Ok, so here's the skinny:
I'm running a docker-compose setup, with ~10 containers for my media server. I had this working with v1, only exposing the media server UI container.
After failing to add something to that config (constant authentication errors trying to get SSL), I decided to start over with V2.
Now I have a minimal, 3-container setup I would like to get working. The containers are Traefik, Jellyfin (media server exposed to internet) and ZNC (IRC bouncer client).
These are the only services I need to access from outside my network. I followed the "Docker with Let'sEncrypt" guide and easily was able to generate valid LE SSL certs for my domains (media.mydomain.com
and znc.mydomain.com
).
For Jellyfin, everything works fine. I open the port and use the Traefik labels from the examples to route it. I can access the domain media.mydomain.com
from outside the network.
The only thing that refuses to work is ZNC. ZNC is tricky because it uses HTTP and TCP connections. The web admin panel uses HTTP, but I actually don't need to access it from outside my network.
I simply need to expose the TCP service that will allow my IRC clients to connect to the bouncer. Even when I try to enable TCP and HTTP, I get a 404 when visiting znc.mydomain.com
.
Here is my docker-compose.yaml
version: '3'
services:
traefik:
image: "traefik:v2.0.2"
container_name: "traefiktest"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
#- "--certificatesresolvers.mytlschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.mytlschallenge.acme.email=me@mydomain.com"
- "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "8080:8080"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
#- "./traefik.toml:/traefik.toml"
networks:
- traefik
restart: unless-stopped
znc:
image: linuxserver/znc
container_name: znctest
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
volumes:
- /home/me/Data/Programs/Docker/ZNC/config/:/config
ports:
- 6777:6777
- 6501:6501
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.znc.rule=Host(`znc.mydomain.com`)"
- "traefik.http.routers.znc.entrypoints=websecure"
- "traefik.http.routers.znc.tls.certresolver=mytlschallenge"
- "traefik.http.services.znc.loadbalancer.server.port=6777"
# TEST SETTINGS
- "traefik.tcp.routers.znc.rule=Host(`znc.mydomain.com`)"
- "traefik.tcp.routers.znc.tls.certresolver=mytlschallenge"
- "traefik.tcp.routers.znc.service=znc"
networks:
- traefik
restart: unless-stopped
jellyfin:
image: linuxserver/jellyfin
container_name: jellyfintest
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
volumes:
- /home/me/Data/Programs/Docker/Jellyfin/ProgramData/:/config
- /home/me/Data/Media/TV/:/data/tvshows
- /home/me/Data/Media/Movies/:/data/movies
- /home/me/Data/Media/Music/:/data/music
ports:
- 8096:8096
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin.rule=Host(`media.mydomain.com`)"
- "traefik.http.routers.jellyfin.entrypoints=websecure"
- "traefik.http.routers.jellyfin.tls.certresolver=mytlschallenge"
networks:
- traefik
restart: unless-stopped
networks:
traefik:
external: true
Any tips on getting any IRC bouncer to work with Traefik and Docker would be much appreciated.