How to map specific port inside docker container when using traefik? - docker

Here's my docker-compose.yml:
version: '3'
services:
website:
build: ./website
expose: [3000]
labels:
- "traefik.frontend.rule=Host:localhost"
blog:
build: ./blog
expose: [4000]
labels:
- "traefik.frontend.rule=Host:localhost;PathPrefix:/blog"
docs:
build: ./docs
expose: [3000]
labels:
- "traefik.frontend.rule=Host:localhost;PathPrefix:/docs"
proxy:
image: traefik
command: --api.insecure=true --providers.docker
networks:
- webgateway
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
webgateway:
driver: bridge
What I want is access three different node.js websites via different routes. But these three node.js websites actually expose different ports. Now my treafik is running. I can config via localhost:8080 But localhost localhost/blog and localhost/docs are all 404 page not found
P.S: I'm not sure whether port is the issue I should investigate, because changing one node.js service to port 80 doesn't solve the puzzle. And I saw on traefik dashboard the rule is Host(blog-dev)

PathPrefix:/blog
When you have this as a routing rule, traefix won't automatically remove the prefix when sending to the container.
So unless you have a route /blog inside your container you will get a 404.
So what you normally do is also add a middleware to strip this ->
https://docs.traefik.io/middlewares/stripprefix/
Also you appear not to be setting your rules based on your service.
So as an example for your first service blog,
try->
labels:
- "traefik.http.routers.blog.rule=Host(`localhost`) && PathPrefix(`/blog`)"
- "traefik.http.routers.blog.middlewares=strip-blog"
- "traefik.http.middlewares.strip-blog.stripprefix.prefixes=/blog"
And then do the same for your other routes, don't forget to replace routers.blog with routers.docs etc..

labels:
- traefik.http.services.<YOUR-SERVICE-NAME>.loadbalancer.server.port=9763
EG:
services:
wso:
image: "my-custom-wso-image"
volumes:
- .....
labels:
- "traefik.enable=true"
- "traefik.http.routers.wso.tls=true"
- "traefik.http.routers.wso.rule=Host(`my.nice.url`)"
- "traefik.http.services.wso.loadbalancer.server.port=9763" #<-----

Thanks to #Keith I found the solution
version: '3'
services:
website:
build: ./website
expose: [3000]
networks: # It's essential to specify the same network in every service
- webgateway
labels:
- "traefik.http.routers.website.rule=Host(`localhost`)" # Use the right format
- "traefik.port=3000" # Let traefik find the right port
blog:
build: ./blog
expose: [4000]
networks:
- webgateway
labels:
- "traefik.http.routers.blog.rule=Host(`localhost`) && PathPrefix(`/blog`)" # blog has a root as `/blog` so no need to strip otherwise too many redirects
- "traefik.port=4000"
docs:
build: ./docs
expose: [3000]
networks:
- webgateway
labels:
- "traefik.http.routers.docs.rule=Host(`localhost`) && PathPrefix(`/docs`)"
- "traefik.http.routers.docs.middlewares=strip-docs" # Necessary as Keith mentioned
- "traefik.http.middlewares.strip-docs.stripprefix.prefixes=/docs"
- "traefik.port=3000"
proxy:
image: traefik
command: --api.insecure=true --providers.docker
networks:
- webgateway
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
webgateway:
driver: bridge

Related

Running two services(each have their own subdomain name) on same server with Traefik proxy

I'm trying to run two separate API's on a local server, and point two different DNS A Records to the same server. Something like service1.userdomain.com => [ip address] and service2.userdomain.com => [ip address]
I thought I could use Traefik and route to two different docker images based on the host name. However this isnt working as I get a 504 Gateway timeout when trying to hit the service. The services themselves are listening to port :8080
version: '3'
services:
traefik:
image: traefik:latest
restart: always
command:
- --accesslog
- --api.insecure=true
- --providers.docker
- --providers.docker.exposedbydefault=false
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- "80:80"
- "8080:8080"
service1:
image: ghcr.io/user/service1:latest
restart: always
ports:
- "8081:8080"
networks:
- fullstack
labels:
- traefik.enable=true
- traefik.http.routers.service1.rule=Host(`service1.domain.com`)
service2:
image: ghcr.io/user/serice2:latest
restart: always
ports:
- "8082:8080"
labels:
- traefik.enable=true
- traefik.http.routers.service2.rule=Host(`service2.domain.com`)
networks:
- fullstack
networks:
fullstack:
driver: bridge

How to configure traefik authentication to work with webdav in docker compose?

