In Traefik v1, we can specify a --configFile
with Docker labels for general configuration and app-specific configuration respectively.
Could we do this in v2
? I tried with --configFile
but it ignores all Docker labels in v2
.
Any ideas?
My traefik.toml
:
[global]
sendAnonymousUsage = false
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
# watch = true
exposedByDefault = false
swarmMode = true
network = "traefik"
[log]
level = "DEBUG"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
# [retry]
[certificatesResolvers.le.acme]
email = "xxx@xxx.com"
storage = "/etc/traefik/conf/acme.json"
[certificatesResolvers.le.acme.httpChallenge]
# used during the challenge
entryPoint = "web"
[api]
dashboard = true
insecure = true
ldez
January 3, 2020, 3:05pm
2
Hello,
Docker labels can only be defined on containers, so I think you mixed some concepts.
--configFile
allows (in v1 and v2) to define a path to the static configuration .
With the v2:
Your traefik.toml file is right, but you need to provide more information about how you launch Traefik.
1 Like
Thanks for your help!
I am actually migrating Traefik from v1 to v2 (on swarm).
The docker-compose.yml
looks like:
version: "3"
services:
proxy:
image: traefik:v2.1 # The official Traefik docker image
command: --configFile=/etc/traefik/traefik.toml
# command: # Note: If I use these command flags, it can work.
# - --entrypoints.web.address=:80
# - --entrypoints.websecure.address=:443
# - --providers.docker
# - --providers.docker.network=traefik
# - --api.insecure # Don't do that in production
# - --certificatesresolvers.le.acme.email=my1@email1.com
# - --certificatesresolvers.le.acme.storage=/etc/traefik/conf/acme.json
# - --certificatesresolvers.le.acme.httpchallenge=true
ports:
- "80:80" # The HTTP port
- "8080:8080"
- 443:443
- "5001:443" # Needed for SNI challenge
- "5002:80" # Needed for HTTP challenge
volumes:
- /etc/localtime:/etc/localtime:ro
- /root/traefik/traefik_config/traefik.toml:/etc/traefik/traefik.toml # When use command line flags, I removed this line.
- /root/traefik/traefik_config/acme.json:/etc/traefik/conf/acme.json:rw
- /var/run/docker.sock:/var/run/docker.sock
networks:
traefik: {}
labels:
- "traefik.enable=true"
# Dashboard API
- "traefik.http.routers.traefik-dashboard-api.entrypoints=web"
- "traefik.http.routers.traefik-dashboard-api.rule=Host(`somehost.example.com`) && PathPrefix(`/api`)"
- "traefik.http.routers.traefik-dashboard-api.service=api@internal"
# Dashboard UI
- "traefik.http.routers.traefik-dashboard-ui.entrypoints=web"
- "traefik.http.routers.traefik-dashboard-ui.rule=Host(`somehost.example.com`) && PathPrefix(`/`)"
- "traefik.http.routers.traefik-dashboard-ui.service=dashboard@internal"
whoami:
image: "containous/whoami"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.http.services.whoami2.loadbalancer.server.port=80"
networks:
traefik: {}
networks:
traefik:
external: true
If I use command line flags rather than a config file, it can work.
ldez
January 4, 2020, 1:38am
4
As I already said, with v2 you cannot mix CLI flags and file to define your static configuration, you have to choose one source of configuration.
You also don't need to use --configFile=
if your traefik.toml
file is placed in the right path (see https://docs.traefik.io/v2.1/getting-started/configuration-overview/#configuration-file )
But this don't remove the previous restriction.
