Connect specific router to service on separate ports in docker-compose

Traefik Traefik v2
1

In Traefik 1 you could connect two different frontends to two separate ports on the same container.

In my case that was sending git.MYDOMAIN to gitlab and *.pages.MYDOMAIN to gitlab pages (running in their omnibus container)

However with traefik 2 I cant seem to figure out how to point a router to a specific service.loadbalancer.port. I might just be blind, but I would appreciate it greatly if anyone knew how to connect two different routers to two different services with docker labels.

My labels:

- "traefik.enable=true"

- "traefik.http.routers.gitlab-main-http.rule=Host(`git.dodsorf.as`)"
- "traefik.http.routers.gitlab-main-http.entrypoints=web"
- "traefik.http.routers.gitlab-main-http.middlewares=redirect@file"

- "traefik.http.routers.gitlab-main-https.rule=Host(`git.dodsorf.as`)"
- "traefik.http.routers.gitlab-main-https.tls=true"
- "traefik.http.routers.gitlab-main-https.tls.certresolver=normal"
- "traefik.http.routers.gitlab-main-https.entrypoints=websecure"

- "traefik.http.routers.gitlab-pages-http.rule=Host(`pages.dodsorf.as`) || HostRegexp(`{[a-z]+}.pages.dodsorf.as`)"
- "traefik.http.routers.gitlab-pages-http.entrypoints=web"
- "traefik.http.routers.gitlab-pages-http.middlewares=redirect@file"

- "traefik.http.routers.gitlab-pages-https.rule=Host(`pages.dodsorf.as`) || HostRegexp(`{[a-z]+}.pages.dodsorf.as`)"
- "traefik.http.routers.gitlab-pages-https.tls=true"
- "traefik.http.routers.gitlab-pages-https.tls.certresolver=pages"
- "traefik.http.routers.gitlab-pages-https.tls.domains.main=pages.dodsorf.as"
- "traefik.http.routers.gitlab-pages-https.tls.domains.sans=*.pages.dodsorf.as"

Also if anyone has any hints on how to reduce all the boileplate it would be much appreciated

2

For now, this part lacks a little doc on the subject in the Docker section.

But, it's pretty easy: a router (the rule) is linked to a service (the servers)

So you need to define a relation between the router and the service (as with segment labels):

# Router named "tomato"
- "traefik.http.routers.tomato.rule=Host(`tomato.com`)"
- "traefik.http.routers.tomato.service=strawberry"

# Service named "strawberry"
- "traefik.http.services.strawberry.loadbalancer.server.port=80


# Router named "carrot"
- "traefik.http.routers.carrot.rule=Host(`carrot.com`)"
- "traefik.http.routers.carrot.service=orange"

# Service named "orange"
- "traefik.http.services.orange.loadbalancer.server.port=81

Otherwise, there is some errors in your configuration:

- "traefik.http.routers.gitlab-pages-https.rule=Host(`pages.dodsorf.as`) || HostRegexp(`{[a-z]+}.pages.dodsorf.as`)"
- "traefik.http.routers.gitlab-pages-https.entrypoints=websecure"
- "traefik.http.routers.gitlab-pages-https.tls=true"
- "traefik.http.routers.gitlab-pages-https.tls.certresolver=pages"
- "traefik.http.routers.gitlab-pages-https.tls.domains[0].main=pages.dodsorf.as"
- "traefik.http.routers.gitlab-pages-https.tls.domains[0].sans=*.pages.dodsorf.as"

also I recommend to use only one resolver with 2 challenges inside.

By example (TLS-ALPN + DNS):

--entryPoints.web.address=":80"
--entryPoints.websecure.address=":443"
# ...
--certificatesResolvers.sugar.acme.email="your-email@your-domain.org"
--certificatesResolvers.sugar.acme.httpChallenge.entryPoint=web
--certificatesResolvers.sugar.acme.dnsChallenge.provider=digitalocean
1 Like
3

Wow thanks for the quick indepth answer

I see, I figured it would be something like this but didn't manage to see it, much thanks.
Setting

- "traefik.http.services.orange.loadbalancer.**server**.port=80

With the routers.<router>.service thing works!

ah so I do need the domains[0] thing, I was unsure if it was meant literally, thanks

I've gone ahead and done this, but is there a particular reason it's recommended?

