I am encountering some conflicts between the traefik.frontend.redirect and PathPrefixStrip. the docker-compose.yml file below always routes www.mysite.nl/adminer to the wordpress container. If I omit the redirect rules it works correctly and i get routed to the adminer instance. How can I make these rules work together?
Drilled down docker-comose.yml:
version: '3'
services:
wordpress:
image: wordpress:latest
restart: $RESTART
container_name: ${COMPOSE_PROJECT_NAME}_wp
depends_on:
- mysql
networks:
- web
labels:
- 'traefik.backend=$COMPOSE_PROJECT_NAME'
- 'traefik.entrypoint=https'
- 'traefik.enable=true'
- 'traefik.frontend.rule=Host:mysite.nl, www.mysite.nl, cdn.mysite.net'
# omitting these rules make the adminer instance reachable
- 'traefik.frontend.redirect.regex=^https?://mysite.nl/(.*)'
- 'traefik.frontend.redirect.replacement=https://www.mysite.nl/$${1}'
mysql:
image: mysql:latest
restart: $RESTART
container_name: ${COMPOSE_PROJECT_NAME}_db
networks:
- web
adminer:
image: adminer:4.6.2
restart: $RESTART
container_name: ${COMPOSE_PROJECT_NAME}
depends_on:
- mysql
networks:
- web
labels:
- 'traefik.backend=${COMPOSE_PROJECT_NAME}_adminer'
- 'traefik.entrypoint=https'
- 'traefik.enable=true'
- 'traefik.frontend.rule=Host:www.mysite.nl;PathPrefixStrip:/adminer'
networks:
web:
external:
name: traefik_${COMPOSE_PROJECT_NAME}_web
The issue you are running into is due to overlapping rules.
The request www.mysite.nl/adminer
Matches both:
traefik.frontend.rule=Host:mysite.nl, www.mysite.nl, cdn.mysite.net
and traefik.frontend.rule=Host:www.mysite.nl;PathPrefixStrip:/adminer
Therefore Traefik does not know which to route requests to.
Use the traefik.frontend.priority label to set an order for matching (from https://docs.traefik.io/configuration/backends/docker/#on-containers)
With help from Daniel Tomcej i came to the following working docker-compose.yml. You have to set the priority explicitly on both containers.
version: '3'
services:
wordpress:
image: wordpress:latest
restart: $RESTART
container_name: ${COMPOSE_PROJECT_NAME}_wp
depends_on:
- mysql
networks:
- web
labels:
- 'traefik.backend=$COMPOSE_PROJECT_NAME'
- 'traefik.entrypoint=https'
- 'traefik.enable=true'
- 'traefik.frontend.rule=Host:mysite.nl, www.mysite.nl, cdn.mysite.net'
- 'traefik.frontend.redirect.regex=^https?://mysite.nl/(.*)'
- 'traefik.frontend.redirect.replacement=https://www.mysite.nl/$${1}'
- 'traefik.frontend.priority=5'
mysql:
image: mysql:latest
restart: $RESTART
container_name: ${COMPOSE_PROJECT_NAME}_db
networks:
- web
adminer:
image: adminer:4.6.2
restart: $RESTART
container_name: ${COMPOSE_PROJECT_NAME}
depends_on:
- mysql
networks:
- web
labels:
- 'traefik.backend=${COMPOSE_PROJECT_NAME}_adminer'
- 'traefik.entrypoint=https'
- 'traefik.enable=true'
- 'traefik.frontend.rule=Host:www.mysite.nl;PathPrefixStrip:/adminer'
- 'traefik.frontend.priority=20'
networks:
web:
external:
name: traefik_${COMPOSE_PROJECT_NAME}_web
Related
I've got my docker environment setup using traefik and I've got two services running at the moment.
I'm using Google OAuth for authentication which redirects to my web application with auth-code. The redirect URL isn't allowed anything but localhost or localhost:<any-port> or any CDN. I've setup my docker for http://portal.local.
I now want http://localhost/user/googleLogin?code=xxxxxxxxxx to be translated to http://portal.local/user/googleLogin?code=xxxxxxxx for further processing of authentication.
Right now, I'm having to manually change localhost to portal.local in browser URL after it gives site not found error, which then takes me to further processing.
