I've decided to follow this guide and I've encountered many problems.
First of all specifying traefik command in command was required or else of I've got error that entrypoint.sh can't find command storedata, and yes > yaml syntax is valid way to pass multi-line command in docker-compose.yml
So here's a docker-compose.yml:
docker-compose.yml
visualizer:
image: dockersamples/visualizer:latest
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
networks:
- traefik
- default
ports:
- "8001:8080"
deploy:
labels:
- "traefik.port=8080"
- "traefik.tags=monitoring"
- "traefik.docker.network=infra_traefik"
- "traefik.backend=visualizer"
- "traefik.frontend.rule=Host:visualizer.swarm.xxx.io"
- "traefik.frontend.auth.basic=admin:$$apr1$$dxw2H03E$$VWrfVhKQWyaRiZ4XsfWCK/"
restart_policy:
condition: on-failure
replicas: 1
placement:
constraints:
- node.labels.name == master
consul:
image: consul
command: agent -server -bootstrap-expect=1
volumes:
- consul-data:/consul/data
environment:
- CONSUL_LOCAL_CONFIG={"datacenter":"ams3","server":true}
- CONSUL_BIND_INTERFACE=eth0
- CONSUL_CLIENT_INTERFACE=eth0
deploy:
labels:
- "traefik.enable=false"
replicas: 1
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
networks:
- traefik
proxy_init:
image: traefik:1.6.3-alpine
command: >
traefik
storeconfig
--api
--entrypoints='Name:http Address::80 Redirect.EntryPoint:https'
--entrypoints='Name:https Address::443 TLS'
--defaultentrypoints=http,https
--acme
--acme.storage="traefik/acme/account"
--acme.entryPoint=https
--acme.httpChallenge.entryPoint=http
--acme.onHostRule=true
--acme.acmelogging=true
--acme.onDemand=false
--acme.email="xxx@gmail.com"
--docker
--docker.swarmMode
--docker.domain=swarm.xxx.io
--docker.watch
--consul
--consul.endpoint=consul:8500
--consul.prefix=traefik
--accesslogsfile=/dev/stdout
--debug
networks:
- traefik
deploy:
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
depends_on:
- consul
proxy:
image: traefik:1.6.3-alpine
depends_on:
- traefik_init
- consul
command: >
traefik
--consul
--consul.watch
--consul.endpoint=consul:8500
--consul.prefix=traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik
ports:
- 80:80
- 443:443
- 8080:8080
deploy:
labels:
- "traefik.docker.network=infra_traefik"
- "traefik.port=8080"
- "traefik.tags=monitoring"
- "traefik.backend.loadbalancer.stickiness=true"
- "traefik.frontend.passHostHeader=true"
- "traefik.frontend.rule=Host:proxy.swarm.xxx.io"
- "traefik.frontend.auth.basic=admin:$$apr1$$hfqD9TtY$$oGSy9nS."
mode: global
restart_policy:
condition: on-failure
placement:
constraints:
- node.role == manager
update_config:
parallelism: 1
delay: 10s
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
networks:
traefik:
driver: overlay
volumes:
portainer-data:
driver: local
consul-data:
driver: local
traefik-data:
driver: local
And here's what logs shows of proxy_init container:
infra_proxy_init.1.4rtllualg8od@swarm-manager-0 | 2018/06/12 15:41:35 Storing configuration:
{
"LifeCycle": {
"RequestAcceptGraceTimeout": 0,
"GraceTimeOut": 10000000000
},
"GraceTimeOut": 0,
"Debug": true,
"CheckNewVersion": true,
"SendAnonymousUsage": false,
"AccessLogsFile": "/dev/stdout",
"AccessLog": null,
"TraefikLogsFile": "",
"TraefikLog": null,
"Tracing": null,
"LogLevel": "DEBUG",
"EntryPoints": {
"http": {
"Address": ":80",
"TLS": null,
"Redirect": {
"entryPoint": "https"
},
"Auth": null,
"WhitelistSourceRange": null,
"WhiteList": null,
"Compress": false,
"ProxyProtocol": null,
"ForwardedHeaders": {
"Insecure": true,
"TrustedIPs": null
}
},
"https": {
"Address": ":443",
"TLS": {
"MinVersion": "",
"CipherSuites": null,
"Certificates": [],
"ClientCAFiles": null,
"ClientCA": {
"Files": null,
"Optional": false
}
},
"Redirect": null,
"Auth": null,
"WhitelistSourceRange": null,
"WhiteList": null,
"Compress": false,
"ProxyProtocol": null,
"ForwardedHeaders": {
"Insecure": true,
"TrustedIPs": null
}
}
},
"Cluster": null,
"Constraints": [],
"ACME": {
"Email": "xxx@gmail.com",
"Domains": null,
"Storage": "traefik/acme/account",
"StorageFile": "",
"OnDemand": false,
"OnHostRule": true,
"CAServer": "",
"EntryPoint": "https",
"DNSChallenge": null,
"HTTPChallenge": {
"EntryPoint": "http"
},
"DNSProvider": "",
"DelayDontCheckDNS": 0,
"ACMELogging": true,
"TLSConfig": null
},
"DefaultEntryPoints": [
"http",
"https"
],
"ProvidersThrottleDuration": 2000000000,
