I'm setting up a gitlab server behind traefik proxy, but my gitlab sshd logs says traefik send http request over 22 port to gitlab, causing Internal server error.
==> /var/log/gitlab/sshd/current <==
gitlab | 2019-08-27_03:39:15.42508 Bad protocol version identification 'GET / HTTP/1.1' from 192.168.144.2 port 33462
I found there is a similar discuss here, however the answer did not work, is there any way to change gitlab backend from 22 to 80?
The following is my code and configs.
# traefik docker-compose.yaml
version: '3'
services:
traefik:
container_name: traefik
image: traefik
command: --api
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
networks:
- web
ports:
- 8080:8080
- 80:80
- 443:443
networks:
web:
external: true
# traefik.toml
debug = false
logLevel = "INFO"
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "mydomain.com"
watch = true
exposedByDefault = false
# gitlab docker-compose.yaml
version: '3'
services:
# expose 22 80 443
gitlab:
container_name: gitlab
image: gitlab/gitlab-ee
volumes:
- /nsrv/gitlab/config:/etc/gitlab
- /nsrv/gitlab/logs:/var/log/gitlab
- /nsrv/gitlab/data:/var/opt/gitlab
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:gitlab.mydomain.com
- traefik.prot=80
networks:
- web
restart: always
networks:
web:
external: true
Looks like you have a typo in your gitlab docker-compose.yaml file.
Replace traefik.prot by traefik.port and it should work better.
Related
im running a gitlab-ee docker container behind a traefik v1 docker container. My gitlab is supposed to run on the domain gitlab.dev.example.com:65443 the port 65443 is being forwarded to 443 on my server within my router (i have other stuff running on my 443 and 80 port). my traefik dashboard is running on traefik.dev.example.com:65443/dashboard/
Now when i want to get a lets encrypt certificate with traefik it tries to get it for the domain gitlab.dev.example.com and fails with "Unable to obtain ACME certificate for domains "gitlab.dev.example.com" [...]"
if i visit https://gitlab.dev.example.com:65443 it opens my gitlab container but with the "Traefik Default Cert". I cannot push or pull from these gitlab repositories because the SSL Certificates are self signed hence why i want to get a lets encrypt one.
i swapped out the actual domain with "example.com" obviously
my traefik.toml:
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https", "http"]
[web]
address = ":80"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "traefik.dev.example.com" //swapped the url out
watch = true
exposedByDefault = false
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Enable retry sending a request if the network error
[retry]
# Let's encrypt configuration
[acme]
email="e#mail.com" //swapped the email out
storage="acme.json"
entryPoint="https"
acmeLogging=true
OnHostRule=true
[acme.httpChallenge]
entryPoint = "http"
now to my docker-compose files. i have a seperate docker-compose.yml for each container
my docker-compose.yml for the traefik container:
version: "3.2"
services:
reverse-proxy:
image: traefik:alpine
command: --api --docker --logLevel=error
restart: unless-stopped
container_name: docker-traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/etc/traefik/traefik.toml
- ./acme.json:/acme.json
environment:
- "TZ=Europe/Berlin"
networks:
- traefik_proxy
- default
ports:
- "443:443"
- "80:80"
logging:
driver: "json-file"
options:
max-file: "3"
max-size: "5m"
labels:
- traefik.backend=traefik-proxy
- traefik.frontend.rule=Host:traefik.dev.loropserver.de
- traefik.docker.network=traefik_proxy
- traefik.port=8080
- traefik.enable=true
- traefik.frontend.auth.basic=lorop:$$apr1$$dHnqprRX$$DjIWIaE97EnMoxwu6o/14.