Below is my docker-compose.yml file.
version: "3.9"
services:
portal-traefik:
container_name: portal-traefik
command:
- --api.insecure=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
# - --entrypoints.websecure.address=:443
# - --certificatesresolvers.myresolver.acme.httpchallenge=true
# - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
# - --certificatesresolvers.myresolver.acme.email=ssl#idealsalessolutions.com
# - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json
image: traefik:latest
networks:
api_driven:
ports:
- "80:80"
- "8080:8080"
# - "443:443"
restart: unless-stopped
volumes:
- portal_acme:/acme
- /var/run/docker.sock:/var/run/docker.sock:ro
api-i4f:
container_name: api-i4f
depends_on:
- php-i4f
- portal-traefik
image: nginx:stable-alpine
labels:
- traefik.enable=true
- traefik.http.routers.api.rule=Host(`api.local`)
networks:
api_driven:
restart: unless-stopped
volumes:
- ../docker.sites/api.local:/usr/share/nginx/api.local
- ./conf/nginx/conf.d:/etc/nginx/conf.d:ro
command: [nginx, '-g', 'daemon off;']
hostname: api.local
portal-i4f:
container_name: portal-i4f
depends_on:
- php-i4f
- portal-traefik
image: nginx:stable-alpine
labels:
- traefik.enable=true
- traefik.http.routers.portal.rule=Host(`portal.local`)
networks:
api_driven:
restart: unless-stopped
volumes:
- ../docker.sites/portal.local:/usr/share/nginx/portal.local
- ./conf/nginx/conf.d:/etc/nginx/conf.d:ro
command: [nginx, '-g', 'daemon off;']
hostname: portal.local
php-i4f:
container_name: php-i4f
depends_on:
- portal-traefik
image: isshub/core:php7.4.30-fpm-alpine3.16-intl-mysql
networks:
api_driven:
restart: unless-stopped
volumes:
- ../docker.sites/api.local:/usr/share/nginx/api.local
- ../docker.sites/portal.local:/usr/share/nginx/portal.local
networks:
api_driven:
name: "api_driven"
volumes:
portal_acme:
I've tried to use multiple router rules to listen to both localhost and portal.local using regex/replacement middlewares as well but that stops the service at all and gives 404 error.
I had two container frontend (nginx :80) and backend (nodejs :3000).
I'm trying to redirect all path to my frontend : localhost/* to my frontend
Except one path to my backend API : localhost/v1/* to my backend
I secure my database container (mongodb) by allowing only communication with my backend
Here is my docker-compose.yml (I'm only using this)
version: '3'
services:
traefik:
image: traefik:v2.3
container_name: traefik
command:
- --api.insecure=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
ports:
- "8080:8080"
- "443:443"
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
frontend:
image: registry.gitlab.com/test/frontend
container_name: frontend
build:
context: ../frontend/.
labels:
- traefik.enable=true
- traefik.http.routers.frontend.rule=PathPrefix(`/`)
- traefik.http.routers.frontend.entrypoints=web
networks:
- traefik-network
backend:
image: registry.gitlab.com/test/backend
container_name: backend
build:
context: ../backend/.
labels:
- traefik.enable=true
- traefik.http.routers.backend.rule=PathPrefix(`/v1`)
- traefik.http.routers.backend.service=backend
- traefik.http.routers.backend.entrypoints=web
- traefik.http.services.backend.loadbalancer.server.port=3000
command: yarn start
environment:
- MONGODB_URL=mongodb://mongodb:27017/backend
depends_on:
- mongodb
volumes:
- ../backend/.:/usr/src/backend
networks:
- traefik-network
- backend-network
mongodb:
image: mongo:4.2.1-bionic
container_name: mongodb
ports:
- 27017:27017
volumes:
- dbdata:/data/db
networks:
- backend-network
volumes:
dbdata:
networks:
backend-network:
traefik-network:
The problem is...
If the frontend (backend and traefik too) is turned on
the paths to localhost/* work (this is what I want),
but the paths to localhost/v1/* don't work (Problem here!).
If the frontend is turned off but traefik and backend is turned on
the paths to localhost/* don't work (of course, that's right),
but the paths to localhost/v1/* work (of course, this is what I want).
I've tried a lot of solutions but nothing seems to work the way I want it to.
What did I misunderstand?
