1

I am running on a Synology NAS and trying to get Traefik working over macvlan, because ports 80 and 443 are already in use. I can access the Traefik dashboard via 192.168.0.240:8080 and my external IP, however, I am unable to do so through my web domain, where I just received a 404 message (using CODE BLOCK 2). I can achieve access to Traefik on another device without using the macvlan, but that machine won't be used for this purpose (using CODE BLOCK 1).

CODE BLOCK 1

version: '3.9'

services:
  traefik:
    image: traefik:v2.9
    ports:
      - published: 8888 # change here to 8080
        target: 80
        protocol: tcp
        mode: host
      - published: 8443 # change here to 8443
        target: 443
        protocol: tcp
        mode: host
      - published: 8080 # change here to 8443
        target: 8080
        protocol: tcp
        mode: host
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    command:
      --providers.docker=true
      --providers.docker.network=proxy
      --providers.docker.exposedByDefault=false
      --entryPoints.web.address=:80
      --entryPoints.web.http.redirections.entryPoint.to=websecure
      --entryPoints.web.http.redirections.entryPoint.scheme=https
      --entryPoints.websecure.address=:443
      --entryPoints.websecure.http.tls=true
      --api.debug=true
      --api.dashboard=true
      --log.level=DEBUG
      --accesslog=true
      --certificatesResolvers.myresolver.acme.email=mail@example.com
      --certificatesResolvers.myresolver.acme.tlschallenge=true
      --certificatesResolvers.myresolver.acme.storage=/acme/acme.json
    labels:
      - traefik.enable=true
      - traefik.http.routers.mydashboard.entrypoints=websecure
      - traefik.http.routers.mydashboard.rule=Host(`traefik.${DOMAIN}`)
      - traefik.http.routers.mydashboard.tls.certresolver=myresolver
      - traefik.http.routers.mydashboard.service=api@internal
      - traefik.http.routers.mydashboard.middlewares=myauth
      - traefik.http.middlewares.myauth.basicauth.users=test:4RmE8IaNYUKBA

  whoami:
    image: traefik/whoami:v1.8
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.mywhoami.entrypoints=websecure
      - traefik.http.routers.mywhoami.rule=Host(`whoami.${DOMAIN}`) || Host(`www.whoami.${DOMAIN}`)
      - traefik.http.routers.mywhoami.tls.certresolver=myresolver
      - traefik.http.services.mywhoami.loadbalancer.server.port=80

networks:
  proxy:
    name: proxy
    attachable: true

I have port forward rules on the router as follows, all point to 192.168.0.240:

80 --> 8888

443 --> 8443

8080 --> 8080

Am I doing anything in the attached docker-compose.yaml which would prevent access via my domain and yet work by IP address? Originally I had a CloudFlare proxy setup, but have removed it incase it was muddying the waters.

CODE BLOCK 2

version: "3.9"

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    environment:
      # - "CF_API_EMAIL=${CF_API_EMAIL}"
      # - "CF_API_KEY=${CF_API_KEY}"
      - "TZ=${TZ}"
    volumes:
      - "/volume1/docker/traefik/data:/data"
      - "/var/run/docker.sock:/var/run/docker.sock"
    command:
      - --api.dashboard=true # <== Enabling the dashboard to view services, middlewares, routers, etc.
      - --api.debug=true # <== Enabling additional endpoints for debugging and profiling
      - --log.level=DEBUG # <== Setting the level of the logs from traefik
      - --providers.docker=true # <== Enabling docker as the provider for traefik
      - --providers.docker.exposedbydefault=false # <== Don't expose every container to traefik
      # - --providers.file.filename=/dynamic.yaml # <== Referring to a dynamic configuration file
      - --providers.docker.network=traefik # <== Operate on the docker network named web
      - --entrypoints.web.address=:8888 # <== Defining an entrypoint for port :80 named web
      - --entrypoints.web-secured.address=:8443 # <== Defining an entrypoint for https on port :443 (not really needed)
    networks:
      - macvlan_network
      - traefik
    labels:
      - "traefik.enable=true" # <== Enable traefik on itself to view dashboard and assign subdomain to$
      - "traefik.http.routers.api.rule=Host(`traefik.${DOMAIN}`)" # <== Setting the domain for the d$
      - "traefik.http.routers.api.service=api@internal" # <== Enablin
      - "traefik.http.routers.dashboard.rule=PathPrefix(/api) || PathPrefix(/dashboard)"
      - "traefik.http.routers.dashboard.entrypoints=traefik"
      - "traefik.http.routers.dashboard.service=api@internal"

networks:
  macvlan_network:
    name: macvlan_network
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: "192.168.0.0/24"
          ip_range: "192.168.0.240/32"
          gateway: "192.168.0.1"
  traefik:
    name: traefik

Any help you could offer would be greatly appreciated.

EDIT - Additional Config Attempt

Subsequent to my initial post I have attempted to resolve this issue by defining the ports (as per CODE BLOCK 3), I no longer get a 404 but received ERR_CONNECTION_REFUSED instead. Nor can I access the Traefik dashboard via the IP's, so I appear to have made things worse :(.

CODE BLCOK 3

version: "3.9"

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    ports:
      - published: 8888
        target: 80
        protocol: tcp
        mode: host
      - published: 8443
        target: 443
        protocol: tcp
        mode: host
    environment:
      # - "CF_API_EMAIL=${CF_API_EMAIL}"
      # - "CF_API_KEY=${CF_API_KEY}"
      - "TZ=${TZ}"
    volumes:
      - "/volume1/docker/traefik/data:/data"
      - "/var/run/docker.sock:/var/run/docker.sock"
    command:
      # - --api.insecure=true # <== Enabling insecure api, NOT RECOMMENDED FOR PRODUCTION
      - --api.dashboard=true # <== Enabling the dashboard to view services, middlewares, routers, etc.
      - --api.debug=true # <== Enabling additional endpoints for debugging and profiling
      - --log.level=DEBUG # <== Setting the level of the logs from traefik
      - --providers.docker=true # <== Enabling docker as the provider for traefik
      - --providers.docker.exposedbydefault=false # <== Don't expose every container to traefik
      # - --providers.file.filename=/dynamic.yaml # <== Referring to a dynamic configuration file
      - --providers.docker.network=traefik # <== Operate on the docker network named web
      - --entrypoints.web.address=:80 # <== Defining an entrypoint for port :80 named web
      - --entrypoints.web-secured.address=:443 # <== Defining an entrypoint for https on port :443 (not really needed)
    networks:
      - macvlan_network
      - traefik
    labels:
      - "traefik.enable=true" # <== Enable traefik on itself to view dashboard and assign subdomain to$
      - "traefik.http.routers.api.rule=Host(`traefik.${DOMAIN}`)" # <== Setting the domain for the d$
      - "traefik.http.routers.api.service=api@internal" # <== Enablin
      - "traefik.http.routers.dashboard.rule=PathPrefix(/api) || PathPrefix(/dashboard)"
      - "traefik.http.routers.dashboard.entrypoints=traefik"
      - "traefik.http.routers.dashboard.service=api@internal"

networks:
  macvlan_network:
    name: macvlan_network
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: "192.168.0.0/24"
          ip_range: "192.168.0.240/32"
          gateway: "192.168.0.1"
  traefik:
    name: traefik
user2337871
  • 450
  • 1
  • 5
  • 14

0 Answers0