Can't reach service in the same docker-compose?

I have read, experimented, cried, screamed and finally I got an not to trivial Traefik setup working. Well almost.
I might just be blind due to all my tests and configuration changes that I am making a simple mistake... here is my docker-compose in all its glory.

version: '3.9'
services:
  traefik:
      container_name: traefik
      image: traefik
      command:
        - --api=true
        - --api.dashboard=true
        - --api.insecure=true
        - --entrypoints.web.address=:80
        - --entrypoints.websecure.address=:443
        - --entrypoints.websecure.http.tls.domains[0].main=$DOMAINNAME
        - --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAINNAME
        - --certificatesresolvers.cloudflare.acme.email=$CLOUDFLARE_EMAIL
        - --certificatesresolvers.cloudflare.acme.dnschallenge=true
        - --certificatesresolvers.cloudflare.acme.dnschallenge.delaybeforecheck=0
        - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
        - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers[0]=1.1.1.1:53
        - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers[1]=8.8.8.8:53
        - --certificatesresolvers.cloudflare.acme.caServer=$TRAEFIK_ACME_CASERVER
        - --certificatesresolvers.cloudflare.acme.storage=/acme.json
        - --pilot.token=e2a6ea5f-ec65-4384-8446-dd0a72fa463c
        - --api.debug=true
        - --log=true
        - --log.level=ERROR
        - --providers.docker=true
        - --providers.docker.exposedbydefault=false
      restart: unless-stopped
      ports:
        - 80:80
        - 443:443
        - 8080:8080
      networks:
        - web
      labels:
        - traefik.enable=true
        - traefik.port=8080
        - traefik.network=web
        - traefik.http.routers.traefik.service=api@internal
        - traefik.http.routers.traefik.rule=Host(`$TRAEFIK_DASHBOARD`)
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - ./appdata/traefik/acme.json:/acme.json
      environment:
        - CLOUDFLARE_EMAIL=$CLOUDFLARE_EMAIL
        - CLOUDFLARE_API_KEY=$CLOUDFLARE_KEY

  heimdall:
      image: ghcr.io/linuxserver/heimdall:development
      container_name: heimdall     
      environment:
        - PUID=1000
        - PGID=1000
        - TZ=${TZ}
      volumes:
        - ./appdata/heimdall:/config
      restart: unless-stopped
      networks:
        - web      
      labels:
        - traefik.http.routers.heimdall.rule=Host(`start.${DOMAINNAME}`)

networks:
  web:
    external: true

Yes I am using both Letsencrypt and Cloudflare, call me paranoid. :slight_smile:
All I want to do is to get heimdall to answer on start. That seems to be the easiest thing but no... I guess I have f**kd up somewhere, if so please point it out.
I have the dashboard working.
I can start this compose file without any issues, I get an 526 when I try to access start.domain.
Invalid SSL certificate?

So some changes, added the network web, now I get a 404. That is a fall forward. :slight_smile:

Hi @macmattias,

i see you have traefik configured with
--providers.docker.exposedbydefault=false

This means, that traefik ignores all containers without the label
traefik.enable=true

So adding this label to your heimdall container could help.

Here's the link to the documentation: https://doc.traefik.io/traefik/providers/docker/#exposedbydefault

BTW: I see you have your dashboard made available with traefik routing itself, so there may be no need to expose Port 8080.

Regards,
Wolfgang

2 Likes