networks:
traefik_proxy:
external:
name: traefik_proxy
# default:
# driver: bridge
my docker-compose.yml for the gitlab container:
version: '3.5'
services:
gitlab:
image: 'gitlab/gitlab-ee:latest'
container_name: gitlab
restart: unless-stopped
hostname: 'gitlab.dev.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.dev.example.com';
//some more configs
ports:
- '22:22'
- '5005:5005'
volumes:
- './volumes/gitlab/config:/etc/gitlab'
- './volumes/gitlab/logs:/var/log/gitlab'
- './volumes/gitlab/data:/var/opt/gitlab'
- /etc/localtime:/etc/localtime:ro
- './certs:/etc/gitlab/trusted-certs'
networks:
- traefik_proxy
labels:
- 'traefik.enable=true'
- 'traefik.port=65443'
- 'traefik.docker.network=traefik_proxy'
- 'traefik.backend=gitlab'
- 'traefik.frontend.rule=Host:gitlab.dev.example.com'
- 'traefik.http.routers.entrypoints=websecure'
networks:
traefik_proxy:
external: true
I am new to traefik and am trying to set up my containers to be reverse-proxied by traefik at the moment. It all worked fine while using traefik.frontend.rule=Host:grafana01.mydomain.com for routing requests to grafana01.mydomain.com, but due to infrastructural issues within our network I'd rather use traefik.frontend.rule=Path:/grafana01/ to redirect to mydomain.com/grafana01. Yet for some reason it does not work.
My traefik.toml file as well as my two docker-compose.yml files for traefik and grafana, respectively:
#Traefik Global Configuration
debug = false
checkNewVersion = true
logLevel = "ERROR"
#Define the EntryPoint for HTTP and HTTPS
defaultEntryPoints = ["https","http"]
#Enable Traefik Dashboard on port 8080
[web]
address = ":8080"
#Define the HTTP port 80 and
#HTTPS port 443 EntryPoint
#Enable automatically redirect HTTP to HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
#Enable retry sending a request if the network error
[retry]
#Define Docker Backend Configuration
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "mydomain.com"
watch = true
#Letsencrypt Registration
#Define the Letsencrypt ACME HTTP challenge
[acme]
email = "some_email"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
version: '3'
services:
traefik:
image: traefik:latest
command: --docker --docker.mydomain.com
ports:
- 80:80
- 443:443
networks:
- traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
labels:
- "traefik.frontend.rule=Host:mydomain.com"
- "traefik.port=8080"
- "traefik.backend=traefik"
container_name: traefik
restart: always
networks:
traefik:
external: true
version: '3'
services:
grafana01:
image: grafana/grafana
labels:
- traefik.port=3000
- traefik.backend=grafana01
- traefik.frontend.rule=Path:/grafana01/
- traefik.docker.network=traefik
networks:
- traefik
environment:
- GF_SECURITY_ADMIN_PASSWORD=secret
volumes:
- /srv/docker/grafana01/data:/var/lib/grafana
container_name: grafana01
restart: always
grafana02:
image: grafana/grafana
labels:
- traefik:port=3001
- traefik.backend=grafana02
- traefik.frontend.rule=Path:/grafana02/
- traefik.docker.network=traefik
- traefik.enable=true
networks:
- traefik
environment:
- GF_SECURITY_ADMIN_PASSWORD=secret
volumes:
- /srv/docker/grafana02/data:/var/lib/grafana
container_name: grafana02
restart: always
networks:
traefik:
external: true
I'd appreciate any help!
Changing traefik.frontend.rule=Path:/grafana01/ to
traefik.frontend.rule=PathPrefixStrip:/grafana01 as well as adding
GF_SERVER_ROOT_URL=%(protocol)s://%(domain)s/grafana01
did the trick for me.