"MaxIdleConnsPerHost": 200,
"IdleTimeout": 0,
"InsecureSkipVerify": false,
"RootCAs": null,
"Retry": null,
"HealthCheck": {
"Interval": 30000000000
},
"RespondingTimeouts": null,
"ForwardingTimeouts": null,
"AllowMinWeightZero": false,
"Web": null,
"Docker": {
"Watch": true,
"Filename": "",
"Constraints": null,
"Trace": false,
"TemplateVersion": 0,
"DebugLogGeneratedTemplate": false,
"Endpoint": "unix:///var/run/docker.sock",
"Domain": "swarm.xxx.io",
"TLS": null,
"ExposedByDefault": true,
"UseBindPortIP": false,
"SwarmMode": true
},
"File": null,
"Marathon": null,
"Consul": {
"Watch": true,
"Filename": "",
"Constraints": [],
"Trace": false,
"TemplateVersion": 0,
"DebugLogGeneratedTemplate": false,
"Endpoint": "consul:8500",
"Prefix": "traefik",
"TLS": null,
"Username": "",
"Password": ""
},
"ConsulCatalog": null,
"Etcd": null,
"Zookeeper": null,
"Boltdb": null,
"Kubernetes": null,
"Mesos": null,
"Eureka": null,
"ECS": null,
"Rancher": null,
"DynamoDB": null,
"ServiceFabric": null,
"Rest": null,
"API": {
"EntryPoint": "traefik",
"Dashboard": true,
"Debug": false,
"CurrentConfigurations": null,
"Statistics": null
},
"Metrics": null,
"Ping": null
}
Second I've specified everything as in that manual, all the consul prefixes, and so on, and Traefik says that he can't find frontends and backends, also as pretty much anything in traefik/:
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/backends/\": Key not found in store"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/frontends/\": Key not found in store"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Transaction 8714f767-ed5a-477f-ae46-6ebd0b4e15c2 begins"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/tls/\": Key not found in store"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Configuration received from provider consul: {}"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=info msg="Skipping same configuration for provider consul"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Cannot get key traefik/alias Key not found in store, setting default traefik"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/backends/\": Key not found in store"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0 | time="2018-06-12T15:54:59Z" level=debug msg="Datastore reload"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=error msg="Datastore sync error: Object lock value: expected 8714f767-ed5a-477f-ae46-6ebd0b4e15c2, got 068a8a6d-66a9-4d01-b44e-020a601c05da, retrying in 677.561632ms"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Datastore reload"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Datastore reload"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/frontends/\": Key not found in store"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0 | time="2018-06-12T15:54:59Z" level=debug msg="Cannot get key traefik/alias Key not found in store, setting default traefik"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/tls/\": Key not found in store"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0 | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/backends/\": Key not found in store"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0 | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/frontends/\": Key not found in store"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Configuration received from provider consul: {}"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0 | time="2018-06-12T15:55:00Z" level=debug msg="Cannot list keys under \"traefik/tls/\": Key not found in store"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0 | time="2018-06-12T15:55:00Z" level=debug msg="Configuration received from provider consul: {}"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0 | time="2018-06-12T15:55:00Z" level=info msg="Skipping same configuration for provider consul"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=info msg="Skipping same configuration for provider consul"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Cannot get key traefik/alias Key not found in store, setting default traefik"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/backends/\": Key not found in store"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0 | time="2018-06-12T15:55:00Z" level=debug msg="Building ACME client..."
