Traefik middle-wares are not working with docker compose - docker

I am trying to work with traefik middlewares but none of the traefik middleware is working for deployed service following is the docker-compose file and toml file. I am initializing traefik with a toml file Can someone spot any error?
version: '3'
services:
traefik:
image: traefik
command: -c /traefik.toml --logLevel=DEBUG
ports:
- "80:80"
- "8086:8080"
networks:
- traefik
volumes:
- ./traefik.toml:/traefik.toml
- /var/run/docker.sock:/var/run/docker.sock
whoami:
image: emilevauge/whoami
networks:
- traefik
labels:
- traefik.enable=true
- "traefik.frontend.rule=Host:link.docker.localhost"
authservice:
image: authservice
networks:
- traefik
ports:
- "7000:80"
labels:
- traefik.enable=true
- "traefik.frontend.rule=Host:authservice.docker.localhost"
- "traefik.http.middlewares.test-replacepath.replacepath.path=/swagger"
networks:
traefik:
---------toml file
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true
[web]
address = ":8080"
[docker]
endpoint = "unix:///var/run/docker.sock"

You are using a mix of Traefik v1 and Traefik v2 configuration.
traefik.frontend.rule -> Traefik v1
traefik.http.middlewares.test-replacepath.replacepath.path -> Traefik v2
Traefik v1 and Traefik v2 configuration are not compatible.
The documentations:
https://docs.traefik.io/v1.7/configuration/backends/docker/
https://docs.traefik.io/v2.0/

Related

Traefik cannot Issue Lets Encrypt Cert for gitlab container on different port

im running a gitlab-ee docker container behind a traefik v1 docker container. My gitlab is supposed to run on the domain gitlab.dev.example.com:65443 the port 65443 is being forwarded to 443 on my server within my router (i have other stuff running on my 443 and 80 port). my traefik dashboard is running on traefik.dev.example.com:65443/dashboard/
Now when i want to get a lets encrypt certificate with traefik it tries to get it for the domain gitlab.dev.example.com and fails with "Unable to obtain ACME certificate for domains "gitlab.dev.example.com" [...]"
if i visit https://gitlab.dev.example.com:65443 it opens my gitlab container but with the "Traefik Default Cert". I cannot push or pull from these gitlab repositories because the SSL Certificates are self signed hence why i want to get a lets encrypt one.
i swapped out the actual domain with "example.com" obviously
my traefik.toml:
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https", "http"]
[web]
address = ":80"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "traefik.dev.example.com" //swapped the url out
watch = true
exposedByDefault = false
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Enable retry sending a request if the network error
[retry]
# Let's encrypt configuration
[acme]
email="e#mail.com" //swapped the email out
storage="acme.json"
entryPoint="https"
acmeLogging=true
OnHostRule=true
[acme.httpChallenge]
entryPoint = "http"
now to my docker-compose files. i have a seperate docker-compose.yml for each container
my docker-compose.yml for the traefik container:
version: "3.2"
services:
reverse-proxy:
image: traefik:alpine
command: --api --docker --logLevel=error
restart: unless-stopped
container_name: docker-traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/etc/traefik/traefik.toml
- ./acme.json:/acme.json
environment:
- "TZ=Europe/Berlin"
networks:
- traefik_proxy
- default
ports:
- "443:443"
- "80:80"
logging:
driver: "json-file"
options:
max-file: "3"
max-size: "5m"
labels:
- traefik.backend=traefik-proxy
- traefik.frontend.rule=Host:traefik.dev.loropserver.de
- traefik.docker.network=traefik_proxy
- traefik.port=8080
- traefik.enable=true
- traefik.frontend.auth.basic=lorop:$$apr1$$dHnqprRX$$DjIWIaE97EnMoxwu6o/14.
networks:
traefik_proxy:
external:
name: traefik_proxy
# default:
# driver: bridge
my docker-compose.yml for the gitlab container:
version: '3.5'
services:
gitlab:
image: 'gitlab/gitlab-ee:latest'
container_name: gitlab
restart: unless-stopped
hostname: 'gitlab.dev.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.dev.example.com';
//some more configs
ports:
- '22:22'
- '5005:5005'
volumes:
- './volumes/gitlab/config:/etc/gitlab'
- './volumes/gitlab/logs:/var/log/gitlab'
- './volumes/gitlab/data:/var/opt/gitlab'
- /etc/localtime:/etc/localtime:ro
- './certs:/etc/gitlab/trusted-certs'
networks:
- traefik_proxy
labels:
- 'traefik.enable=true'
- 'traefik.port=65443'
- 'traefik.docker.network=traefik_proxy'
- 'traefik.backend=gitlab'
- 'traefik.frontend.rule=Host:gitlab.dev.example.com'
- 'traefik.http.routers.entrypoints=websecure'
networks:
traefik_proxy:
external: true