I am trying to work with traefik middlewares but none of the traefik middleware is working for deployed service following is the docker-compose file and toml file. I am initializing traefik with a toml file Can someone spot any error?
version: '3'
services:
traefik:
image: traefik
command: -c /traefik.toml --logLevel=DEBUG
ports:
- "80:80"
- "8086:8080"
networks:
- traefik
volumes:
- ./traefik.toml:/traefik.toml
- /var/run/docker.sock:/var/run/docker.sock
whoami:
image: emilevauge/whoami
networks:
- traefik
labels:
- traefik.enable=true
- "traefik.frontend.rule=Host:link.docker.localhost"
authservice:
image: authservice
networks:
- traefik
ports:
- "7000:80"
labels:
- traefik.enable=true
- "traefik.frontend.rule=Host:authservice.docker.localhost"
- "traefik.http.middlewares.test-replacepath.replacepath.path=/swagger"
networks:
traefik:
---------toml file
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true
[web]
address = ":8080"
[docker]
endpoint = "unix:///var/run/docker.sock"
You are using a mix of Traefik v1 and Traefik v2 configuration.
traefik.frontend.rule -> Traefik v1
traefik.http.middlewares.test-replacepath.replacepath.path -> Traefik v2
Traefik v1 and Traefik v2 configuration are not compatible.
The documentations:
https://docs.traefik.io/v1.7/configuration/backends/docker/
https://docs.traefik.io/v2.0/
I have docker compose with nginx running with the following config:
version: "3"
services:
web:
image: nginx:alpine
volumes:
- ./nginx:/etc/nginx/conf.d/rainloop
ports:
- "8081:80"
labels:
- "traefik.frontend.rule=Host:www.example.com"
- "traefik.port=8081"
and traefik in docker-compose with the following config:
version: '3'
services:
reverse-proxy:
image: traefik:alpine
command: --api --docker
ports:
- "80:80" # The HTTP port
- "8080:8080" # The Web UI (enabled by --api)
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- ./traefik.toml:/etc/traefik/traefik.toml
the traefik.toml is kept basic and looks like this
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
The Web UI shows the following
When calling my domain www.example.com I get a timeout.
Add the following in your traefik.toml
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
Create a network with docker network create traefik-net
Deploy traefik with
version: '3'
services:
traefik:
image: traefik:latest
command: --api
ports:
- 80:80
- 8080:8080 # Port for the web UI
networks:
- traefik-net
Deploy nginx with
version: '3'
services:
frontend:
image: nginx
networks:
- traefik-net
labels:
- "traefik.docker.network=traefik-net"
- "traefik.frontend.rule=Host:${DOMAIN}"
- "traefik.backend=nginx"
- "traefik.port=80" # you should use exposed port, not published
You need to put both container on same network.
Create a docker network inside your host machine. docker network create {network name}.
In your docker-compose use the existing network that you created to connect both containers. You can read https://docs.docker.com/compose/networking/#use-a-pre-existing-network on how to use it.
Add each service to the above network.
I have 3 services up and running.
A mariadb & nextcloud instance:
version: '2.1'
volumes:
nextcloud:
db:
services:
db:
image: mariadb
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=my_root_password
- MYSQL_PASSWORD=my_password
- MYSQL_DATABASE=my_database
- MYSQL_USER=my_user
app:
image: nextcloud
restart: always
networks:
- web
- default
ports:
- 9000
labels:
- "traefik.backend=app"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:my_host"
- "traefik.enable=true"
- "traefik.port=9000"
- "traefik.default.protocol=http"
networks:
web:
external: true
And a traefik service:
version: '2'
services:
traefik:
image: traefik:1.5.4
restart: always
ports:
- 80:80
- 443:443
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/traefik/traefik.toml:/traefik.toml
- /opt/traefik/acme.json:/acme.json
container_name: traefik
networks:
web:
external: true
This traefik instance is using this config file:
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "my_host"
watch = true
exposedByDefault = false
[acme]
email = "my_email"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
Now when I goto my host, it redirects to HTTPS but then it just displays bad gateway and nothing else. It should display the nextcloud web application. Anyone know why this is happening? I am running the compose files using the docker-compose up -d command.
It might be too late now but I also ran into this issue myself, so posting an answer to what resolved it for me.
Nextcloud exposes port 80 on the container's IP address which Traefik is trying to connect to. So you incorrectly specified the port for 'traefik.port' label. Change it from 9000 to 80.