I've a problem who drive me mad, please help me.
I want to access all my apps from one free no-ip subdomain, so I think traefik can do that for me, I want to access all my apps like that:
mysubdomain.no-ip.com/emby
mysubdomain.no-ip.com/pydio
mysubdomain.no-ip.com/adminer...
Here is my docker compose:
version: "2"
services:
db:
image: linuxserver/mariadb
restart: always
environment:
MYSQL_ROOT_PASSWORD: "test"
labels:
- "traefik.enable=false"
volumes:
- ./config/mariadb:/etc/mysql/
ports:
- '3306:3306'
adminer:
image: adminer
restart: always
labels:
- "traefik.enable=true"
- "traefik.backend=adminer"
- "traefik.frontend.rule=PathPrefixStrip:/dbadmin"
- "traefik.backend.port=8080"
volumes:
- ./config/adminer:/config
emby:
image: emby/embyserver:latest
restart: always
labels:
- "traefik.enable=true"
- "traefik.backend=emby"
- "traefik.frontend.rule=PathPrefixStrip:/media"
- "traefik.backend.port=8096"
volumes:
- ./config/emby:/config
cloud:
image: linuxserver/pydio:latest
restart: always
environment:
PGID: "1000"
PUID: "1000"
labels:
- "traefik.enable=true"
- "traefik.backend=cloud"
- "traefik.frontend.rule=PathPrefixStrip:/cloud"
- "traefik.backend.port=443"
- "traefik.protocol=https"
volumes:
- ./config/cloud:/config
- ./data/test:/data
organizr:
image: lsiocommunity/organizr
restart: always
environment:
PGID: "1000"
PUID: "1000"
TZ: "Europe/Paris"
labels:
- "traefik.enable=true"
- "traefik.backend=organizr"
- "traefik.frontend.rule=PathPrefixStrip:/"
- "traefik.backend.port=80"
volumes:
- ./config/organizr:/config
- ./data/organizr:/data
traefik:
image: traefik:1.3.3
command: --web --docker --docker.domain=traefik --logLevel=DEBUG #-c /dev/null --web --docker --logLevel=INFO
restart: always
ports:
- '80:80'
- '443:443'
- '8080:8080'
labels:
- "traefik.enable=false"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./config/traefik/data:/data
- ./config/traefik/sslcerts:/ssl
My traefik.toml
# defaultEntryPoints must be at the top because it should not be in any table below
defaultEntryPoints = ["http", "https"]
InsecureSkipVerify = true
[web]
# Port for the status page
address = ":8080"
# Entrypoints, http and https
[entryPoints]
# http should be redirected to https
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
# https is the default
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/tls.crt"
KeyFile = "/ssl/tls.key"
[retry]
# Enable ACME (Let's Encrypt): automatic SSL
# [acme]
# # caServer = "https://acme-staging.api.letsencrypt.org/directory"
# email = "test#gmail.com"
# storage = "acme.json" # or "traefik/acme/account" if using KV store
# entryPoint = "https"
# onDemand = false
# OnHostRule = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "localhost"
watch = true
exposedbydefault = false
So I have only 1 app who work like a charm: emby.
Adminer semms to work correctly, load css and others assets, but when I submit the form, it send me to localhost/server=db&username=test it should send me to localhost/dbadmin/server=db&username=test
When I access to localhost/cloud/ it load me a blank page, if I open console of Chrome:
pydio.material.min.css Failed to load resource: the server responded with a status of 404 () pydio.boot.min.js Failed to load resource: the server responded with a status of 404 ()
cloud:18 Uncaught ReferenceError: PydioBootstrap is not defined at cloud:18 pydio.material.min.css Failed to load resource: the server responded with a status of 404 ()
In fact it try to load plugins from localhost/plugins and not from localhost/cloud/plugins ...
I see a lot of issue on github related to this but it seems to be corrected in 1.3.3 version, I try 1.3.3, latest...
Do pydio and adminer needs to support reverse-proxy?
Sorry for my bad english.
In traefik, PathPrefixStrip and redirects in the entrypoint do not currently work together. So if your request goes to http instead of https, you'll get an error.
In my own demo, I just setup nginx on port 80 to send the redirect as a short term workaround until the above issue gets fixed.
Related
I'm new to SSL certificates with Traefik and have been having real trouble getting a successful deployment.
