How to serve two provider backends with traefik under the same https domain url

Question

[ With the helpful comment of Siyu i could fix the problems, additionally I needed to set an entrypoint in labels - i have added my corrected docker-compose.yaml, which was all i needed to fix ]

Currently i have reconfigured my synology workstation to handle https traffic with traefik.

I want to serve docker containers with traefik and still to provide also the web interface of the synology workstation via http (by using traefik also as SSL offloader). Traefik has now the problem to handle two provider backends, one being the "original" synology webserver and one the docker containers which come and go. The current setup works for providing the "test.com" (Synology DSM webinterface). But if try to access a container with "/dashboard" it just gives me an 404.

How can is set this up, so that both backends (docker + webserver outside docker) are served?

Datapoints

• The docker interface is recognized and the
• the labels (*see below) are read from traefik (can be seen in the logs)
• The synology nginx runs outside of docker (not as a container!)
• The whole synology workstation serves in a IPv4 /IPv6 environment (both)
• Synology nginx was modified not serve on the standard http/https port (where it does only redirect to port 5000/5001, as i can see in the configuration of nginx)

Intended setup which should be served

Notice that the original synology is a catch all domain (/*)

+-----------------------------------------------------------------------
| Synology Workstation                                                
|                                                                     
|           +--------------------------------------------------------+
|           |  Docker                                                | 
|           |           +---------+          +-------------------+   |
|-->HTTPS-->|-->HTTPS-->| Traefik |-->HTTP-->| test.com/dashboard|   |
| 443:443   |           |         |          |                   |   |
|           |           +---------+--+       +-------------------+   |
|           |                |       |                               |
|           |                |       |         +------------------+  |
|           |                |       +--HTTP-->| test.com/stats   |  |
|           |                |                 +-------------------  |
|           |                |                                       |
|           +----------------|----------------------------------------
|                            |         +-------------------+
|                            +--HTTP-->|test.com/*         |
|                                      |(nginx of synology)|
|                                      +-------------------+
+--------------------------------------------------------------------

The traefik.toml looks like this:

debug=true
logLevel="DEBUG"

[traefikLog]
filePath = "/etc/traefik/traefik.log"

[accessLog]
filePath = "/etc/traefik/access.log"

defaultEntryPoints = ["http", "https"]

[entryPoints]

[entryPoints.http]
address    = ":80"
[entryPoints.http.redirect]
entryPoint = "https"

[entryPoints.https]
address    = ":443"

[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile   = "/etc/pki/tls/certs/test.com.crt"
keyFile    = "/etc/pki/tls/private/test.com.key"

[backends]
[backends.wbackend]
[backends.wbackend.servers.server]
url        = "http://workstation.test.com:5000"
#weight     = 10

[frontends]
[frontends.workstation]
backend        = "wbackend"
passHostHeader = true
entrypoints    = ["https"]
[frontends.workstation.routes.route1]
rule       = "Host:workstation.test.com"

# You MUST ADD file otherwise traefik does not parse the  fronted rules
[file]

[docker]
endpoint    = "unix:///var/run/docker.sock"

Docker-compose snippt (see labels which map the domain).

---
version: '2'


services:
  traefik:
    # Check latest version: https://hub.docker.com/r/library/traefik/tags/
    image:          traefik:1.7.6
    restart:        unless-stopped
    container_name: traefik
    mem_limit:      300m
    #network_mode:   host

    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - /volume1/container/traefik/etc/pki/tls/certs/workstation.test.com.crt:/etc/pki/tls/certs/workstation.test.com.crt
    - /volume1/container/traefik/etc/pki/tls/private/workstation.test.com.key:/etc/pki/tls/private/workstation.test.com.key
    - /volume1/container/traefik/etc/traefik:/etc/traefik

    ports:
    - "80:80"
    - "443:443"

    labels:
    - traefik.stat.frontend.rule=Host:workstation.test.com;Path:/dashboard
    - traefik.stat.backend=traefik
    - traefik.stat.frontend.entryPoints=https
    - traefik.stat.frontend.rule=Host:workstation.test.com;PathPrefixStrip:/dashboard
    - traefik.stat.port=8080

Answer 1

A few problems with your config:

• your toml is not passed in
• api is not enabled
• missing backend in labels
• should use PathPrefixStrip

Try

volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /path/to/traefik.toml:/etc/traefik/traefik.toml
command: --api 
ports:
- "80:80"
- "443:443"
- "8080:8080" // help you debug
labels:
- traefik.backend=traefik
- "traefik.frontend.rule=PathPrefixStrip:/dashboard/;Host:test.io"
- traefik.port=8080