Thanks for all your help

4

Most of it seems to work, but traefik can't get a cert for *.pages.dodsorf.as, complaining about:

Error -> One or more domains had a problem:\n[*.pages.dodsorf.as] [*.pages.dodsorf.as] acme: could not determine solvers\n" providerName=gitlab.acme

static labels:

      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"


      - "--certificatesresolvers.normal.acme.httpchallenge=true"
      - "--certificatesresolvers.normal.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.normal.acme.email=admin@dodsorf.as"
      - "--certificatesresolvers.normal.acme.storage=/acme/normal.json"

      - "--certificatesresolvers.gitlab.acme.dnschallenge=true"
      - "--certificatesResolvers.gitlab.acme.dnsChallenge.provider=digitalocean"
      - "--certificatesResolvers.gitlab.acme.dnsChallenge.delayBeforeCheck=0"

      - "--certificatesresolvers.gitlab.acme.httpchallenge=true"
      - "--certificatesresolvers.gitlab.acme.httpchallenge.entrypoint=web"

      - "--certificatesresolvers.gitlab.acme.email=admin@dodsorf.as"
      - "--certificatesresolvers.gitlab.acme.storage=/acme/gitlab.json"

dynamic labels:

      - "traefik.enable=true"

      - "traefik.http.routers.gitlab-main-http.rule=Host(`git.dodsorf.as`)"
      - "traefik.http.routers.gitlab-main-http.entrypoints=web"
      - "traefik.http.routers.gitlab-main-http.middlewares=redirect@file"
      - "traefik.http.routers.gitlab-main-http.service=gitlab-main"

      - "traefik.http.services.gitlab-main.loadbalancer.server.port=80"

      - "traefik.http.routers.gitlab-main-https.rule=Host(`git.dodsorf.as`)"
      - "traefik.http.routers.gitlab-main-https.tls=true"
      - "traefik.http.routers.gitlab-main-https.tls.certresolver=gitlab"
      - "traefik.http.routers.gitlab-main-https.entrypoints=websecure"
      - "traefik.http.routers.gitlab-main-https.service=gitlab-main"

      - "traefik.http.routers.gitlab-pages-http.rule=Host(`pages.dodsorf.as`) || HostRegexp(`{[a-z]+}.pages.dodsorf.as`)"
      - "traefik.http.routers.gitlab-pages-http.entrypoints=web"
      - "traefik.http.routers.gitlab-pages-http.middlewares=redirect@file"
      - "traefik.http.routers.gitlab-pages-http.service=gitlab-pages"

      - "traefik.http.services.gitlab-pages.loadbalancer.server.port=8091"

      - "traefik.http.routers.gitlab-pages-https.rule=Host(`pages.dodsorf.as`) || HostRegexp(`{[a-z]+}.pages.dodsorf.as`)"
      - "traefik.http.routers.gitlab-pages-https.entrypoints=websecure"
      - "traefik.http.routers.gitlab-pages-https.tls=true"
      - "traefik.http.routers.gitlab-pages-https.tls.certresolver=gitlab"
      - "traefik.http.routers.gitlab-pages-https.tls.domains[0].main=pages.dodsorf.as"
      - "traefik.http.routers.gitlab-pages-https.tls.domains[0].sans=*.pages.dodsorf.as"
      - "traefik.http.routers.gitlab-pages-https.service=gitlab-pages"
5

it's related to:

So just use certificatesresolvers everywhere instead of certificatesResolvers.

The problem with the case will be fixed in the next version.

6

Thank you, that worked!

For anyone viewing the thread in the future. Check the edit history of the post/comments, Idez has edited my wrong config and fixed the errors.

This makes it very easy to see what's wrong because of the diff view, but its confusing for later readers of the thread.