I have a server and domain that I have deployed my application on using Traefik and Http without issue. I would now like to deploy the same application, running on port 9000, to be deployed in Https using LetsEncrypt following the Traefik docs . I can verify that the certificate has been properly created using an SSL checker, however, when I try to visit the site I get Internal Server Error. There are no errors reported in either of the docker logs and I cannot figure out what to try next.
docker-compose.yml
version: '2'
services:
traefik:
image: traefik:v1.7
restart: always
ports:
- 80:80
- 443:443
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/traefik/traefik.toml:/traefik.toml
- /opt/traefik/acme.json:/acme.json
container_name: traefik
app:
image: myapp_image
container_name: app
restart: always
networks:
- web
ports:
- "9000:9000"
labels:
- "traefik.docker.network=web"
- "traefik.enable=true"
- "traefik.basic.frontend.rule=Host:myapp.com"
- "traefik.basic.port=9000"
- "traefik.basic.protocol=http"
- "traefik.admin.frontend.rule=Host:myapp.com"
- "traefik.admin.protocol=https"
- "traefik.admin.port=9000"
networks:
web:
external: true
traefik.toml
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "myapp.com"
watch = true
exposedByDefault = false
[acme]
email = "myemail#email.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
Finally was able to find a workable solution for this. I may have just been using old information but the best reference to host an application with Traefik on Https using LetsEncrypt was found here.
The working Yaml example is below. Using this example will also eliminate the need for a Toml file!
version: "3.3"
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=postmaster#example.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
I am trying to use Traefik as a reverse proxy for MariaDB so I can connect from my Client.
Currently Traefik is working fine with HTTP and HTTPS for multiple WordPress Container but i am having trouble configuring it for MariaDB.
Here is the current config:
Traefik Compose File:
version: '3.5'
networks:
traefik:
name: traefik
services:
traefik:
image: traefik:latest
restart: always
container_name: traefik
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.toml:/traefik.toml:ro
- ./acme.json:/acme.json
ports:
- 80:80
- 443:443
- 3306:3306
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`traefik.local`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=username:$$apr1$$j994eiLb$$KmPfiii4e9VkZwTPW2/RF1"
networks:
- traefik
Traefik Configuration File (traefik.toml):
# Network traffic will be entering our Docker network on the usual web ports
# (ie, 80 and 443), where Traefik will be listening.
[entyPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address= ":443"
[entryPoints.websecure.http.tls]
certResolver = "resolver"
# [entryPoints.ssh]
# address = ":2222"
[entryPoints.mariadb]
address = ":3306"
#Redirection from HTTP to HTTPS
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
#Integration with Let's Encrypt
[certificatesResolvers.resolver.acme]
email = "service#local"
storage = "acme.json"
[certificatesResolvers.resolver.acme.tlsChallenge]
#[log]
# level = "DEBUG"
[api]
#Defaul=true
dashboard = true
# Enable retry sending request if network error
[retry]
# These options are for Traefik's integration with Docker.
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
exposedByDefault = false
network = "traefik"
MariaDB Compose File:
version: '3.5'
networks:
traefik:
external:
name: traefik
services:
dbtest:
image: mariadb:latest
restart: always
container_name: dbtest
environment:
- MYSQL_DATABASE=admin
- MYSQL_USER=admin
- MYSQL_PASSWORD=admin
- MYSQL_ROOT_PASSWORD=admin
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.tcp.routers.mariadb.entrypoints=mariadb"
- "traefik.tcp.routers.mariadb.rule=HostSNI(`test.local`)"
- "traefik.tcp.routers.mariadb.tls=true"
# - "traefik.tcp.routers.mariadb.service=dbtest"
# - "traefik.tcp.services.mariadb.loadbalancer.server.port=3306"
When I try to connect to the database from my Client it doesn't work
Anyone having experience or a good example for that?
Looks like it is not possible to specify a Hostname like test.local. Instead you need to use a catchall *.
The labels I used for MariaDB are:
labels:
- "traefik.enable=true"
- "traefik.tcp.routers.mariadb.rule=HostSNI(`*`)"
- "traefik.tcp.routers.mariadb.entrypoints=mariadb"
- "traefik.tcp.routers.mariadb.service=mariadb-svc"
- "traefik.tcp.services.mariadb-svc.loadbalancer.server.port=3306"
I use the following in a docker-compose file. Of course you can adjust port number to whatever you want.
