0

I am trying to use Traefik with Docker Swarm backend, and I am using the stack file below:

version: "3"

services:

  traefik:
    image: traefik:1.5
    command: --web --docker --docker.swarmmode --docker.watch --docker.domain=sample.com --logLevel=DEBUG 
    deploy:
      placement:
        constraints: [node.role==manager]
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.port=8080"
        - "traefik.docker.network=sample-network"
        - "traefik.frontend.rule=Host:traefik.sample.com"
    ports:
      - "80:80"
      - "8080:8080"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /dev/null:/traefik.toml
    networks:
      - sample-network

  portainer:
    image: portainer/portainer:latest
    command: --no-auth -H unix:///var/run/docker.sock
    deploy:
      placement:
        constraints: [node.role == manager]
      labels:
        - "traefik.portainer.port=7777"
        - "traefik.docker.network=sample-network"
        - "traefik.frontend.rule=Host:portainer.sample.com"
    ports:
      - "7777:9000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - sample-network

networks:
  sample-network:

I have 2 questions that I am trying to wrap my head around:

1) (Exposing Traefik dashboard through frontend rule) I can access Traefik's web dashboard on sample.com:8080, yet I cannot access it through traefik.sample.com.

2) (Port Redirection on containers/services) I can access Portainer GUI through sample.com:7777, yet I cannot access it through portainer.sample.com. I am more curious of port redirection, because how will I setup 2 services in a single stack file if I encounter 2 images publishing to the same port? My service label declarations will clash at traefik.port=XXXX

halfer
  • 19,824
  • 17
  • 99
  • 186
Jeric de Leon
  • 63
  • 3
  • 8
  • thanks to guys (Carel van Dam) helping over at the Traefik Slack: it seems that for 2), I should not worry about `traefik.port=XXXX`; Docker will create unique service IP's for each service and Traefik will route to them without issues; and that I can remove the port publish (-p 7777:9000) and Traefik will still route properly (due to the label declaration) – Jeric de Leon Jan 12 '18 at 18:20

1 Answers1

1

You don´t need the traefik labels on the traefik service itself. It´s accessed from the outside over the specified ports:

  ports:
  - "80:80"
  - "8080:8080"
  - "443:443"

On the portainer service you don´t need the port mappings because you probably want to route the request with traefik. Because traefik and portainer are in the same docker network traefik can access portainer on every port. Therefore the port for traefik have to match the real portainer port:

 labels:
    - "traefik.port=9000"
    - "traefik.docker.network=sample-network"
    - "traefik.frontend.rule=Host:portainer.sample.com"

In the current setup you have to request traefik with Host:portainer.sample.com. You can test it with

curl --verbose --header 'Host: portainer.sample.com' 'http://<DockerhostIp>:80'

Edit: Updated curl

Edit 2: Reaction to the edit of PO

The portainer.sample.com DNS entry will have to point to your docker host. Then traefik will route it to the correct container.

An alternative is to specifiy a traefik prefix:

 "traefik.frontend.rule=Host:site1.org;PathPrefixStrip: /sub/"

With the rule all requests on site1.org/sub will routed to this specific service/container.

Have a look at Traefik-Docker-Sample

Edit 3:

The self route for the dashboard/webui should work with:

  labels:
    - "traefik.port=8080"
    - "traefik.docker.network=sample-network"
    - "traefik.frontend.rule=Host:traefik.sample.com"

Just be sure that you have a DNS entry for traefik.sample.com. To check if the traefik setup works you can also run

 curl --verbose -H Host:traefik.sample.com <DockerHostIp>
pr177
  • 576
  • 7
  • 19
  • Thank you for this! I was able to correctly setup Portainer's port and frontend with the above info. The only remaining question on my end is the reason as to why I added labels on the Traefik service: I wanted to expose the Traefik GUI in a frontend rule (traefik.sample.com, or sample.com/traefik). I tried various labels but I was unsuccessful for this goal.. – Jeric de Leon Jan 12 '18 at 20:54
  • I tried Edit 3, but as of traefik:1.5 (image id: 00f95bbafd3b) it is still not working; but I found a relevant commit in the Github issue tracker (https://github.com/containous/traefik/issues/1081#issuecomment-357327738). Although the related fix is merged already, the latest images in Docker Hub are still not updated. I'll wait for that and try again. – Jeric de Leon Jan 15 '18 at 16:32
  • Yeah, I noticed that with pathprefixstrip it doesn't work. But with host (only) it works for me (1.4.6 and 1.5) as posted – pr177 Jan 15 '18 at 16:35
  • That is weird. I'm doing the same thing with my stack file. If `Host:` on 1.4 / 1.5 is working on your end, then something else must be messed up with my machine. I'll investigate first, but thanks for confirming! – Jeric de Leon Jan 15 '18 at 18:48
  • I found out my issue: Traefik attempts to find the network as stated in the service labels (`"traefik.docker.network=sample-network"`). However, when your create your services through `docker stack deploy [stackname]`, the network that gets created gets the name: `[stackname]_sample-network`. So in my service labels, I put (`"traefik.docker.network=[stackname]_sample-network"`) and now it's working. – Jeric de Leon Jan 22 '18 at 05:06