Develop Reference

Why doesn't traefik find the project?

I have a laravel project running through docker containers. One of the docker containers is a traefik, but when I try to run the docker-compose up command, it returns a single log: msg="Failed to read new account, ACME data conversion is not available : permissions 755 for acme.json are too open, please use 600". I tried to change permissions for asme.json on my ssh, but even after chmod 600 acme.json it returns this log again. On top of that, when I try to connect to the site via https, there is an error 404 page not found, I got a similar error when I set up the nginx container, because I incorrectly specified the path to the project, but I don’t know what to do now. There are my
1)traefik.tom
logLevel = "ERROR"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[api]
[ping]
# Enable Docker configuration backend
[docker]
network = "nginx-proxy"
domain = "mysite"
watch = true
exposedByDefault = false
[acme]
email = "my#gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
caServer = "https://acme-v02.api.letsencrypt.org/directory"
[acme.httpChallenge]
entryPoint = "http"
[acme.dnsChallenge]
provider = "cloudflare"
delayBeforeCheck = 0```
And 2) docker-compose.traefik.yml
---
version: "3.6"
networks:
default:
name: nginx-proxy
external: true
services:
traefik:
image: "traefik:v1.7.14"
container_name: ${COMPOSE_PROJECT_NAME}.traefik
restart: unless-stopped
ports:
- 80:80
- 443:443
expose:
# traefik dashboard port
- 8080
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`mysite`)"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.services.traefik-traefik.loadbalancer.server.port=888"
- "traefik.port=8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./docker/traefik/traefik.toml:/etc/traefik/traefik.toml
- ./docker/traefik/:/acme.json
environment:
- CF_API_EMAIL=myapifemail
- CF_API_KEY=myapikey

based on what I see, you are using a volume to store the acme certificates as described here. But it seems you misread the volume binding and wrote
- ./docker/traefik/:/acme.json
instead of
- ./docker/traefik/acme.json:/acme.json
Doing so the folder is mounted as a file and end up with wrong permissions. Correcting the line should make it works.

Traefik uses wrong frontend rule with Jupyterhub

Traefik uses a different frontend rule for Jupyterhub than the one that I specified as label. I set it to 'hub.domain.com' but traefik says rule found "Host:jupyterhub.jupyterhub.domain.com". There seems to be some overwriting going on. There is no label with "Host:jupyterhub.jupyterhub.domain.com"
This is my Docker Compose:
version: '3'
services:
jupyterhub:
build: jupyterhub
container_name: jupyterhub_hub
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
DOCKER_JUPYTER_IMAGE: jupyterlab_img
DOCKER_NETWORK_NAME: ${COMPOSE_PROJECT_NAME}_default
OAUTH_CLIENT_ID: ${OAUTH_CLIENT_ID}
OAUTH_CLIENT_SECRET: ${OAUTH_CLIENT_SECRET}
OAUTH_CALLBACK_URL: ${OAUTH_CALLBACK_URL}
HUB_IP: jupyterhub_hub
labels:
- "traefik.enable=true"
- "treafik.frontend.rule=Host:${HOST}"
volumes:
- jupyterhub_data:/srv/jupyterhub
traefik:
image: traefik:1.7-alpine
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /opt/appdata/traefik/traefik.toml:/etc/traefik/traefik.toml
- /var/run/docker.sock:/var/run/docker.sock
- /opt/appdata/traefik/acme.json:/etc/traefik/acme.json
jupyterlab:
build: jupyterlab
image: jupyterlab_img
command: echo
volumes:
jupyterhub_data:
And this is my traefik.toml:
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[api]
dashboard = true
insecure = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "domain.com"
watch = true
exposedByDefault = false
[acme]
email = "info#domain.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"