Static configuration from traefik.toml
file:
version: "3"
services:
proxy:
image: traefik:v2.1
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /root/traefik/traefik_config/traefik.toml:/etc/traefik/traefik.toml
- /root/traefik/traefik_config/acme.json:/etc/traefik/conf/acme.json:rw
- /var/run/docker.sock:/var/run/docker.sock
networks:
traefik: {}
deploy:
labels:
traefik.enable: true
# Dashboard and API
traefik.http.routers.traefik-dashboard-api.entrypoints: web
traefik.http.routers.traefik-dashboard-api.rule: Host(`somehost.example.com`)
traefik.http.routers.traefik-dashboard-api.service: api@internal
whoami:
image: containous/whoami
deploy:
labels:
traefik.enable: true
traefik.http.routers.whoami.rule: Host(`whoami.example.com`)
traefik.http.routers.whoami.entrypoints: web
networks:
traefik: {}
networks:
traefik:
external: true
Static configuration from CLI flags:
version: "3"
services:
proxy:
image: traefik:v2.1
command: >
--api
--log.level=INFO
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--providers.docker.endpoint=unix:///var/run/docker.sock
--providers.docker.exposedByDefault=false
--providers.docker.swarmMode
--providers.docker.network=traefik
--certificatesResolvers.le.acme.email=xxx@xxx.com
--certificatesResolvers.le.acme.storage=/etc/traefik/conf/acme.json
--certificatesResolvers.le.acme.httpChallenge.entryPoint=web
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /root/traefik/traefik_config/acme.json:/etc/traefik/conf/acme.json:rw
- /var/run/docker.sock:/var/run/docker.sock
networks:
traefik: {}
deploy:
labels:
traefik.enable: true
# Dashboard and API
traefik.http.routers.traefik-dashboard-api.entrypoints: web
traefik.http.routers.traefik-dashboard-api.rule: Host(`somehost.example.com`)
traefik.http.routers.traefik-dashboard-api.service: api@internal
whoami:
image: containous/whoami
deploy:
labels:
traefik.enable: true
traefik.http.routers.whoami.rule: Host(`whoami.example.com`)
traefik.http.routers.whoami.entrypoints: web
networks:
traefik: {}
networks:
traefik:
external: true
1 Like
Thanks for your kind explanation.
Sorry, I should be clear:
The real question is, if I use CLI flags, everything would work; if I use a config file, every defined routers and services disappear:
My docker version: Docker version 18.06.1-ce, build e68fc7a
In this case, I only have internal routers and services.
I wonder why all the docker labels are ignored while using a config file.
ldez
January 4, 2020, 2:17am
6
You are using Traefik in swarmMode so the labels must be placed in the deploy
section.
Your current CLI flags are not equivalent of your current file.
Take a look to my previous post.
1 Like
Thanks! It should be very close to the root cause. I really appreciate your help!
I tried to put labels
under the deploy
section but it still does not work for me.
I will keep investigating this issue and post any update here.
Thank you! I eventually found the root cause:
Registers a port. Useful when the container exposes multiples ports.
Mandatory for Docker Swarm (see the section "Port Detection with Docker Swarm" ).
Reference: Docker | Traefik | v2.0
The port is required even if I am referring to a service.
By reading the logs: port is missing
.
Sample solution for my case:
deploy:
labels:
traefik.enable: "true"
# Dashboard API
traefik.http.routers.traefik-dashboard-api.entrypoints: web
traefik.http.routers.traefik-dashboard-api.rule: Host(`traefik-dashboard.example.com`) && PathPrefix(`/api`)
traefik.http.routers.traefik-dashboard-api.service: api@internal
traefik.http.services.traefik-dashboard-api.loadbalancer.server.port: 8080
# Dashboard UI
traefik.http.routers.traefik-dashboard-ui.entrypoints: web
traefik.http.routers.traefik-dashboard-ui.rule: Host(`traefik-dashboard.example.com`) && PathPrefix(`/`)
traefik.http.routers.traefik-dashboard-ui.service: dashboard@internal
traefik.http.services.traefik-dashboard-ui.loadbalancer.server.port: 8080
The inability to mix static and dynamic as well as command line flags is preventing me from solving this issue: Port ranges for entrypoints in static configuration · Issue #8438 · traefik/traefik · GitHub
One solution would be to allow templates
in the static
file. Another would be to allow command line
args to overwrite the static file. I want to be able to dynamically change the PORT
for my tls
redirect entry point.
Right now my only solution is envsubst
on startup which feels bad.
global:
checkNewVersion: false
sendAnonymousUsage: false
log:
level: INFO
entryPoints:
vpn:
address: :80
web:
address: :81
http:
redirections:
entrypoint:
to: "websecure"
scheme: "https"
websecure:
address: :$HTTPS_PORT
http:
tls: true
ping:
manualRouting: true
providers:
file:
directory: /etc/traefik/conf
watch: true
The reason for this is to run multiple tls
servers against localhost
and have their redirects work. For example im using 444
, 445
and 456
. This works fine if everything is done via docker
and labels
but im having another issue where Windows seems to not always connect the container services correctly.
system
Closed
July 25, 2022, 12:01am
11
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.