0

I'm running Traefik v2.0 in a docker environment, but I'd like to expose a node app I'm running on port 5000 outside of docker with pm2 as well.

My current setup:

docker-compose.yml for Traefik:

version: '3'

services:
  traefik:
    image: traefik:v2.0
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
      - ./data/config.yml:/config.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:password"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.domain.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true

Config.yml file:

http:
  routers:
    my_app:
      entryPoints:
        - "https"
      rule: "Host(`my_app.domain.com`)"
      tls:
        certResolver: http
      service: my_app

  services:
    my_app:
      loadBalancer:
        servers:
          - url: "http://127.0.0.1:5000"

  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https

I've tried different url's like http://127.0.0.1:5000, http://localhost:5000 and the docker local ip, but they all end up with "Bad Gateway".

MatiasLN
  • 49
  • 6

1 Answers1

0

If you are trying to expose a service listen on port 5000, 127.0.0.1 or localhost will never be the correct answer (this means "running in the same container as traefik").

If the service is running in another container that is attached to the same "external" network, you should be able to use that container name in the service url:

  services:
    my_app:
      loadBalancer:
        servers:
          - url: "http://my-other-container:5000"

If the service is running on your host, you would need to use an ip address of your host. The easiest option in this case is to add the following to your traefik service in your docker-compose.yaml:

extra_hosts:
  - "host.docker.internal:host-gateway"

And then in your config.yml:

  services:
    my_app:
      loadBalancer:
        servers:
          - url: "http://host.docker.internal:5000"
larsks
  • 277,717
  • 41
  • 399
  • 399
  • Thanks for your reply. My service is indeed running on my host and I tried adding your suggested changes to `docker-compose.yaml` and `config.yml`, but for some reason it still does not route correctly. The error I get now is `Gateway timeout`. Other info that might be helpful: - When I try http://ip-of-vps:5000/ it works fine. - The extra_hosts is registered correctly when I check the config in Portainer. - Docker version 20.10.18, build b40c2f6 - docker-compose version 1.29.2, build 5becea4c - OS: Ubuntu 22.04.1 LTS – MatiasLN Oct 20 '22 at 09:33