I want to build a private webdav server behind traefik with authentication.
Here is the docker-compose.yml file:
version: '3.7'
services:
reverse-proxy:
image: traefik:v2.2
command: --api.insecure=true --providers.docker
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=${AUTHUSER}"
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
webdav:
image: mwader/webdav
labels:
- "traefik.http.routers.webdav.rule=Host(`localhost`)||Host(`mydomain`)"
volumes:
- /data:/webdav
After "# docker-compose up -d", webdav is working, but without any authentication, which should be digest auth. Now anyone knows the domain can access my files. That's not acceptable.
So is there any where I did wrong? How can I get it right?
Thanks!
It is not enough to define the middleware, you must use it with routers. Try to use this stack
version: '3.7'
services:
reverse-proxy:
image: traefik:v2.2
command: --api.insecure=true --providers.docker
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=${AUTHUSER}"
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
webdav:
image: mwader/webdav
labels:
- "traefik.http.routers.webdav.rule=Host(`localhost`)||Host(`mydomain`)"
- "traefik.http.routers.webdav.middlewares=test-auth"
volumes:
- /data:/webdav
More information, details, and examples can be found in this article

Traefik configuration inside docker-compose with subdomains

I try to setup subdomains configuration using traefik but is doesn't work. This is my docker-compose config :
traefik:
image: "traefik:v2.0.0-rc3"
container_name: "traefik"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8282:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
#- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.frontend.port=80"
- "traefik.frontend.rule=Host:whoami.mydomain.com"
When I replace the host by mydomain.com/whoami it does works correctly. I also tried to add the subdomain to /etc/hosts file but nothing changes when I go to whoami.mydomain.com nothing appears.
Do you have suggestions ?
Thanks.
I'm not an expert with Docker or Traefik, but I have been doing some work in that regard. The only thing I see that looks a bit weird to be is that you may want to throw a common network option on both to ensure they are sharing, such as:
networks:
- web
The only other guess would be if you are missing the DNS entry for whoami.yourdomain.com
For the record,
If append the following content to my /etc/hosts:
127.0.0.1 whoami.mydomain.com
the following snippet works on my machine:
version: '3'
services:
traefik:
image: "traefik:v2.5"
container_name: "traefik"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8282:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
An yours with traefik:2.5 answers with a 404 not found on my machine.
Note: the port 8282 on my machine gives nothing (which is normal as nothing is listening in port 8080 in the container).

Traefik and Docker Compose returns a Bad Gateway for application route

I am trying to setup Traefik with a test app on a non-standard port.
IIS is currently using port 80 on my machine so I am using port 9000 for my test app.
I keep getting back Bad Gateway.
The test application is an empty .net core application with a welcome page
From the Bad Gateway response I assume that Traefik is not routing the request correctly or that the container is not picking up the request.
I have tried numerous traefik labels and cannot still get the request to oute correctly.
I can access the Traefik dashboard on docker.localhost:8080
But if I access my app on webapp3.localhost:9000 I get a "Bad Request"
docker-compose.yml
version: '3.4'
services:
webapp3:
container_name: webapp3
image: ${DOCKER_REGISTRY-}webapp3
build:
context: .
dockerfile: WebApp3/Dockerfile
networks:
- web
labels:
- "traefik.backend=webapp3"
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:webapp3.localhost"
- "traefik.port=80"
traefik:
container_name: traefik
image: traefik
command: --api --docker --logLevel=DEBUG
restart: always
ports:
- "443:443"
- "9000:80"
- "8080:8080"
volumes:
- ./docker/traefik:/etc/traefik/
- /var/run/docker.sock:/var/run/docker.sock:ro
- /dev/null:/traefik.toml
networks:
- web
labels:
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:docker.localhost"
- "traefik.port=8080"
- "traefik.docker.network=web"
networks:
web:
external : true
docker-compose.override.yml
version: '3.4'
services:
webapp3:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80;http://+:9000
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro

Jira & Docker & Traefik Setup

I'm first time Traefik user and I successfully configured this docker compose setup for Jira with Traefik and Let's Encrypt Cert.
My problem is that Jira must be able to connect to his self. Their are some Jira Services like Gadgets that loads it's data via JavaScript from via his own address over http. This typ of service does not work for me. Their is a support documents that describes this problems and also shows solutions for this. But I don't know how to setup this up correctly with Traefik/Docker. https://confluence.atlassian.com/jirakb/how-to-fix-gadget-titles-showing-as-__msg_gadget-813697086.html
Your help would be great. Thanks a lot!
version: '3'
services:
reverse-proxy:
image: traefik # The official Traefik docker image
command: --docker # Enables the web UI and tells Traefik to listen to docker --api
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
- "8081:8080" # The Web UI (enabled by --api)
hostname: traefik
restart: unless-stopped
domainname: ${DOMAINNAME}
networks:
- frontend
- backend
labels:
- "traefik.enable=false"
- "traefik.frontend.rule=Host:traefik.${DOMAINNAME}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- /etc/compose/traefik:/etc/traefik
- /etc/compose/shared:/shared
jira:
image: dchevell/jira-software:${JIRAVERSION}
ports:
- 8080:8080
networks:
- backend
restart: unless-stopped
volumes:
- /data/files/jira/data:/var/atlassian/application-data/jira
environment:
- JVM_MAXIMUM_MEMORY=2048m
- JVM_MINIMUM_MEMORY=768m
- CATALINA_CONNECTOR_PROXYNAME=jira.${DOMAINNAME}
- CATALINA_CONNECTOR_PROXYPORT=443
- CATALINA_CONNECTOR_SCHEME=https
- CATALINA_CONNECTOR_SECURE=true
depends_on:
- jira-postgresql
links:
- "jira-postgresql:database"
labels:
- "traefik.enable=true"
- "traefik.backend=jira"
- "traefik.frontend.rule=Host:jira.${DOMAINNAME}"
- "traefik.port=8080"
jira-postgresql:
image: postgres:9.6.11-alpine
networks:
- backend
ports:
- 5432:5432
restart: unless-stopped
volumes:
- /data/index/postgresql/data/:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=jira
- POSTGRES_USER=jira
- POSTGRES_DB=jira
labels:
- "traefik.enable=false"
# Portainer
portainer:
image: portainer/portainer
container_name: portainer
restart: always
ports:
- 9000:9000
command: -H unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./etc-portainer/data:/data
environment:
TZ: ${TZ}
labels:
- "traefik.enable=false"
networks:
frontend:
external:
name: frontend
backend:
driver: bridge
Configuration I got working with apps over secure - not super intuitive, but it looks like it accepts redirects secure traffic properly. I've got mine using acme on godaddy for certs, and it appears to be functioning properly over https with a forced recirect:
Forced redirect for reference:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
And the dockerfile that I made to get things deployed properly:
version: '3'
services:
jira:
image: dchevell/jira-software:8.1.0
deploy:
restart_policy:
condition: on-failure
labels:
- traefik.frontend.rule=Host:jira.mydomain.com
- traefik.enable=true
- traefik.port=8080
ports:
- "8080"
networks:
- traefik-pub
- jiranet
environment:
- CATALINA_CONNECTOR_PROXYNAME=jira.mydomain.com
- CATALINA_CONNECTOR_PROXYPORT=443
- CATALINA_CONNECTOR_SCHEME=https
- CATALINA_CONNECTOR_SECURE=true
jira-postgresql:
image: postgres:11.2-alpine
networks:
- jiranet
ports:
- "5432"
volumes:
- jira-postgres-data:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=supersecret
- POSTGRES_USER=secret_user
- POSTGRES_DB=jira_db
labels:
- "traefik.enable=false"
volumes:
jira-postgres-data:
networks:
traefik-pub:
external: true
jiranet:
driver: overlay
This still required manual configuration of the database - I may one day take the time to build my own jira dockerfile that accepts the database config already, but with this one working, I don't see much point in pre-configuring the database connection when it's 20 seconds of extra work vs. rebuilding a dockerfile that I haven't written myself.

Resources