Can I use configFile with Dynamic Configuration?

Traefik Traefik v2 (latest)
,
1

In Traefik v1, we can specify a --configFile with Docker labels for general configuration and app-specific configuration respectively.

Could we do this in v2? I tried with --configFile but it ignores all Docker labels in v2.

Any ideas?

My traefik.toml:

[global]
  sendAnonymousUsage = false


[providers.docker]
  endpoint = "unix:///var/run/docker.sock"
  # watch = true
  exposedByDefault = false
  swarmMode = true
  network = "traefik"

[log]

level = "DEBUG"

[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.websecure]
    address = ":443"

# [retry]

[certificatesResolvers.le.acme]
  email = "xxx@xxx.com"
  storage = "/etc/traefik/conf/acme.json"
  [certificatesResolvers.le.acme.httpChallenge]
    # used during the challenge
    entryPoint = "web"

[api]
  dashboard = true
  insecure = true
2

Hello,

Docker labels can only be defined on containers, so I think you mixed some concepts.

--configFile allows (in v1 and v2) to define a path to the static configuration.

With the v2:

Your traefik.toml file is right, but you need to provide more information about how you launch Traefik.

1 Like
3

Thanks for your help!

I am actually migrating Traefik from v1 to v2 (on swarm).

The docker-compose.yml looks like:

version: "3"

services:
  proxy:
    image: traefik:v2.1 # The official Traefik docker image
    command: --configFile=/etc/traefik/traefik.toml
    # command: # Note: If I use these command flags, it can work.
    #   - --entrypoints.web.address=:80
    #   - --entrypoints.websecure.address=:443
    #   - --providers.docker
    #   - --providers.docker.network=traefik
    #   - --api.insecure # Don't do that in production
    #   - --certificatesresolvers.le.acme.email=my1@email1.com
    #   - --certificatesresolvers.le.acme.storage=/etc/traefik/conf/acme.json
    #   - --certificatesresolvers.le.acme.httpchallenge=true
    ports:
      - "80:80" # The HTTP port
      - "8080:8080"
      - 443:443
      - "5001:443" # Needed for SNI challenge
      - "5002:80" # Needed for HTTP challenge
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /root/traefik/traefik_config/traefik.toml:/etc/traefik/traefik.toml # When use command line flags, I removed this line.
      - /root/traefik/traefik_config/acme.json:/etc/traefik/conf/acme.json:rw
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      traefik: {}
    labels:
      - "traefik.enable=true"
      # Dashboard API
      - "traefik.http.routers.traefik-dashboard-api.entrypoints=web"
      - "traefik.http.routers.traefik-dashboard-api.rule=Host(`somehost.example.com`) && PathPrefix(`/api`)"
      - "traefik.http.routers.traefik-dashboard-api.service=api@internal"
      # Dashboard UI
      - "traefik.http.routers.traefik-dashboard-ui.entrypoints=web"
      - "traefik.http.routers.traefik-dashboard-ui.rule=Host(`somehost.example.com`) && PathPrefix(`/`)"
      - "traefik.http.routers.traefik-dashboard-ui.service=dashboard@internal"
  whoami:
    image: "containous/whoami"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
      - "traefik.http.routers.whoami.entrypoints=web"
      - "traefik.http.services.whoami2.loadbalancer.server.port=80"
    networks:
      traefik: {}

networks:
  traefik:
    external: true

If I use command line flags rather than a config file, it can work.

4

As I already said, with v2 you cannot mix CLI flags and file to define your static configuration, you have to choose one source of configuration.

You also don't need to use --configFile= if your traefik.toml file is placed in the right path (see https://docs.traefik.io/v2.1/getting-started/configuration-overview/#configuration-file)
But this don't remove the previous restriction.

  • Static configuration from traefik.toml file:
version: "3"

services:
  proxy:
    image: traefik:v2.1
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /root/traefik/traefik_config/traefik.toml:/etc/traefik/traefik.toml
      - /root/traefik/traefik_config/acme.json:/etc/traefik/conf/acme.json:rw
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      traefik: {}
    deploy:
      labels:
        traefik.enable: true
        # Dashboard and API
        traefik.http.routers.traefik-dashboard-api.entrypoints: web
        traefik.http.routers.traefik-dashboard-api.rule: Host(`somehost.example.com`)
        traefik.http.routers.traefik-dashboard-api.service: api@internal

  whoami:
    image: containous/whoami
    deploy:
      labels:
        traefik.enable: true
        traefik.http.routers.whoami.rule: Host(`whoami.example.com`)
        traefik.http.routers.whoami.entrypoints: web
    networks:
      traefik: {}

