There is something which I don't understand and I would appreciate some directions/explanation.
Basically I'm trying to set a wildcard certificate for my domain and position a couple of administrative services under a subdomain using different paths for each one. For example:
- admin.MASKED.com/traefik (opens the Traefik dashboard)
- admin.MASKED.com/whoami (opens a whoami instance)
I was able to obtain the certificates successfully, the global redirection from http to https works as well. In fact the "admin.MASKED.com/whoami" works perfectly.
But for some reason "admin.MASKED.com/traefik" is not. My label is:
"traefik.http.routers.proxy.rule=Host(admin.MASKED.com) && PathPrefix(/traefik)"
But it does work totally fine If I change the Host to be just a domain:
"traefik.http.routers.proxy.rule=Host(admin.MASKED.com)"
What am I missing / not understanding?
docker-compose.yml
version: '3.9'
secrets:
cloudflare-token:
file: "./secrets/cloudflare-token.secret"
cloudflare-email:
file: "./secrets/cloudflare-email.secret"
networks:
public:
# Use a custom driver
driver: bridge
services:
reverse-proxy:
container_name: traefik
image: traefik
security_opt:
- no-new-privileges:true
secrets:
- "cloudflare-token"
- "cloudflare-email"
environment:
- "CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare-token"
- "CF_API_EMAIL_FILE=/run/secrets/cloudflare-email"
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
networks:
- public
volumes:
- "./letsencrypt:/letsencrypt" # A place to store the certificates
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
command:
# Some Default settings
- --providers.docker=true
- --providers.docker.exposedbydefault=false
# Enable the 'api@internal' service
- --api.dashboard=true
# Define Entry points
- --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443
# Set HTTP -> HTTPS redirection
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
# Set up LetsEncrypt DNS certificate resolver
- --certificatesresolvers.letsencrypt-dns.acme.dnschallenge=true
- --certificatesresolvers.letsencrypt-dns.acme.dnschallenge.provider=cloudflare
- --certificatesResolvers.letsencrypt-dns.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53
- --certificatesResolvers.letsencrypt-dns.acme.dnschallenge.delayBeforeCheck=20
- --certificatesresolvers.letsencrypt-dns.acme.email=MASKED
- --certificatesresolvers.letsencrypt-dns.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.letsencrypt-dns.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
# Set up the TLS configuration for our websecure listener
- --entrypoints.websecure.http.tls=true
- --entrypoints.websecure.http.tls.certResolver=letsencrypt-dns
- --entrypoints.websecure.http.tls.domains[0].main=MASKED.com
- --entrypoints.websecure.http.tls.domains[0].sans=*.MASKED.com
labels:
# The labels are usefull for Traefik only
- "traefik.enable=true"
# Specify the routers
- "traefik.http.routers.proxy.rule=Host(`admin.MASKED.com`) && PathPrefix(`/traefik`)"
- "traefik.http.routers.proxy.entrypoints=websecure"
- "traefik.http.routers.proxy.service=api@internal"
# # Specify the TLS Resolver
# - "traefik.http.routers.proxy.tls.certresolver=letsencrypt-dns"
# Add authentification
- "traefik.http.routers.proxy.middlewares=proxy-auth"
- "traefik.http.middlewares.proxy-auth.basicauth.users=admin:MASKED"
whoami:
# A container that exposes an API to show its IP address
image: traefik/whoami
networks:
- public
labels:
# The labels are usefull for Traefik only
- "traefik.enable=true"
- "traefik.docker.network=public"
# Get the routes from http
- "traefik.http.routers.whoami.rule=Host(`admin.MASKED.com`) && PathPrefix(`/whoami`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
# # Specify the TLS Resolver
# - "traefik.http.routers.whoami.tls.certresolver=letsencrypt-dns"