'Internal Server Error' when deploying Application with Traefik and LetsEncrypt

I'm new to SSL certificates with Traefik and have been having real trouble getting a successful deployment.
I have a server and domain that I have deployed my application on using Traefik and Http without issue. I would now like to deploy the same application, running on port 9000, to be deployed in Https using LetsEncrypt following the Traefik docs . I can verify that the certificate has been properly created using an SSL checker, however, when I try to visit the site I get Internal Server Error. There are no errors reported in either of the docker logs and I cannot figure out what to try next.
docker-compose.yml
version: '2'
services:
traefik:
image: traefik:v1.7
restart: always
ports:
- 80:80
- 443:443
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/traefik/traefik.toml:/traefik.toml
- /opt/traefik/acme.json:/acme.json
container_name: traefik
app:
image: myapp_image
container_name: app
restart: always
networks:
- web
ports:
- "9000:9000"
labels:
- "traefik.docker.network=web"
- "traefik.enable=true"
- "traefik.basic.frontend.rule=Host:myapp.com"
- "traefik.basic.port=9000"
- "traefik.basic.protocol=http"
- "traefik.admin.frontend.rule=Host:myapp.com"
- "traefik.admin.protocol=https"
- "traefik.admin.port=9000"
networks:
web:
external: true
traefik.toml
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "myapp.com"
watch = true
exposedByDefault = false
[acme]
email = "myemail#email.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
Finally was able to find a workable solution for this. I may have just been using old information but the best reference to host an application with Traefik on Https using LetsEncrypt was found here.
The working Yaml example is below. Using this example will also eliminate the need for a Toml file!
version: "3.3"
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=postmaster#example.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"

Why do my configurations of Grafana, Docker and Traefik not route my requests to Grafana's frontpage?

I am new to traefik and am trying to set up my containers to be reverse-proxied by traefik at the moment. It all worked fine while using traefik.frontend.rule=Host:grafana01.mydomain.com for routing requests to grafana01.mydomain.com, but due to infrastructural issues within our network I'd rather use traefik.frontend.rule=Path:/grafana01/ to redirect to mydomain.com/grafana01. Yet for some reason it does not work.
My traefik.toml file as well as my two docker-compose.yml files for traefik and grafana, respectively:
#Traefik Global Configuration
debug = false
checkNewVersion = true
logLevel = "ERROR"
#Define the EntryPoint for HTTP and HTTPS
defaultEntryPoints = ["https","http"]
#Enable Traefik Dashboard on port 8080
[web]
address = ":8080"
#Define the HTTP port 80 and
#HTTPS port 443 EntryPoint
#Enable automatically redirect HTTP to HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
#Enable retry sending a request if the network error
[retry]
#Define Docker Backend Configuration
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "mydomain.com"
watch = true
#Letsencrypt Registration
#Define the Letsencrypt ACME HTTP challenge
[acme]
email = "some_email"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
version: '3'
services:
traefik:
image: traefik:latest
command: --docker --docker.mydomain.com
ports:
- 80:80
- 443:443
networks:
- traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
labels:
- "traefik.frontend.rule=Host:mydomain.com"
- "traefik.port=8080"
- "traefik.backend=traefik"
container_name: traefik
restart: always
networks:
traefik:
external: true
version: '3'
services:
grafana01:
image: grafana/grafana
labels:
- traefik.port=3000
- traefik.backend=grafana01
- traefik.frontend.rule=Path:/grafana01/
- traefik.docker.network=traefik
networks:
- traefik
environment:
- GF_SECURITY_ADMIN_PASSWORD=secret
volumes:
- /srv/docker/grafana01/data:/var/lib/grafana
container_name: grafana01
restart: always
grafana02:
image: grafana/grafana
labels:
- traefik:port=3001
- traefik.backend=grafana02
- traefik.frontend.rule=Path:/grafana02/
- traefik.docker.network=traefik
- traefik.enable=true
networks:
- traefik
environment:
- GF_SECURITY_ADMIN_PASSWORD=secret
volumes:
- /srv/docker/grafana02/data:/var/lib/grafana
container_name: grafana02
restart: always
networks:
traefik:
external: true
I'd appreciate any help!
Changing traefik.frontend.rule=Path:/grafana01/ to
traefik.frontend.rule=PathPrefixStrip:/grafana01 as well as adding
GF_SERVER_ROOT_URL=%(protocol)s://%(domain)s/grafana01
did the trick for me.

