hello,
local "redirects" are working fine, but not redirects to another server on the same subnet. what I am doing wrong? By using npm everything worked fine... there must be a silly issue... can someone help me?
thank you!
so long
edit: I am using a dynamic config and working with labels.
„My car doesn’t start, can you tell me why? It has four wheels and is red.“ 
What does does not work? What do you do, what happens, any messages? What has npm to do with it?
Share your Traefik static and dynamic configuration, and docker-compose.yml if used.
Check your browsers developer tools network tab to see the responses your browser receives. Check Traefik debug log and the Traefik dashboard.
No it's not red 
Therefore everything worked fine on the same machine, it must be a weird problem? Since seperating the hosts it doesn't work. npm? because there it still works, also after the seperation, so it's not a network or firewall related problem.
traefic.yml
# Statische Traefik-Konfigurationsdatei
# https://doc.traefik.io/traefik/getting-started/configuration-overview/#the-static-configuration
# https://doc.traefik.io/traefik/reference/static-configuration/cli/
api:
dashboard: true # Aktivieren des Dashboard
# insecure: true
# Certificate Resolver
# Diese sind für den Abruf von Zertifikaten von einem ACME-Server zuständig
# https://doc.traefik.io/traefik/https/acme/#certificate-resolvers
certificatesResolvers:
le:
acme:
email: xxx
storage: "./acme_letsencrypt.json"
dnsChallenge:
provider: xxx
delayBeforeCheck: 5
resolvers:
- "xxx:53"
# EntryPoints
# EntryPoints sind die Netzwerk-Eingangspunkte in Traefik. Sie definieren den Port, der die Pakete empfängt.
# https://doc.traefik.io/traefik/routing/entrypoints/
entryPoints:
http:
address: ":80" # Erstellen des Einstiegspunkt für HTTP (Port 80)
http:
redirections: # Weiterleitung von HTTP auf HTTPS (Port 80 zu Port 443).
entryPoint:
to: "https" # Das Ziel
scheme: "https" # Umleitungszielschema
https:
address: ":443" # Erstellen des Einstiegspunkt für HTTPS (Port 443)
global:
checknewversion: false # In regelmäßigen Abständen prüfen, ob eine neue Version veröffentlicht wurde.
sendanonymoususage: false # Regelmäßige Übermittlung anonymer Nutzungsstatistiken.
providers:
docker:
endpoint: "unix:///var/run/docker.sock" # Den UNIX Docker socket beobachten
exposedByDefault: false # Nur Container ausstellen, die explizit aktiviert sind (mit dem Label traefik.enabled
network: "dmz-bridge" # Standardnetzwerk, das für Verbindungen zu allen Containern verwendet wird.
file:
filename: "./dynamic_conf.yml" # Link zur dynamischen Konfiguration
watch: true # Achten auf Änderungen
providersThrottleDuration: 10 # Frequenz in welchen Abständen die Konfiguration nachgeladen wird
log:
level: ERROR
filePath: "/traefik.log"
accessLog:
filePath: "/access.log"
dynamic_conf.yml:
# TLS
# Hier werden alle notwendigen Einstellungen für das Zertifikat getroffen.
# In Kombination mit den Einstellungen unter http.middlewares.default-security-headers bekommen wir ein A+ Zertifikat.
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true
# Middlewares
# Optionale Optimierungen, die bei jeder Anfrage vorgenommen werden sollen bevor diese an den Zielcontainer geleitet wird.
http:
middlewares:
traefikAuth:
basicAuth:
users:
- "admin:xxx"
local-ipWhiteList:
ipWhiteList:
sourceRange:
- "192.168.0.0/16"
# Empfohlene Standard-Middleware für die meisten Dienste
# Hinzufügbar via "traefik.http.routers.definierteRoute.middlewares=default@file"
# Equivalent mit "traefik.http.routers.definierteRoute.middlewares=default-security-headers@file,gzip@file"
# Die Liste kann hier auch beliebig erweitert werden
default:
chain:
middlewares:
- default-security-headers
- gzip
# Kompatibilität zu alten Anleitungen. Damit kann auch wieder "traefik.http.routers.definierteRoute.middlewares=secHeader@file"
secHeaders:
chain:
middlewares:
- default-security-headers
- gzip
# Standard Header
default-security-headers:
headers:
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
frameDeny: true
# Deprecated
# sslRedirect: true
#HSTS Configuration
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
customFrameOptionsValue: "SAMEORIGIN"
# Gzip Kompression
gzip:
compress: {}
traefik (itself) stack (portainer):
services:
traefik:
image: traefik:latest
container_name: traefik
labels:
- traefik.enable=true
- traefik.http.routers.traefik.entrypoints=https
- traefik.http.services.traefik.loadbalancer.server.port=1337
- traefik.http.routers.traefik.rule=Host(`xxx`)
- traefik.http.routers.traefik.middlewares=traefikAuth@file,default@file
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=le
- traefik.http.routers.traefik.tls.domains[0].main=xxx
- traefik.http.routers.traefik.service=api@internal
- traefik.http.services.traefik.loadbalancer.sticky.cookie.httpOnly=true
- traefik.http.services.traefik.loadbalancer.sticky.cookie.secure=true
- traefik.docker.network=dmz-bridge
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/localtime:/etc/localtime:ro
- /opt/container/traefik/data/traefik.yml:/traefik.yml:ro
- /opt/container/traefik/data/acme_letsencrypt.json:/acme_letsencrypt.json
- /opt/container/traefik/data/dynamic_conf.yml:/dynamic_conf.yml
- /opt/container/traefik/data/traefik.log:/traefik.log
security_opt:
- no-new-privileges:true
restart: unless-stopped
networks:
dmz-bridge:
ipv4_address: xxx
networks:
dmz-bridge:
external: true
nextcloud stack (portainer) -> on different host and with 404 error
services:
nextcloud:
image: nextcloud
container_name: nextcloud
restart: always
labels:
# Aktiviert Traefik für diesen Container
- traefik.enable=true
#Die Weiterleitung von HTTP zu HTTPS wurde bereits in der traefik.yml festgelegt
- traefik.http.routers.nextcloud.entrypoints=https
- traefik.http.routers.nextcloud.rule=Host(`xxx`)
- traefik.http.routers.nextcloud.tls=true
- traefik.http.routers.nextcloud.tls.certresolver=le
- traefik.http.routers.nextcloud.service=nextcloud
- traefik.http.services.nextcloud.loadbalancer.server.port=80
- traefik.http.routers.nextcloud.middlewares=nextcloud-dav,local-ipWhiteList@file,default@file
- traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav
- traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/
- traefik.docker.network=dmz-bridge
ports:
- 8080:80
volumes:
environment:
networks:
dmz-bridge:
ipv4_address: xxx
networks:
dmz-bridge:
external: true
thx!
so long
How should Traefik discover the container on the other node? You need Docker Swarm to do that and use provider.docker with swarmMode=true. (Docs)
Or you can set the target manually with a dynamic config with loadbalancer.servers.url, but that only works with provider.file, not with labels. (Docs example)
and why does it work with npm? Maybe there is a misunderstanding, who can I publish services from another host with traefik? what if that service is not set up as a container?
You can set up targets manually with loadbalancer.servers.url in a dynamic config file. (Docs example)
thx, but still doesn't work 
What does not work? Have you tried reaching your target from within the Docker container? Share your updated configuration.