Hello everybody..
I have traefik (docker) running in my server using its own docker-compose
file where I also have a named traefik
network set as external for other container/services/app/etc.
Then I have many different applications running on that same server within their own docker-compose
files.
I'm using traefik labels and everything is working great. Namely my services/app are correctly reverse proxied to the outside world over the internet.
However I just noticed that I'm unable to actually access one service from another. I never had that use-case but it seems it was always like that..
For example I have a gitea and a gitlab server, both running from their own docker-compose
files.. And I'm trying to run a woodpecker CI server. But I noticed that the woodpecker server is unable to reach either the gitea or the gitlab server (using the domain name I have for them).
If I run the exact same woodpecker docker-compose
file on another machine, it's working. So really this seems related to the fact they are all in the same machine.
So I wonder what should I tweak to have services within traefik to talk to each other using their domain names?
And I also wonder if this is more an OS like config to tweak (the server is running debian), Though I'm able to access any of those services using their domain names e.g. in the terminal, so I don't think it's related to the OS level.
Thank you very much for any detail or direction.
Note:
- Here is my traefik
docker-compose
:
version: "3"
services:
traefik:
restart: always
image: traefik:v2.5
ports:
- "443:443"
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.yml:/etc/traefik/traefik.yml
- ./acme.json:/acme.json
labels:
- "traefik.http.middlewares.auth.basicauth.users=__USERNAME__:__PASSWORD_HASH__"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.routers.api.rule=Host(`__HOSTNAME__`)"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.entrypoints=https"
- "traefik.http.routers.api.tls=true"
- "traefik.http.routers.api.tls.certresolver=traefik_resolver"
networks:
default:
external:
name: traefik
- Here is an example of my gitea
docker-compose
:
version: "3"
services:
server:
image: gitea/gitea
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "222:22"
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitea.rule=Host(`__GITEA_HOST__`)"
- "traefik.http.routers.gitea.entrypoints=https"
- "traefik.http.routers.gitea.tls=true"
- "traefik.http.routers.gitea.tls.certresolver=traefik_resolver"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
networks:
default:
external:
name: traefik
- And here is my woodpecker
docker-compose
:
version: '3'
services:
woodpecker-server:
image: woodpeckerci/woodpecker-server:latest
volumes:
- woodpecker-server-data:/var/lib/woodpecker/
environment:
- WOODPECKER_OPEN=true
- WOODPECKER_HOST=__WP_HOST__
- WOODPECKER_GITEA=true
- WOODPECKER_GITEA_URL=__GITEA_HOST__
- WOODPECKER_GITEA_CLIENT=__GITEA_CLIENT__
- WOODPECKER_GITEA_SECRET=__GITEA_SECRET__
- WOODPECKER_AGENT_SECRET=__AGENT_SECRET__
labels:
- "traefik.enable=true"
- "traefik.http.routers.woodpecker.rule=Host(`__GITEA_HOST__`)"
- "traefik.http.routers.woodpecker.entrypoints=https"
- "traefik.http.routers.woodpecker.tls=true"
- "traefik.http.routers.woodpecker.tls.certresolver=traefik_resolver"
- "traefik.http.services.woodpecker.loadbalancer.server.port=8000"
woodpecker-agent:
image: woodpeckerci/woodpecker-agent:latest
command: agent
restart: always
depends_on:
- woodpecker-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- WOODPECKER_SERVER=woodpecker-server:9000
- WOODPECKER_AGENT_SECRET=__AGENT_SECRET__
labels:
- "traefik.enable=false"
volumes:
woodpecker-server-data:
networks:
default:
external:
name: traefik