Containers within traefik network unable to connect when using domain names

Hello everybody..

I have traefik (docker) running in my server using its own docker-compose file where I also have a named traefik network set as external for other container/services/app/etc.

Then I have many different applications running on that same server within their own docker-compose files.

I'm using traefik labels and everything is working great. Namely my services/app are correctly reverse proxied to the outside world over the internet.

However I just noticed that I'm unable to actually access one service from another. I never had that use-case but it seems it was always like that..

For example I have a gitea and a gitlab server, both running from their own docker-compose files.. And I'm trying to run a woodpecker CI server. But I noticed that the woodpecker server is unable to reach either the gitea or the gitlab server (using the domain name I have for them).

If I run the exact same woodpecker docker-compose file on another machine, it's working. So really this seems related to the fact they are all in the same machine.

So I wonder what should I tweak to have services within traefik to talk to each other using their domain names?

And I also wonder if this is more an OS like config to tweak (the server is running debian), Though I'm able to access any of those services using their domain names e.g. in the terminal, so I don't think it's related to the OS level.

Thank you very much for any detail or direction.

Note:

  • Here is my traefik docker-compose:
version: "3"

services:
  traefik:
    restart: always
    image: traefik:v2.5
    ports:
      - "443:443"
      - "80:80"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.yml:/etc/traefik/traefik.yml
      - ./acme.json:/acme.json

    labels:
      - "traefik.http.middlewares.auth.basicauth.users=__USERNAME__:__PASSWORD_HASH__"
      - "traefik.http.routers.api.middlewares=auth"
      - "traefik.http.routers.api.rule=Host(`__HOSTNAME__`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.entrypoints=https"
      - "traefik.http.routers.api.tls=true"
      - "traefik.http.routers.api.tls.certresolver=traefik_resolver"

networks:
  default:
    external:
      name: traefik
  • Here is an example of my gitea docker-compose:
version: "3"

services:
  server:
    image: gitea/gitea
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
    restart: always
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "222:22"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea.rule=Host(`__GITEA_HOST__`)"
      - "traefik.http.routers.gitea.entrypoints=https"
      - "traefik.http.routers.gitea.tls=true"
      - "traefik.http.routers.gitea.tls.certresolver=traefik_resolver"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"

networks:
  default:
    external:
      name: traefik
  • And here is my woodpecker docker-compose:
version: '3'

services:
  woodpecker-server:
    image: woodpeckerci/woodpecker-server:latest
    volumes:
      - woodpecker-server-data:/var/lib/woodpecker/
    environment:
      - WOODPECKER_OPEN=true
      - WOODPECKER_HOST=__WP_HOST__
      - WOODPECKER_GITEA=true
      - WOODPECKER_GITEA_URL=__GITEA_HOST__
      - WOODPECKER_GITEA_CLIENT=__GITEA_CLIENT__
      - WOODPECKER_GITEA_SECRET=__GITEA_SECRET__
      - WOODPECKER_AGENT_SECRET=__AGENT_SECRET__
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.woodpecker.rule=Host(`__GITEA_HOST__`)"
      - "traefik.http.routers.woodpecker.entrypoints=https"
      - "traefik.http.routers.woodpecker.tls=true"
      - "traefik.http.routers.woodpecker.tls.certresolver=traefik_resolver"
      - "traefik.http.services.woodpecker.loadbalancer.server.port=8000"

  woodpecker-agent:
    image: woodpeckerci/woodpecker-agent:latest
    command: agent
    restart: always
    depends_on:
      - woodpecker-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - WOODPECKER_SERVER=woodpecker-server:9000
      - WOODPECKER_AGENT_SECRET=__AGENT_SECRET__
    labels:
      - "traefik.enable=false"

volumes:
  woodpecker-server-data:

networks:
  default:
    external:
      name: traefik

Does anybody else encountered this problem?

I am having the same issue (running on Ubuntu 20.04). Any luck solving this?

Hello,
I found this other post that is related Container to Container communication by host rule
And also that SO ssl - Docker Traefik can't resolve DNS (Fails reaching server and obtaining certificates) - Stack Overflow
And all possible solutions seem to be listed in this repo (I'm unable to find the original post where I saw this link) GitHub - flexguse/traefik-inter-container-routing: Demo setup for showing how Docker container communication with traefik routing can be used.

Though I didn't tested any of those solutions, I think any of those won't really help (unless I'm not understanding well)..
Let me explain..
For me having a solution that needs me, after each app/service I launch, to go back to the Traefik config and add some options (the container alias names method) remove the interest of having Traefik handling everything automatically.
The same goes for the Add host entry to container method, which needs me to launch the app/service and grab its IP and then go back to the config in order to add the IP.. Not very dynamic nor automatic IMHO..
The set DNS servermethod, I'm not sure it will work, since I don't have any problem to reach the internet (e.g. google.com or whatever domain) from the services..

So the problem I still have is that if I want one service to access another service with its FQDN (when both of my services are behinf traefik) it doesn't work.

I could have use the services name if all my services where within the same docker-compose file but they are not..

Hello everybody, does anyone still have no idea how to solve this?