networks:
  traefik:
    external: true
  • Static configuration from CLI flags:
version: "3"

services:
  proxy:
    image: traefik:v2.1
    command: >
      --api
      --log.level=INFO
      --entryPoints.web.address=:80
      --entryPoints.websecure.address=:443
      --providers.docker.endpoint=unix:///var/run/docker.sock
      --providers.docker.exposedByDefault=false
      --providers.docker.swarmMode
      --providers.docker.network=traefik
      --certificatesResolvers.le.acme.email=xxx@xxx.com
      --certificatesResolvers.le.acme.storage=/etc/traefik/conf/acme.json
      --certificatesResolvers.le.acme.httpChallenge.entryPoint=web
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /root/traefik/traefik_config/acme.json:/etc/traefik/conf/acme.json:rw
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      traefik: {}
    deploy:
      labels:
        traefik.enable: true
        # Dashboard and API
        traefik.http.routers.traefik-dashboard-api.entrypoints: web
        traefik.http.routers.traefik-dashboard-api.rule: Host(`somehost.example.com`)
        traefik.http.routers.traefik-dashboard-api.service: api@internal

  whoami:
    image: containous/whoami
    deploy:
      labels:
        traefik.enable: true
        traefik.http.routers.whoami.rule: Host(`whoami.example.com`)
        traefik.http.routers.whoami.entrypoints: web
    networks:
      traefik: {}

networks:
  traefik:
    external: true
1 Like
5

Thanks for your kind explanation.

Sorry, I should be clear:
The real question is, if I use CLI flags, everything would work; if I use a config file, every defined routers and services disappear:

image
image2876×732 125 KB

My docker version: Docker version 18.06.1-ce, build e68fc7a

In this case, I only have internal routers and services.

I wonder why all the docker labels are ignored while using a config file.

6

You are using Traefik in swarmMode so the labels must be placed in the deploy section.

Your current CLI flags are not equivalent of your current file.

Take a look to my previous post.

1 Like
7

Thanks! It should be very close to the root cause. I really appreciate your help!

I tried to put labels under the deploy section but it still does not work for me.

I will keep investigating this issue and post any update here.

8

Thank you! I eventually found the root cause:

Registers a port. Useful when the container exposes multiples ports.
Mandatory for Docker Swarm (see the section "Port Detection with Docker Swarm").

Reference: Docker | Traefik | v2.0

The port is required even if I am referring to a service.

By reading the logs: port is missing.

Sample solution for my case:

    deploy:
      labels:
        traefik.enable: "true"
        # Dashboard API
        traefik.http.routers.traefik-dashboard-api.entrypoints: web
        traefik.http.routers.traefik-dashboard-api.rule: Host(`traefik-dashboard.example.com`) && PathPrefix(`/api`)
        traefik.http.routers.traefik-dashboard-api.service: api@internal
        traefik.http.services.traefik-dashboard-api.loadbalancer.server.port: 8080
        # Dashboard UI
        traefik.http.routers.traefik-dashboard-ui.entrypoints: web
        traefik.http.routers.traefik-dashboard-ui.rule: Host(`traefik-dashboard.example.com`) && PathPrefix(`/`)
        traefik.http.routers.traefik-dashboard-ui.service: dashboard@internal
        traefik.http.services.traefik-dashboard-ui.loadbalancer.server.port: 8080
10

The inability to mix static and dynamic as well as command line flags is preventing me from solving this issue: Port ranges for entrypoints in static configuration · Issue #8438 · traefik/traefik · GitHub

One solution would be to allow templates in the static file. Another would be to allow command line args to overwrite the static file. I want to be able to dynamically change the PORT for my tls redirect entry point.

Right now my only solution is envsubst on startup which feels bad.

global:
  checkNewVersion: false
  sendAnonymousUsage: false

log:
  level: INFO

entryPoints:
  vpn:
    address: :80
  web:
    address: :81
    http:
      redirections:
        entrypoint:
          to: "websecure"
          scheme: "https"
  websecure:
    address: :$HTTPS_PORT
    http:
      tls: true

ping:
  manualRouting: true

providers:
  file:
    directory: /etc/traefik/conf
    watch: true

The reason for this is to run multiple tls servers against localhost and have their redirects work. For example im using 444, 445 and 456. This works fine if everything is done via docker and labels but im having another issue where Windows seems to not always connect the container services correctly.

11

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.