I would like to share the dashboard without having to provide the api.insecure flag.
Right now I'm trying to route a specific host to the api@internal service.
But looks like that the rule is never created, this is my config:
version: "3.3"
networks:
public:
external: true
name: macvlan-public
web:
external: false
internal: false
name: proxy
services:
traefik:
image: "traefik:v2.6"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
# Docker configuration
- "--providers.docker=true"
- "--providers.docker.network=web"
- "--providers.docker.exposedbydefault=false"
# Configure entrypoint
- "--entrypoints.web.address=:80"
# Enable dashboard
- "--api"
labels:
- "traefik.enable=true"
- "traefik.http.routers.proxy.rule=Host(`traefik.mydomain.com`)"
- "traefik.http.routers.proxy.entrypoints=web"
- "traefik.http.routers.proxy.service=api@internal"
networks:
- public
- web
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "traefik/whoami"
container_name: "simple-service"
networks:
- web
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=web"
I can access correctly the whoami service with whoami.mydomain.com, but I cannot access the api endpoint via traefik.mydomain.com
The web network is a simple bridge networks where allt he containers that want to connect to the net have to be attached. The public network instead is a macvlan, this is a vlan/subnet to separate the traffic that comes and goes to internet from my shared services (intranet, traefik.mydomain.com can be resolved only locally).
The mydomain.com domain is resolved by the local dns server and it reply with the IP of the traefik container. (public interface)
Am I doing something wrong?