thank you for replying that quickly, it has taken my a while to answer as I split the config into a docker-compose file and Traefik configuration file. This led to unexpected challenges but that is different story for now.
-
reads
I know that and it helped (@dduportal) me really a lot to understand how to do the basic.
-
api@internal
I will do plus password protection but I want to start simple first and grow by experience. What is concept behind
api@interal
vsIP-address:port
? -
docs -> API
what is the meaning of {} in# Static Configuration api: {}
Traefik API Documentation - Traefik what could help here is to say to get the outputs of the endpoints by you type
http://yourdomain.com:8080/api/version
like down in another page for http://yourdomain.com:8080/api/rawdata`
Here my are current configs
traefik-config.yaml
global:
checkNewVersion: true
# sendAnonymousUsage: true
#serversTransport:
# insecureSkipVerify: true
# rootCAs:
# - foobar
# maxIdleConnsPerHost: 42
# forwardingTimeouts:
# dialTimeout: 42
# responseHeaderTimeout: 42
# idleConnTimeout: 42
entryPoints:
web:
address: ":80"
#transport:
# lifeCycle:
# requestAcceptGraceTimeout: 42
# graceTimeOut: 42
# respondingTimeouts:
# readTimeout: 42
# writeTimeout: 42
# idleTimeout: 42
#proxyProtocol:
# insecure: true
# trustedIPs:
# - foobar
# - foobar
#forwardedHeaders:
# insecure: true
# trustedIPs:
# - foobar
# - foobar
websecure:
address: ":443"
#traefik_dashboard:
#address: ":8080"
api: # Activate dashboard.
# Enables the web UI @ port 8080/ Traefik will listen on port 8080 by default for API request. / Activate API directly on the entryPoint named traefik. (Default: false) --> port '8080'v= entryPoint 'traefik', overrides --api
insecure: true
# Activate dashboard.
dashboard: true
# Enable additional endpoints for debugging and profiling.
debug: true
providers:
# providersThrottleDuration: 42
docker:
#constraints: foobar
watch: true
# Docker server endpoint. Can be a tcp or a unix socket endpoint. (Default: unix:///var/run/docker.sock)
#endpoint: unix:///var/run/docker.sock
#defaultRule: foobar
#tls:
# ca: foobar
# caOptional: true
# cert: foobar
# key: foobar
# insecureSkipVerify: true
#exposedByDefault: true
#useBindPortIP: true
# swarmMode: true
# network: foobar
# swarmModeRefreshSeconds: 42
not used currently-metrics: # this is only hear to fold/unfold the commented region in Notepad++
#metrics:
# prometheus:
# buckets:
# - 42
# - 42
# addEntryPointsLabels: true
# addServicesLabels: true
# entryPoint: foobar
# manualRouting: true
# datadog:
# address: foobar
# pushInterval: 42
# addEntryPointsLabels: true
# addServicesLabels: true
# statsD:
# address: foobar
# pushInterval: 42
# addEntryPointsLabels: true
# addServicesLabels: true
# prefix: traefik
# influxDB:
# address: foobar
# protocol: foobar
# pushInterval: 42
# database: foobar
# retentionPolicy: foobar
# username: foobar
# password: foobar
# addEntryPointsLabels: true
# addServicesLabels: true
#ping:
# entryPoint: foobar
# manualRouting: true
#
log:
# set debug level of the log
level: DEBUG
# defining the storage location inside the container, log file is written inside the container. To make it avaiable on the host it is mounted, see volumes section in docker-compose file
# chosen based on https://unix.stackexchange.com/questions/104936/where-are-all-the-posibilities-of-storing-a-log-file
filePath: /var/log/traefik-log.log
# Traefik log format: json | common (Default: common)
#format: common
accessLog: # writting the accesslog
# defining the storage location inside the container, log file is written inside the container. To make it avaiable on the host it is mounted, see volumes section in docker-compose file
# chosen based on https://unix.stackexchange.com/questions/104936/where-are-all-the-posibilities-of-storing-a-log-file
filePath: /var/log/traefik-access.log
# Access log format: json | common (Default: common)
#format: common
# filters:
# statusCodes:
# - foobar
# - foobar
# retryAttempts: true
# minDuration: 42
# fields:
# defaultMode: foobar
# names:
# name0: foobar
# name1: foobar
# headers:
# defaultMode: foobar
# names:
# name0: foobar
# name1: foobar
# bufferingSize: 42
#
not used currently-tracing: # this is only hear to fold/unfold the commented region in Notepad++
#tracing:
# serviceName: foobar
# spanNameLimit: 42
# jaeger:
# samplingServerURL: foobar
# samplingType: foobar
# samplingParam: 42
# localAgentHostPort: foobar
# gen128Bit: true
# propagation: foobar
# traceContextHeaderName: foobar
# collector:
# endpoint: foobar
# user: foobar
# password: foobar
# zipkin:
# httpEndpoint: foobar
# sameSpan: true
# id128Bit: true
# sampleRate: 42
# datadog:
# localAgentHostPort: foobar
# globalTag: foobar
# debug: true
# prioritySampling: true
# traceIDHeaderName: foobar
# parentIDHeaderName: foobar
# samplingPriorityHeaderName: foobar
# bagagePrefixHeaderName: foobar
# instana:
# localAgentHost: foobar
# localAgentPort: 42
# logLevel: foobar
# haystack:
# localAgentHost: foobar
# localAgentPort: 42
# globalTag: foobar
# traceIDHeaderName: foobar
# parentIDHeaderName: foobar
# spanIDHeaderName: foobar
# baggagePrefixHeaderName: foobar
#
not used currently-hostResolver: # this is only hear to fold/unfold the commented region in Notepad++