Static Configuration:
traefik:
ports:
# db - postgres
- 5432:5432
# This override command section REPLACES the one in the docker-compose file.
command:
- --providers.docker
- --providers.docker.exposedbydefault=false
- --accesslog
- --log
- --api
# These create named entry points for later use in routers.
# You don't need to specify an entrypoint if the in port = out port. It will
# automatically figure that out.
- --entryPoints.postgres.address=:5432
Dynamic Configuration:
db:
labels:
- traefik.enable=true
- traefik.docker.network=traefik-public
- traefik.tcp.routers.db-tcp.rule=HostSNI(`*`)
- traefik.tcp.routers.db-tcp.entrypoints=postgres
- traefik.tcp.routers.db-tcp.service=db-proxy
- traefik.tcp.services.db-proxy.loadbalancer.server.port=5432
Your traefik.toml has a typo in line 3: [entyPoints]
I think it's missing an r
I am new to traefik and am trying to set up my containers to be reverse-proxied by traefik at the moment. It all worked fine while using traefik.frontend.rule=Host:grafana01.mydomain.com for routing requests to grafana01.mydomain.com, but due to infrastructural issues within our network I'd rather use traefik.frontend.rule=Path:/grafana01/ to redirect to mydomain.com/grafana01. Yet for some reason it does not work.
My traefik.toml file as well as my two docker-compose.yml files for traefik and grafana, respectively:
#Traefik Global Configuration
debug = false
checkNewVersion = true
logLevel = "ERROR"
#Define the EntryPoint for HTTP and HTTPS
defaultEntryPoints = ["https","http"]
#Enable Traefik Dashboard on port 8080
[web]
address = ":8080"
#Define the HTTP port 80 and
#HTTPS port 443 EntryPoint
#Enable automatically redirect HTTP to HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
#Enable retry sending a request if the network error
[retry]
#Define Docker Backend Configuration
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "mydomain.com"
watch = true
#Letsencrypt Registration
#Define the Letsencrypt ACME HTTP challenge
[acme]
email = "some_email"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
version: '3'
services:
traefik:
image: traefik:latest
command: --docker --docker.mydomain.com
ports:
- 80:80
- 443:443
networks:
- traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
labels:
- "traefik.frontend.rule=Host:mydomain.com"
- "traefik.port=8080"
- "traefik.backend=traefik"
container_name: traefik
restart: always
networks:
traefik:
external: true
version: '3'
services:
grafana01:
image: grafana/grafana
labels:
- traefik.port=3000
- traefik.backend=grafana01
- traefik.frontend.rule=Path:/grafana01/
- traefik.docker.network=traefik
networks:
- traefik
environment:
- GF_SECURITY_ADMIN_PASSWORD=secret
volumes:
- /srv/docker/grafana01/data:/var/lib/grafana
container_name: grafana01
restart: always
grafana02:
image: grafana/grafana
labels:
- traefik:port=3001
- traefik.backend=grafana02
- traefik.frontend.rule=Path:/grafana02/
- traefik.docker.network=traefik
- traefik.enable=true
networks:
- traefik
environment:
- GF_SECURITY_ADMIN_PASSWORD=secret
volumes:
- /srv/docker/grafana02/data:/var/lib/grafana
container_name: grafana02
restart: always
networks:
traefik:
external: true
I'd appreciate any help!
Changing traefik.frontend.rule=Path:/grafana01/ to
traefik.frontend.rule=PathPrefixStrip:/grafana01 as well as adding
GF_SERVER_ROOT_URL=%(protocol)s://%(domain)s/grafana01
did the trick for me.
I'm trying to create a simple app using traefik to handling routing and SSL, but I'm running into issues when I want to use 'example.com' instead of 'subdomain.example.com'
If I try to include a service with a frontend rule of just 'example.com' the only rule that works is 'monitor.example.com'. 'api.example.com' won't work and returns a 404. If I comment out the frontend rule for 'example.com' then 'api.example.com' works again. But, no matter what, 'monitor.example.com' works fine. Additionally, 'example.com' always returns a 404 no matter what as well.