Traefik. Proxy to another backend

If I please contact domain.com/api/v0/add, I get the expected result, but if I speak at domain.com/ipfs, then get 404.
How to proxy all calls starting with the way /ipfs ??
I briefly studied the documentation traefik, but never found an answer.
I have docker-compose.yml file:
version: '3.4'
volumes:
traefik: {}
services:
ipfs0:
container_name: ipfs0
image: ipfs/go-ipfs:release
ports:
- "4001:4001"
- "5001:5001"
- "8080:8080"
volumes:
- ./compose/ipfs0:/data/ipfs
ipfs1:
container_name: ipfs1
image: ipfs/go-ipfs:release
ports:
- "4101:4001" # ipfs swarm
- "5101:5001" # expose if needed/wanted
- "8180:8080" # exposes if needed/wanted
volumes:
- ./compose/ipfs1:/data/ipfs
traefik:
build:
context: .
dockerfile: ./compose/traefik/Dockerfile
depends_on:
- ipfs0
volumes:
- traefik:/etc/traefik/acme
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
and traefik.toml file
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]
# Entrypoints, http and https
[entryPoints]
# http should be redirected to https
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
# https is the default
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Enable ACME (Let's Encrypt): automatic SSL
[acme]
# Email address used for registration
email = "*******************#gmail.com"
storage = "/etc/traefik/acme/acme.json"
entryPoint = "https"
onDemand = false
OnHostRule = true
# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
[acme.httpChallenge]
entryPoint = "http"
[file]
[backends]
[backends.ipfs0]
[backends.ipfs0.servers.server1]
path = "/api"
url = "http://ipfs0:5001"
[backends.ipfs1]
[backends.ipfs1.servers.server1]
path = "/ipfs"
url = "http://ipfs1:8180"
[frontends]
[frontends.ipfs0]
backend = "ipfs0"
passHostHeader = truea
[frontends.ipfs0.routes.dr1]
rule = "Host:domain.com"
[frontends.ipfs1]
backend = "ipfs1"
passHostHeader = true
[frontends.ipfs1.routes.dr1]
rule = "Host:domain.com"

Unable to route traffic to docker container via traefik

I'm trying to route traffic from my domain foobar.com to the backend container through traefik as a reverse proxy. But I cannot see the problem! Can anyone help?
My traefik.toml file looks like this:
debug = true
logLevel = "ERROR"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "foobar.com"
watch = true
exposedByDefault = false
network = "web"
[acme]
email = "my-email-here#gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
My docker-compose for traefik:
version: '2'
services:
traefik:
image: traefik:latest
restart: always
command: --docker --web
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/dockerfiles/traefik/traefik.toml:/traefik.toml
- /home/dockerfiles/traefik/acme.json:/acme.json
container_name: traefik
networks:
web:
external: true
I'm trying to setup a sample ghost blog. The docker-compose file looks like this:
version: '2.1'
services:
ghost:
image: ghost:1-alpine
restart: always
expose:
- "2368"
labels:
- traefik.docker.network=web
- traefik.enable=true
- traefik.frontend.rule=Host:foobar.com
- traefik.port=2368
- traefik.protocol=http
- traefik.backend=ghost
networks:
- web
networks:
web:
external: true

Trafik.io as docker container with basic auth

I want the following setup:
run traefik as docker container via docker compose
hide the dashboard behind a traefik frontend and use basic auth
what do I have?
A simple docker-compose.yml:
version: '3'
services:
traefik:
image: traefik
command: --api --docker --docker.domain=domain.com --logLevel=WARN
networks:
- webgateway
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
labels:
- "traefik.frontend.rule=Host:traefik.domain.com"
- "traefik.port=8080"
networks:
webgateway:
driver: bridge
and a traefik.toml like this:
logLevel = "DEBUG"
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.traefik]
[entryPoints.traefik.auth]
[entryPoints.traefik.auth.basic]
users = [
"admin:$SomeSaltedString"
]
[api]
entryPoint = "traefik"
dashboard = true
[ping]
[docker]
exposedbydefault = false
I would expect, that because of the traefik labels in the compose file the dasboard from port 8080 is available via traefik.domain.com and protected via basic auth because of the the entrypoint configuration in the traefik config.
But what does happen is the following:
curl -L http://traefik.domain.com
Bad Gateway%
Any idea whats wrong here? I don't find any logs somewhere

You can just use a label
- "traefik.frontend.auth.basic.users=username:$$apr1$$EgzP3sdp$$/AbxxRulwvuoE.3ReJo.i/"
The username password pair is generated by
echo $(htpasswd -nb <AUTH-USER> <AUTH-PASS>) | sed -e s/\\$/\\$\\$/g.

You have to define an address for your Traefik Web UI. Your traefik.toml should look like this:
logLevel = "DEBUG"
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.traefik]
address = ":8080"
[entryPoints.traefik.auth]
[entryPoints.traefik.auth.basic]
users = [
"admin:$SomeSaltedString"
]
[api]
entryPoint = "traefik"
dashboard = true
[ping]
[docker]
exposedbydefault = false