#hostResolver:
# cnameFlattening: true
# resolvConfig: foobar
# resolvDepth: 42
#
certificatesResolvers:
tlsChallenge_letsencrypt:
acme:
email: my.secret@gmail.com
# CA server to use. (Default: https://acme-v02.api.letsencrypt.org/directory)
#caServer:
# location chosen based on on https://www.getpagespeed.com/server-setup/ssl-directory and https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux
storage: /etc/ssl/certs/letsencrypt/acme.json
# KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. (Default: RSA4096)
#keyType: {}
#dnsChallenge:
# provider: foobar
# delayBeforeCheck: 42
# resolvers:
# - foobar
# - foobar
# disablePropagationCheck: true
#httpChallenge:
# entryPoint: foobar
tlsChallenge: true
#CertificateResolver1:
# acme:
# email: my.secret@gmail.com
# caServer: foobar
# storage: foobar
# keyType: foobar
# dnsChallenge:
# provider: foobar
# delayBeforeCheck: 42
# resolvers:
# - foobar
# - foobar
# disablePropagationCheck: true
# httpChallenge:
# entryPoint: foobar
# tlsChallenge: {}
traefikV2.yaml
version: "3.7"
services:
traefik-reverse-proxy:
# The official v2.0 Traefik docker image
image: traefik:latest
#image: traefik:v2.0
container_name: "traefik"
command:
# to work with custom traefil configuration file you have to declare the local path and mount the location on the host, see volume section
- --configFile=/etc/traefik/traefik-config.yaml
ports:
# The HTTP port
- "80:80"
# The HTTPS port
- "443:443"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
volumes: # syntax --> host-location:path-in-container, see https://docs.docker.com/compose/compose-file/#volumes
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
# mount the location for the log files to the host, so that I can read them on the host
# chosen based on https://unix.stackexchange.com/questions/104936/where-are-all-the-posibilities-of-storing-a-log-file
- /var/log/traefik:/var/log
# mount the location for the certifcates to the host, so that I can read them on the host
#based on https://www.getpagespeed.com/server-setup/ssl-directory and https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux
- /etc/ssl/certs/traefik/letsencrypt:/etc/ssl/certs/letsencrypt
# I use a customized "traefik.toml", so it has to be mounted into the traefik container (or stored there), combine
# https://stackoverflow.com/questions/47382756/why-is-my-traefik-toml-file-not-be-read-by-docker-compose-configuration
# https://stackoverflow.com/questions/57200728/can-the-default-location-of-the-traefik-configuration-file-be-changed-in-the-off
# https://stackoverflow.com/questions/45902133/how-to-use-custom-traefik-toml-file
# https://docs.traefik.io/getting-started/configuration-overview/
- /opt/traefik/traefik-config.yaml:/etc/traefik/traefik-config.yaml
labels:
- "traefik.enable=true"
- "traefik.docker.network=bridge_proxy_traefikv2"
- "traefik.http.routers.traefik_dashboard.rule=Host(`traefik.fairbnb.community`)"
- "traefik.http.routers.traefik_dashboard.entrypoints=web"
- "traefik.http.services.traefik_dashboard.loadBalancer.server.port=8080"
#- "traefik.http.routers.traefik_dashboard.service=api@internal"
networks:
- traefik
#- default
#Tiny Go webserver that prints os information and HTTP request to output
# whoami:
# image: "containous/whoami"
# container_name: "whoami"
# labels:
# - "traefik.enable=true"
# - "traefik.docker.network=bridge_proxy_traefikv2"
# - "traefik.http.routers.whoami.rule=Host(`fairbnb.community`)"
# - "traefik.http.routers.whoami.entrypoints=web"
# - "traefik.http.services.whoami.loadBalancer.server.port=80"
# networks:
# - traefik
# #- default
whoami_sub:
image: "containous/whoami"
container_name: "whoami_sub"
labels:
- "traefik.enable=true"
- "traefik.name=whoami_sub"
- "traefik.docker.network=bridge_proxy_traefikv2"
- "traefik.http.routers.whoami_sub.rule=Host(`whoami.fairbnb.community`)"
- "traefik.http.routers.whoami_sub.entrypoints=web"
#- "traefik.http.services.whoami_sub.loadBalancer.server.port=80"
networks:
- traefik
#- default
networks:
traefik:
external:
name: bridge_proxy_traefikv2
I changed to 8080, thus the redirect loop is history but there is a new problem. I get redirected to
http://traefik.fairbnb.community/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/dashboard/
I tried also
- "traefik.http.services.traefik_dashboard.loadBalancer.server.port=8080"
#- "traefik.http.routers.traefik_dashboard.service=api@internal"
the logs are in thex next reply
could it be related to a string substitute in the url by the middleware
just noticed
although dahsboard is ok