proxy and Let’s Encrypt, for the latter you need a valid domain. If you look at your compose file for linuxserver/nextcloud under environment, it asks for a domain for VIRTUAL_HOST, LETSENCRYPT_HOST and LETSENCRYPT_EMAIL. It then tries to create a ssl certificate for the specified domain (nextcloud.domain.tld), which is not valid, so it doesn't work.
This was the case for me, so I just removed the proxy and ssl from my compose file and nextcloud works now :)
Here is my current working compose file:
version: '3'
services:
db:
image: tobi312/rpi-mariadb:10.5
container_name: nextcloud-mariadb
networks:
- nextcloud_network
volumes:
- db:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
environment:
- MYSQL_ROOT_PASSWORD=very_secure_password
- MYSQL_PASSWORD=very_secure_password
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
restart: unless-stopped
app:
image: nextcloud:latest
container_name: nextcloud-app
networks:
- nextcloud_network
depends_on:
- db
volumes:
- nextcloud:/var/www/html
- ./app/config:/var/www/html/config
- ./app/custom_apps:/var/www/html/custom_apps
- ./app/data:/var/www/html/data
- ./app/themes:/var/www/html/themes
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
ports:
- 80:80
volumes:
nextcloud:
db:
networks:
nextcloud_network:
driver: bridge
Hope it helps.
I installed a fully dockerized Nextcloud server on Ubuntu LTS 20.04.
Right now, it is accessible via nginx from the subdomain I assigned to it, with a SSL certificate from Lets Encrypt.
I would like to be able to access it from a local IP from within the network on port 8140.
I tried adding the ports to the docker-compose.yml file with:
ports:
- "8140:8140"
But the ports get assigned to 0.0.0.0 instead of the machine's IP address.
Anyone knows how to expose the container to the local network?
Here's an example of the docker-compose.yml I used:
version: '3'
services:
proxy:
image: jwilder/nginx-proxy:alpine
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
container_name: nextcloud-proxy
networks:
- nextcloud_network
ports:
- 80:80
- 443:443
- "8140:8140"
volumes:
- ./proxy/conf.d:/etc/nginx/conf.d:rw
- ./proxy/vhost.d:/etc/nginx/vhost.d:rw
- ./proxy/html:/usr/share/nginx/html:rw
- ./proxy/certs:/etc/nginx/certs:ro
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
restart: unless-stopped
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nextcloud-letsencrypt
depends_on:
- proxy
networks:
- nextcloud_network
volumes:
- ./proxy/certs:/etc/nginx/certs:rw
- ./proxy/vhost.d:/etc/nginx/vhost.d:rw
- ./proxy/html:/usr/share/nginx/html:rw
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: unless-stopped
db:
image: mariadb
container_name: nextcloud-mariadb
networks:
- nextcloud_network
volumes:
- db:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
environment:
- MYSQL_ROOT_PASSWORD=toor
- MYSQL_PASSWORD=mysql
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
restart: unless-stopped
app:
image: nextcloud:latest
container_name: nextcloud-app
networks:
- nextcloud_network
depends_on:
- letsencrypt
- proxy
- db
volumes:
- nextcloud:/var/www/html
- ./app/config:/var/www/html/config
- ./app/custom_apps:/var/www/html/custom_apps
- ./app/data:/var/www/html/data
- ./app/themes:/var/www/html/themes
- /etc/localtime:/etc/localtime:ro
environment:
- VIRTUAL_HOST=nextcloud.YOUR-DOMAIN
- LETSENCRYPT_HOST=nextcloud.YOUR-DOMAIN
- LETSENCRYPT_EMAIL=YOUR-EMAIL
restart: unless-stopped
volumes:
nextcloud:
db:
networks:
nextcloud_network:
As far as I know, you append the IP Address you are binding to locally as follows:
ports:
- 192.168.0.254:80:80
- 192.168.0.254:443:443
- "192.168.0.254:8140:8140"
I am trying to configure traefik to connect between my 3 docker containers.
I tried with this configuration but I got net::ERR_NAME_NOT_RESOLVED on my browser console.
searchservice:
hostname: searchservice
image: searchservice:0.0.3-SNAPSHOT
container_name: searchservice
networks:
- es-network
#ipv4_address: 172.21.0.12
ports:
- 8070:8080
restart: always
depends_on:
- elasticsearch
- reverseproxy
labels:
- "traefik.frontend.rule=PathPrefix:/searchservice,Host:localhost"
- "traefik.port: 8070"
- "traefik.enable=true"
subscriber-service:
hostname: subscriber-service
image: subscriberservice:0.0.4-SNAPSHOT
container_name: subscriber-service
networks:
- es-network
#ipv4_address: 172.21.0.13
ports:
- 8090:8090
restart: always
depends_on:
- mongo1
- mongo2
- reverseproxy
labels:
- "traefik.frontend.rule=PathPrefix:/api,Host:localhost"
- "traefik.port: 8090"
- "traefik.enable=true"
searchappfront:
hostname: searchappfront
image: frontservice:latest
container_name: searchappfront
networks:
- es-network
ports:
- 80:80
restart: always
depends_on:
- subscriber-service
- searchservice
- reverseproxy
labels:
- "traefik.frontend.rule=PathPrefix:/"
- "traefik.enable=true"
- "traefik.port=80"
# - "traefik.frontend.rule=Host:localhost"
reverseproxy:
image: traefik:v2.1
command:
- '--providers.docker=true'
- '--entryPoints.web.address=:80'
- '--providers.providersThrottleDuration=2s'
- '--providers.docker.watch=true'
- '--providers.docker.defaultRule=Host("local.me")'
- '--accessLog.bufferingSize=0'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
#ports:
# - '80:80'
# - '8080:8080'
The searchappfront is an angular application where the http endPoints have this pattern
http://subscriber-service:8090/
http://searchservice:8070/
if I use localhost instead of hostnames, requests work fine but I need to deploy these containers in a cloud instance.
