I would like to share the dashboard without having to provide the api.insecure flag.
Right now I'm trying to route a specific host to the api@internal
service.
But looks like that the rule is never created, this is my config:
version: "3.3"
networks:
public:
external: true
name: macvlan-public
web:
external: false
internal: false
name: proxy
services:
traefik:
image: "traefik:v2.6"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
# Docker configuration
- "--providers.docker=true"
- "--providers.docker.network=web"
- "--providers.docker.exposedbydefault=false"
# Configure entrypoint
- "--entrypoints.web.address=:80"
# Enable dashboard
- "--api"
labels:
- "traefik.enable=true"
- "traefik.http.routers.proxy.rule=Host(`traefik.mydomain.com`)"
- "traefik.http.routers.proxy.entrypoints=web"
- "traefik.http.routers.proxy.service=api@internal"
networks:
- public
- web
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "traefik/whoami"
container_name: "simple-service"
networks:
- web
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=web"
I can access correctly the whoami
service with whoami.mydomain.com
, but I cannot access the api
endpoint via traefik.mydomain.com
The web
network is a simple bridge networks where allt he containers that want to connect to the net have to be attached. The public
network instead is a macvlan
, this is a vlan/subnet to separate the traffic that comes and goes to internet from my shared services (intranet, traefik.mydomain.com
can be resolved only locally).
The mydomain.com
domain is resolved by the local dns server and it reply with the IP of the traefik container. (public interface)
Am I doing something wrong?