7

Is it possible to have a wildcard subdomain that does not include a specific subdomain?

*.mydomain.com OK
login.mydomain.com SKIP

I cannot access my login container when using a wildcard on my app container. Below is an image of what I am trying to accomplish. (the traffic logo should technically be between the list of routes and the containers)

Traefik Example Image

The following configuration does not work if the rule HostRegexp:{subdomain:[a-z]+}.${HOST_DOMAIN} is included.

This configuration successfully works after removing the host regex for everything EXCEPT the wildcard subdomains.

services:
    traefik:
        image: traefik
        volumes:
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - .traefik.toml:/etc/traefik/traefik.toml:ro
        ports:
        - "80:80"
        - "443:443"

    api:
        image: my-api-image
        labels:
        - "traefik.enable=true"
        - "traefik.port=80"
        - "traefik.frontend.rule=Host:app.${HOST_DOMAIN}; PathPrefix: /api"

    app:
        image: my-app-image
        labels:
        - "traefik.enable=true"
        - "traefik.port=80"
        - "traefik.frontend.rule=Host:app.${HOST_DOMAIN}"
        - "traefik.frontend.rule=HostRegexp:{subdomain:[a-z]+}.${HOST_DOMAIN}" # this second rule overwrites the first rule and I am aware of that, I am just showing what rules i've tried :)

    login:
        image: my-login-image
        labels:
        - "traefik.enable=true"
        - "traefik.port=80"
        - "traefik.frontend.rule=Host:login.${HOST_DOMAIN}"

My problem is currently with the app container. I am getting a bad gateway if I have the following included as a frontend rule:

"traefik.frontend.rule=HostRegexp:{subdomain:[a-z]+}.${HOST_DOMAIN}"

I also tried leaving the above under app, and removing the following without any luck:

"traefik.frontend.rule=Host:app.${HOST_DOMAIN}"

Any suggestions or ideas would be appreciated. Thanks.

Edit:

Rewording this a bit.

Andrew Savinykh
  • 25,351
  • 17
  • 103
  • 158
Jason Raimondi
  • 311
  • 1
  • 3
  • 9
  • After your "rewording" it is not clear what you problem is, the "bad gateway" that you are getting or that your wild card rule matches the non-wild card domain. If you have your initial problem resolved, please post an answer below (or delete the question altogether as long as there no answers posted) and ask another question with your new problem. – Andrew Savinykh Sep 20 '18 at 01:08
  • You are right, I should not have edited after it had been live for so long. The reason I was having the bad gateway issue was because I was missing a defined host for the app container, I needed `HostRegexp:app.${HOST_DOMAIN},{subdomain:[a-z]+}.${HOST_DOMAIN}"`. Once app was added, the bad gateway issue was resolved and then my the real problem that I was having was the wild card rule matches. Your answer is the correct answer to my question. I would prefer to keep it live instead of deleting it. – Jason Raimondi Sep 20 '18 at 04:55

1 Answers1

13

So this is what worked for me:

version: '2'

services:
    traefik:
        image: traefik
        volumes:
        - /var/run/docker.sock:/var/run/docker.sock:ro
        # I removed your traefik.toml as you did not specify what is in it, so it's irrelevant
        ports:
        - "80:80"
        - "443:443"
        # Very helpful for debugging dashboard can be seen at http://localhost:8080 if the port is exposed
        - "8080:8080"
        labels:
        # You don't want traefik trying to create proxy for itself
        - "traefik.enable=false"
        # Since we have no traefik.toml any longer, let's put the essentials on the command line
        command: ["--api","--docker"]
    app:
        # this is my test image of a web server that dumps request back to the caller
        image: andrewsav/talkback
        # the hostname is a part of the dump, so let's specify something that we can relate to
        hostname: "app"
        labels:
        # note that you want this frontened to match the last. otherwise it will match login.${HOST_DOMAIN}"
        - "traefik.frontend.priority=1"
        - "traefik.enable=true"
        - "traefik.port=80"
        - "traefik.frontend.rule=HostRegexp:{subdomain:[a-z]+}.${HOST_DOMAIN}"
    api:
        image: andrewsav/talkback
        hostname: "api"
        labels:
        # this frontend needs to match before the one above
        - "traefik.frontend.priority=2"
        - "traefik.enable=true"
        - "traefik.port=80"
        - "traefik.frontend.rule=Host:app.${HOST_DOMAIN}; PathPrefix: /api"
    login:
        image: andrewsav/talkback
        hostname: "login"
        labels:
        - "traefik.frontend.priority=3"
        - "traefik.enable=true"
        - "traefik.port=80"
        - "traefik.frontend.rule=Host:login.${HOST_DOMAIN}"

A few notes:

  • Bad Gateway indicates that the endpoint you told traefik to talk to is not listening. Look at at the dashboard and find out which backend is used and double check that ip/port is correct.
  • You have to use priorities for matching order. Please refer to the documentation on how it works.
Andrew Savinykh
  • 25,351
  • 17
  • 103
  • 158