You are using traefik 2, but your annotation is for traefik 1. This is not going to work.
Expected Result:
Container can access each other thru hostname or hostcomputer ip.
Actual Result:
When using network_mode I can't make any changes as static ip or links to other containers.
Description:
I've a couple of containers all using --net (network_mode) to a openvpn. As single instances they work and with nginx proxy I can access each from any computer.
However the containers can't find each other except with local ip (172.19.0.x). I could use that but what happens on host reboot. Will the ip addresses change?
docker-compose.yml
version: '3.4'
services:
vpn:
image: dperson/openvpn-client
container_name: vpn
cap_add:
- net_admin
networks:
- default
tmpfs:
- /tmp
restart: unless-stopped
security_opt:
- label:disable
stdin_open: true
tty: true
volumes:
- ../openvpn:/vpn
- /dev/net:/dev/net:z
environment:
- DNS='8.8.4.4 8.8.8.8'
- FIREWALL="1"
- TZ='Europe/Stockholm'
command: -f ""
networks:
- default
proxy:
image: nginx
container_name: proxy
environment:
TZ: 'Europe/Stockholm'
ports:
- "6003:8989" # sonarr
- "6004:7878" # radarr
- "6001:8112" # deluge
- "6002:9117" # jackett
depends_on:
- sonarr
- radarr
- deluge
- jackett
links:
- vpn:sonarr
- vpn:radarr
- vpn:deluge
- vpn:jackett
networks:
- default
volumes:
- ../nginx/default.conf:/etc/nginx/conf.d/default.conf
restart: always
command: "nginx -g 'daemon off;'"
sonarr:
image: linuxserver/sonarr
container_name: sonarr
volumes:
- ../sonarr:/config
- /etc/localtime:/etc/localtime:ro
- /media/megadrive/Media/Series:/tv
- /media/megadrive/Media/tmp/completed:/downloads
env_file: ../uidgid.env
network_mode: "service:vpn"
environment:
- TZ='Europe/Stockholm'
cap_add:
- net_admin
depends_on:
- vpn
restart: always
radarr:
image: linuxserver/radarr
container_name: radarr
volumes:
- ../radarr:/config
- /media/megadrive/Media/Movies:/movies
- /media/megadrive/Media/tmp/completed:/downloads
- /etc/localtime:/etc/localtime:ro
env_file: ../uidgid.env
network_mode: "service:vpn"
environment:
- TZ='Europe/Stockholm'
cap_add:
- net_admin
depends_on:
- vpn
restart: always
deluge:
image: linuxserver/deluge
container_name: deluge
depends_on:
- vpn
network_mode: "service:vpn"
volumes:
- ../deluge:/config
- /media/megadrive/Media/tmp/:/downloads
- /etc/localtime:/etc/localtime:ro
restart: always
env_file: ../uidgid.env
environment:
- TZ='Europe/Stockholm'
jackett:
container_name: jackett
image: linuxserver/jackett
restart: unless-stopped
network_mode: "service:vpn"
env_file: ../uidgid.env
environment:
- TZ='Europe/Stockholm'
volumes:
- ../jackett:/config
- /media/megadrive/Media/tmp/blackhole:/downloads
networks:
default:
It seems that letting vpn service use host instead of bridge (default). Will solve a couple of things.
Allow everything to work on host computer ip. As long as every service is on its own port this is okay.
Services still seems to be following openvpn rules
no more need for nginx for proxy to the webgui
vpn:
image: dperson/openvpn-client
container_name: vpn
cap_add:
- net_admin
tmpfs:
- /tmp
restart: unless-stopped
security_opt:
- label:disable
stdin_open: true
tty: true
volumes:
- ../openvpn:/vpn
- /dev/net:/dev/net:z
environment:
- DNS='8.8.4.4 8.8.8.8'
- FIREWALL="1"
- TZ='Europe/Stockholm'
command: -f ""
network_mode: "host"
The other option is that the services in the vpn use localhost to access each other. Since they share the network stack of the vpn container they are accessed as if they were the same host. This one had me stumped for a while this week.
One comment, you've got net_admin on all your containers, you only need it on the vpn