I'm trying to setup Traefik in such a way, that I don't have to add anything to the services in my docker-compose other than "traefik.enable=true" label
I came up with the following setup:
log:
level: INFO
api:
insecure: false
dashboard: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
http:
tls: {}
http:
middlewares:
services-ipwhitelist:
ipWhiteList:
sourceRange:
- "127.0.0.1/32"
- "10.0.1.0/24"
services-compress:
compress: {}
routers:
websecure-ipwhitelist-catchall:
rule: hostregexp(`{host:.+}`)
entrypoints:
- websecure
middlewares:
- services-ipwhitelist
websecure-compress-catchall:
rule: hostregexp(`{host:.+}`)
entrypoints:
- websecure
middlewares:
- services-compress
providers:
file:
filename: /etc/traefik/tls.yaml
docker:
endpoint: unix:///var/run/docker.sock
watch: true
exposedByDefault: false
defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.mydomain.com`)"
Unfortunately, the neither of the middlewares is applied. I tried having just one catch-all router, with both of the middlewares - same issue.
I'm still able to reach the services from e.g. 10.0.0.0/24 network.
I also tried (instead catch-all routers) adding middlewares under the entryPoints.websecure.http, but then I'm getting the level=error msg="middleware \"services-ipwhitelist@docker\" does not exist" entryPointName=websecure routerName=websecure-traefik@docker. Similarly if I list them as service-ipwhitelist@file.
What am I missing?