Thanks for helping,
Have a nice day
Try to add the following labels to the backend service
- "traefik.http.routers.backend.rule=Host(`servicex.me`) && Path(`/v1`)"
and frontend
- traefik.http.routers.frontend.rule=Host(`servicex.me`)
you also need to add this line to your /etc/hosts
127.0.0.1 servicex.me
and make sure that you stop and start the services
Complete Example
version: '3'
services:
traefik:
image: traefik:v2.3
container_name: traefik
command:
- --api.insecure=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
ports:
- "8080:8080"
- "443:443"
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
frontend:
image: registry.gitlab.com/test/frontend
container_name: frontend
build:
context: ../frontend/.
labels:
- traefik.enable=true
- traefik.http.routers.frontend.rule=Host(`servicex.me`)
- traefik.http.routers.frontend.entrypoints=web
- traefik.http.routers.frontend.service=frontend
- traefik.http.services.frontend.loadbalancer.server.port=80
networks:
- traefik-network
backend:
image: registry.gitlab.com/test/backend
container_name: backend
build:
context: ../backend/.
labels:
- traefik.enable=true
- "traefik.http.routers.backend.rule=Host(`servicex.me`) && Path(`/v1`)"
- traefik.http.routers.backend.service=backend
- traefik.http.routers.backend.entrypoints=web
- traefik.http.services.backend.loadbalancer.server.port=3000
command: yarn start
environment:
- MONGODB_URL=mongodb://mongodb:27017/backend
depends_on:
- mongodb
volumes:
- ../backend/.:/usr/src/backend
networks:
- traefik-network
- backend-network
mongodb:
image: mongo:4.2.1-bionic
container_name: mongodb
ports:
- 27017:27017
volumes:
- dbdata:/data/db
networks:
- backend-network
volumes:
dbdata:
networks:
backend-network:
traefik-network:
BTW, why do you need both traefik and nginx (Both are doing the same job), it would be better if you can replace one with another.
I added this label to my containers
traefik.docker.network=traefik-network
It works fine now
hay, i have docker-compose and install container for odoo 12, this is my docker-compose.yaml file
version: '3.3'
services:
odoo12:
image: odoo:12.0
container_name: odoo12
restart: unless-stopped
depends_on:
- db12-odoo
ports:
- 8013:8069
volumes:
- odoo12-web-data:/var/lib/odoo
- ./etc:/etc/odoo
- ./addons:/mnt/extra-addons
db12-odoo:
image: postgres:12
container_name: db12-odoo
restart: unless-stopped
ports:
- 9091:5432
environment:
- POSTGRES_PASSWORD=odoo12
- POSTGRES_USER=odoo12
- POSTGRES_DB=postgres12
- PGDATA=/var/lib/postgresql/data/pgdata
volumes:
- odoo12-db-data:/var/lib/postgresql/data/pgdata
pgadmin12-demo:
image: dpage/pgadmin4
container_name: pgadmin12
restart: unless-stopped
environment:
PGADMIN_DEFAULT_EMAIL: odoo12#gmail.com
PGADMIN_DEFAULT_PASSWORD: admin
ports:
- 7778:80
volumes:
- pgadmin12-data:/var/lib/pgadmin
depends_on:
- db12-odoo
volumes:
odoo12-web-data:
odoo12-db-data:
pgadmin12-data:
all service is running , but just service odoo12 is not running, when i access localhost:8013 in browser is error, and when i see logs service odoo12 , error like this:
Database connection failure: could not translate host name "db" to address: Temporary failure in name resolution
whats wrong with my config ? thanks
Your database has a DNS name db12-odoo not db. Either change config of your application so that it connects to db12-odoo or change name of the service:
db: # it was called 'db12-odoo' previously
image: postgres:12
container_name: db12-odoo
restart: unless-stopped
ports:
- 9091:5432
environment:
- POSTGRES_PASSWORD=odoo12
- POSTGRES_USER=odoo12
- POSTGRES_DB=postgres12
- PGDATA=/var/lib/postgresql/data/pgdata
volumes:
- odoo12-db-data:/var/lib/postgresql/data/pgdata
You can also add a network alias instead of changing service name:
db12-odoo:
image: postgres:12
container_name: db12-odoo
restart: unless-stopped
ports:
- 9091:5432
environment:
- POSTGRES_PASSWORD=odoo12
- POSTGRES_USER=odoo12
- POSTGRES_DB=postgres12
- PGDATA=/var/lib/postgresql/data/pgdata
volumes:
- odoo12-db-data:/var/lib/postgresql/data/pgdata
networks:
default:
aliases:
- db
I am attempting to create multiple Docker-Compose projects and have them share a single service, a database server. I'm currently unable to get projects to use my mariadb instance. I'm not sure if my issues is in traefik or docker. I can get wordpress to recognize the database if it is included in the same docker-compose, but as I would ultimately like to not have multiple instances of a database server running, I would prefer it to be it's own project.
