Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

traefik configuration docker + file

Tags:

docker

traefik

Today, I've a problem with traefik .

I'm trying to use traefik as a reverse proxy . In my network, I have some containers in docker (with swarm), and some other servers/VM .

So, I want to redirect some subdomains to containers, and some other to servers .

So for the moment, I've done some tests, and I can redirect to servers, or to docker containers, but not the two at the same time .

The following configuration work in "file" mode, and if I comment all the "file" part, it's work in docker mode .

So, how to do this to work ? Is it just a configuration problem ? Or traefik can't handle that (seems strange because traefik ui show "file"/"docker" in tab mode) ?

I'm using the docker image : traefik:1.7-rc1

with this configuration for traefik (traefik.toml) :

debug = false

logLevel = "DEBUG"
defaultEntryPoints = ["https","http"]
insecureSkipVerify = true
sendAnonymousUsage = true

[api]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]


[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "site.com"
watch = true
swarmMode = true

[file]
  [backends]
    [backends.nas]
      [backends.nas.LoadBalancer]
      method = "drr"
      [backends.nas.servers.server1]
      url = "https://192.168.1.38"
      weight = 1
    [backends.teapot]
      [backends.teapot.LoadBalancer]
      method = "drr"
      [backends.teapot.servers.server1]
      url = "https://192.168.1.40"
      weight = 1
    [backends.gitserver]
      [backends.gitserver.LoadBalancer]
      method = "drr"
      [backends.gitserver.servers.server1]
      url = "https://192.168.1.60"
      weight = 1


  [frontends]
    [frontends.nas]
    backend = "nas"
    passHostHeader = true
      [frontends.nas.routes.test]
      rule = "Host: nas.site.com"
    [frontends.teapot]
    backend = "teapot"
    passHostHeader = true
      [frontends.teapot.routes.test]
      rule = "Host: teapot.site.com"
    [frontends.tpt]
    backend = "teapot"
    passHostHeader = true
      [frontends.tpt.routes.test]
      rule = "Host: tpt.site.com"
    [frontends.gitserver]
    backend = "gitserver"
    passHostHeader = true
      [frontends.gitserver.routes.test]
      rule = "Host: gitserver.site.com"

[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"

Here is my compose for traefik :

version: '3'

services:
  reverse-proxy:
    image: traefik:1.7 # The official Traefik docker image
    ports:
      - "80:80"     # The HTTP port
      - "8080:8080" # The Web UI (enabled by --api)
      - 443:443
    networks:
      - web
    deploy:
      labels:
        - "traefik.enable=false"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
      - /mnt/hgfs/docker/traefik/config/traefik.toml:/traefik.toml
      - /mnt/hgfs/docker/traefik/config/acme.json:/acme.json:rw

networks:
  web:
    external: true

and here, a sample of my services compose :

version: '3'

services:
  tautulli:
    image: tautulli/tautulli:latest
    environment:
      UID: 1000
      GID: 1000
      TZ: Europe/Paris
    networks:
      - web
      - default
    deploy:
      labels:
        - "traefik.frontend.rule=Host:tautulli.site.com"
        - "traefik.docker.network=web"
        - "traefik.enable=true"
        - "traefik.port=8181"
        - "traefik.protocol=http"
    ports:
      - "8181:8181"
    volumes:
      - /mnt/hgfs/docker/tautulli/config:/config
      - /mnt/hgfs/docker/tautulli/logs:/logs
networks:
  web:
    external: true

also, I've some others problems with traefik, like containers created after traefik container, are not linked, even with watch = true, same with file, but I'll take problems one by one .

Thanks you for your answers .

edit :

after some discussions with traefik support, I understand that :

  • ws/wss entrypoints are useless
  • use command arguments, or toml, not the two
  • labels need to be under deploy in service configuration
like image 740
thib3113 Avatar asked Jul 10 '18 14:07

thib3113


1 Answers

Ok, So finally I found a solution .

In fact, I use vmware on windows, with a linux Vm, and the rights of acme.json are always 777, so traefik dislike it, and skip let's encrypt support .

But, this has also some side effect, like taking in account only one of the configuration (file, or docker) .

So finnaly, to resolve this :

remove the binding to acme.json

like image 114
thib3113 Avatar answered Oct 24 '22 10:10

thib3113