traefik send http over wrong port to gitlab

I'm setting up a gitlab server behind traefik proxy, but my gitlab sshd logs says traefik send http request over 22 port to gitlab, causing Internal server error.
==> /var/log/gitlab/sshd/current <==
gitlab | 2019-08-27_03:39:15.42508 Bad protocol version identification 'GET / HTTP/1.1' from 192.168.144.2 port 33462
I found there is a similar discuss here, however the answer did not work, is there any way to change gitlab backend from 22 to 80?
The following is my code and configs.
# traefik docker-compose.yaml
version: '3'
services:
traefik:
container_name: traefik
image: traefik
command: --api
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
networks:
- web
ports:
- 8080:8080
- 80:80
- 443:443
networks:
web:
external: true
# traefik.toml
debug = false
logLevel = "INFO"
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "mydomain.com"
watch = true
exposedByDefault = false
# gitlab docker-compose.yaml
version: '3'
services:
# expose 22 80 443
gitlab:
container_name: gitlab
image: gitlab/gitlab-ee
volumes:
- /nsrv/gitlab/config:/etc/gitlab
- /nsrv/gitlab/logs:/var/log/gitlab
- /nsrv/gitlab/data:/var/opt/gitlab
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:gitlab.mydomain.com
- traefik.prot=80
networks:
- web
restart: always
networks:
web:
external: true
Looks like you have a typo in your gitlab docker-compose.yaml file.
Replace traefik.prot by traefik.port and it should work better.

Traefik Reverse Proxy with Docker

I have docker compose with nginx running with the following config:
version: "3"
services:
web:
image: nginx:alpine
volumes:
- ./nginx:/etc/nginx/conf.d/rainloop
ports:
- "8081:80"
labels:
- "traefik.frontend.rule=Host:www.example.com"
- "traefik.port=8081"
and traefik in docker-compose with the following config:
version: '3'
services:
reverse-proxy:
image: traefik:alpine
command: --api --docker
ports:
- "80:80" # The HTTP port
- "8080:8080" # The Web UI (enabled by --api)
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- ./traefik.toml:/etc/traefik/traefik.toml
the traefik.toml is kept basic and looks like this
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
The Web UI shows the following
When calling my domain www.example.com I get a timeout.
Add the following in your traefik.toml
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
Create a network with docker network create traefik-net
Deploy traefik with
version: '3'
services:
traefik:
image: traefik:latest
command: --api
ports:
- 80:80
- 8080:8080 # Port for the web UI
networks:
- traefik-net
Deploy nginx with
version: '3'
services:
frontend:
image: nginx
networks:
- traefik-net
labels:
- "traefik.docker.network=traefik-net"
- "traefik.frontend.rule=Host:${DOMAIN}"
- "traefik.backend=nginx"
- "traefik.port=80" # you should use exposed port, not published
You need to put both container on same network.
Create a docker network inside your host machine. docker network create {network name}.
In your docker-compose use the existing network that you created to connect both containers. You can read https://docs.docker.com/compose/networking/#use-a-pre-existing-network on how to use it.
Add each service to the above network.

Resources