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/frontends/\": Key not found in store"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:55:00Z" level=debug msg="Cannot list keys under \"traefik/tls/\": Key not found in store"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:55:00Z" level=debug msg="Configuration received from provider consul: {}"
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:55:00Z" level=info msg="Skipping same configuration for provider consul"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0 | time="2018-06-12T15:55:00Z" level=debug msg="Using HTTP Challenge provider."
infra_proxy.0.xu6e4zez242f@swarm-master | time="2018-06-12T15:55:00Z" level=debug msg="Reset ACME account object."
And here's logs from consul container:
holms@debian ~> docker --tls service logs -f infra_consul
infra_consul.1.uo2dqcm0s6tv@swarm-master | ==> Found address '10.0.2.253' for interface 'eth0', setting bind option...
infra_consul.1.uo2dqcm0s6tv@swarm-master | ==> Found address '10.0.2.253' for interface 'eth0', setting client option...
infra_consul.1.uo2dqcm0s6tv@swarm-master | BootstrapExpect is set to 1; this is the same as Bootstrap mode.
infra_consul.1.uo2dqcm0s6tv@swarm-master | bootstrap = true: do not enable unless necessary
infra_consul.1.uo2dqcm0s6tv@swarm-master | ==> Starting Consul agent...
infra_consul.1.uo2dqcm0s6tv@swarm-master | ==> Consul agent running!
infra_consul.1.uo2dqcm0s6tv@swarm-master | Version: 'v1.1.0'
infra_consul.1.uo2dqcm0s6tv@swarm-master | Node ID: '05472876-6f66-bb37-5f4d-62b08624a655'
infra_consul.1.uo2dqcm0s6tv@swarm-master | Node name: 'ef0f060252d0'
infra_consul.1.uo2dqcm0s6tv@swarm-master | Datacenter: 'ams3' (Segment: '<all>')
infra_consul.1.uo2dqcm0s6tv@swarm-master | Server: true (Bootstrap: true)
infra_consul.1.uo2dqcm0s6tv@swarm-master | Client Addr: [10.0.2.253] (HTTP: 8500, HTTPS: -1, DNS: 8600)
infra_consul.1.uo2dqcm0s6tv@swarm-master | Cluster Addr: 10.0.2.253 (LAN: 8301, WAN: 8302)
infra_consul.1.uo2dqcm0s6tv@swarm-master | Encrypt: Gossip: false, TLS-Outgoing: false, TLS-Incoming: false
infra_consul.1.uo2dqcm0s6tv@swarm-master |
infra_consul.1.uo2dqcm0s6tv@swarm-master | ==> Log data will now stream in as it occurs:
infra_consul.1.uo2dqcm0s6tv@swarm-master |
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:19 [INFO] raft: Initial configuration (index=1): [{Suffrage:Voter ID:05472876-6f66-bb37-5f4d-62b08624a655 Address:10.0.2.253:8300}]
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:19 [INFO] serf: EventMemberJoin: ef0f060252d0.ams3 10.0.2.253
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:19 [INFO] serf: EventMemberJoin: ef0f060252d0 10.0.2.253
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:19 [INFO] agent: Started DNS server 10.0.2.253:8600 (udp)
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:19 [INFO] raft: Node at 10.0.2.253:8300 [Follower] entering Follower state (Leader: "")
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:19 [INFO] consul: Adding LAN server ef0f060252d0 (Addr: tcp/10.0.2.253:8300) (DC: ams3)
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:19 [INFO] consul: Handled member-join event for server "ef0f060252d0.ams3" in area "wan"
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:19 [INFO] agent: Started DNS server 10.0.2.253:8600 (tcp)
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:19 [INFO] agent: Started HTTP server on 10.0.2.253:8500 (tcp)
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:19 [INFO] agent: started state syncer
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:25 [WARN] raft: Heartbeat timeout from "" reached, starting election
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:25 [INFO] raft: Node at 10.0.2.253:8300 [Candidate] entering Candidate state in term 2
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:25 [INFO] raft: Election won. Tally: 1
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:25 [INFO] raft: Node at 10.0.2.253:8300 [Leader] entering Leader state
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:25 [INFO] consul: cluster leadership acquired
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:25 [INFO] consul: New leader elected: ef0f060252d0
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:25 [INFO] consul: member 'ef0f060252d0' joined, marking health alive
infra_consul.1.uo2dqcm0s6tv@swarm-master | 2018/06/12 14:38:26 [INFO] agent: Synced node info