# ~/docker/traefik/docker-compose.yml
version: "3.3"
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
- "--api=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=namedotcom"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=<MY-EMAIL>"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
networks:
t2_proxy:
ports:
- "80:80"
- "443:443"
environment:
- "NAMECOM_USERNAME=<My-USERNAME>
- "NAMECOM_API_TOKEN=<My-Token>
labels:
# Dashboard
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`api.mydomain.com`)"
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.middlewares=admin"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.middlewares.admin.basicauth.users=myuser:mypasswordhash/"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# global redirect to https
- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirs.entrypoints=web"
- "traefik.http.routers.redirs.middlewares=redirect-to-https"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
t2_proxy:
# ~/docker/db/docker-compose.yml
version: '3.3'
services:
mysql:
image: mariadb
container_name: "mariadb"
restart: always
environment:
MYSQL_ROOT_PASSWORD: example
MYSQL_DATABASE: wordpressDB
MYSQL_USER: wordpressUSER
MYSQL_PASSWORD: wordpressPW
networks:
default:
ports:
- 3306:3306
adminer:
image: adminer
restart: always
container_name: "adminer"
labels:
- "traefik.enable=true"
- "traefik.http.routers.adminer.rule=PathPrefix(`/adminer`)"
- "traefik.http.routers.adminer.entrypoints=websecure"
- "traefik.http.routers.adminer.tls.certresolver=myresolver"
networks:
- default
- traefik_t2_proxy
networks:
default:
traefik_t2_proxy:
external: true
# ~/docker/wordpress/docker-compose.yml
version: '3.3'
services:
wordpress:
image: wordpress:latest
restart: always
container_name: "mySite"
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpressUSER
WORDPRESS_DB_PASSWORD: wordpressPW
WORDPRESS_DB_NAME: wordpressDB
networks:
traefik_t2_proxy:
db_default:
labels:
- "traefik.enable=true"
- "traefik.http.routers.wp2.rule=PathPrefix(`/wordpress`)"
- "traefik.http.routers.wp2.entrypoints=websecure"
- "traefik.http.routers.wp2.tls.certresolver=myresolver"
volumes:
db_data: {}
networks:
traefik_t2_proxy:
external: true
db_default:
external: true
You can have multiple docker-compose files, with the same network and run them together as below:
docker-compose -f docker-compose-1.yml -f docker-compose-2.yml up -d
But if you need the services to recognize eachother, the networks should be the same. Give your traefik_t2_proxy network to mysql too.
I'm trying to proxy the pgAdmin web interface using segment URLs. But I have some problems with this.
When I'm accessing the browser with the following URL -> http://localhost/pgadmin, it redirects me to the following URL -> http://localhost/login?next=%2F. This is the internal routing of pgAdmin.
I want routing to be next http://localhost/pgadmin/login?next=%2F.
Could you tell me how can I achieve this.
Here is an example of my docker-compose configuration
version: '3.7'
services:
traefik:
image: traefik:v2.2
container_name: traefik
restart: always
networks:
applications_network:
ipv4_address: 172.20.1.1
ports:
- "80:80"
- "8080:8080"
command:
- "--api.insecure=true --providers.docker"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--log.level=debug"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
pgAdmin4:
image: dpage/pgadmin4:latest
container_name: pgAdmin4
restart: always
networks:
applications_network:
ipv4_address: 172.20.2.1
ports:
- "15432:80"
environment:
PGADMIN_DEFAULT_EMAIL: "admin#test.com"
PGADMIN_DEFAULT_PASSWORD: "postgres"
labels:
- "traefik.enable=true"
- "traefik.http.routers.pgAdmin4.rule=Host(`localhost`)"
- "traefik.http.middlewares.pgAdmin4-prefix.stripprefix.prefixes=/pgadmin"
- "traefik.http.routers.pgAdmin4.middlewares=pgAdmin4-prefix"
- "traefik.http.routers.pgAdmin4.entrypoints=web"
- "traefik.http.routers.pgAdmin4.service=pgAdmin4"
- "traefik.http.services.pgAdmin4.loadbalancer.server.port=80"
networks:
applications_network:
name: applications_network
ipam:
driver: default
config:
- subnet: 172.20.0.0/16
Thanks in advance.