Here's my docker-compose file:
version: '3'
services:
reverse-proxy:
image: traefik
restart: always
command: --docker
ports:
- 80:80
- 443:443
networks:
- web
labels:
- "traefik.frontend.rule=Host:monitor.example.com"
- "traefik.port=8080"
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.backend=traefik"
environment:
- CLOUDFLARE_EMAIL=###
- CLOUDFLARE_API_KEY=###
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/project/traefik/traefik.toml:/traefik.toml
- /home/project/traefik/acme.json:/acme.json
container_name: traefik
api:
image: api
expose:
- 5080
restart: always
networks:
- web
container_name: api
labels:
- "traefik.frontend.rule=Host:api.example.com"
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.port=5080"
- "traefik.backend=api"
app:
image: app
restart: always
networks:
- web
container_name: app
labels:
- "traefik.frontend.rule=Host:example.com"
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.backend=app"
- "traefik.port=80"
networks:
web:
external: true
And here's my traefik configuration:
defaultEntryPoints = ["https", "http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.trdash]
address = ":8080"
[entryPoints.trdash.auth]
[entryPoints.trdash.auth.basic]
users = [
"admin:###",
]
[api]
entryPoint = "trdash"
[acme]
email = "###"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
onDemand = false
[[acme.domains]]
main = "example.com"
[[acme.domains]]
main = "*.example.com"
[acme.dnsChallenge]
provider = "cloudflare"
Any help would be appreciated, thanks!
EDIT:
Okay, I seem to have solved my own problem by disabling the 'orange cloud' on the domains I'm using on Cloudflare. Additionally I had to remove my http to https redirect rules inside of the traefik.toml file. I don't understand why this is a problem, so I'm going to leave the question open. This really seems to negate much of the value which Cloudflare provides.
It turns out the issue was enabling the Cloudflare proxy (orange cloud) without enabling the backend SSL. So long as I have SSL certs on the server (which I do via Let's Encrypt) I can turn Cloudflare SSL to 'Full (strict)' and it appears that the routing works fine now.
Thanks to Daniel Tomcej on the Traefik Slack for helping me find this answer.
Here's my Traefik configuration:
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.internal]
address = ":8080"
[entryPoints.traefik]
address = ":8081"
[retry]
[api]
entryPoint = "traefik"
dashboard = true
[file]
[backends]
[backends.traefik]
[backends.traefik.servers.default]
url = "http://127.0.0.1:8081"
[frontends]
[frontends.traefik]
entryPoints = ["internal"]
backend = "traefik"
[frontends.traefik.routes.default]
rule = "Host:localhost;PathPrefixStrip:/traefik;PathPrefix:/traefik"
[docker]
domain = "example.com"
watch = true
exposedbydefault = false
As you can see, I have Traefik dashboard configured to show on localhost:8080/traefik. This works exactly as intended.
I also have very similar configuration for RabbitMQ management UI, set up with docker-compose using labels:
version: '3'
services:
traefik:
image: traefik:alpine
container_name: traefik
ports:
- "80:80"
- "443:443"
- "127.0.0.1:8080:8080"
networks:
- web
- internal
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./config/traefik/staging.toml:/etc/traefik/traefik.toml"
rabbitmq:
image: rabbitmq:3.7-management-alpine
hostname: rabbitmq
container_name: rabbitmq
networks:
- internal
- default
depends_on:
- traefik
environment:
RABBITMQ_VM_MEMORY_HIGH_WATERMARK: 128MiB
RABBITMQ_ERLANG_COOKIE: temp_cookie_secret
RABBITMQ_NODENAME: rabbit#rabbitmq
volumes:
- "rabbitmqdata:/var/lib/rabbitmq"
labels:
- "traefik.backend=rabbitmq"
- "traefik.docker.network=internal"
- "traefik.frontend.rule=Host:localhost;PathPrefixStrip:/rabbitmq;PathPrefix:/rabbitmq"
- "traefik.enable=true"
- "traefik.port=15672"
- "traefik.protocol=http"
- "traefik.domain=localhost"
networks:
internal:
web:
volumes:
rabbitmqdata
However, this doesn't work: on http://localhost:8080/rabbitmq I get 404 page not found. Traefik dashboard shows that it found my RabbitMQ container and registered rules that are very much like those for Traefik's dashboard:
Where's the mistake here that prevents my setup from working as intended?