thierry
February 16, 2025, 5:34pm
1
Hello, long time
I have jump to Traefik v3.3. All is working except Gotify.
services:
gotify:
image: gotify/server:2.6.1
container_name: gotify
volumes:
- $BASE/gotify:/app/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
command:
- "--host=tcp://g-docker-socket-proxy:2375"
security_opt:
- no-new-privileges:true
depends_on:
- dockerproxy
networks:
- mynet
- socket-g
environment:
- TZ=Europe/Helsinki
- GOTIFY_SERVER_PORT=8081
labels:
# Traefik Redirect to HTTPS
- "traefik.http.middlewares.redirect-https.redirectScheme.scheme=https"
- "traefik.http.middlewares.redirect-https.redirectScheme.permanent=true"
# Traefik Router + Service Configuration
- "traefik.http.routers.gotify-server.rule=Host(`gotify mynet.org`)"
- "traefik.http.routers.gotify-server.entrypoints=https-external"
- "traefik.http.routers.gotify-server.tls=true"
- "traefik.http.routers.gotify-server.tls.certresolver=cloudflare"
- "traefik.http.routers.gotify-server.middlewares=redirect-https"
- "traefik.http.routers.gotify-server.service=gotify-server"
- "traefik.http.services.gotify-server.loadbalancer.passhostheader=true"
- "traefik.http.services.gotify-server.loadbalancer.server.port=8081"
- "traefik.http.services.gotify-server.loadbalancer.sticky=true"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto = http"
- "traefik.http.routers.gotify-server.service.loadbalancer.server.respondingTimeouts.readTimeout=420"
- "traefik.http.routers.gotify-server.service.loadbalancer.server.respondingTimeouts.writeTimeout=420"
- "traefik.http.routers.gotify-server.service.loadbalancer.server.respondingTimeouts.idleTimeout=420"
- "traefik.docker.network mynet"
#- "traefik.enable=true"
#- "traefik.http.routers.gotify.entrypoints=http-external"
#- "traefik.http.routers.gotify.rule=Host(`gotify mynet.org`)"
#- "traefik.http.middlewares.gotify-https-redirect.redirectscheme.scheme=https"
#- "traefik.http.routers.gotify.middlewares=gotify-https-redirect"
#- "traefik.http.routers.gotify-secure.entrypoints=https-external"
#- "traefik.http.routers.gotify-secure.rule=Host(`gotify mynet.org`)"
#- "traefik.http.routers.gotify-secure.tls=true"
#- "traefik.http.routers.gotify-secure.service=gotify"
#- "traefik.http.services.gotify.loadbalancer.server.port=8081"
#- "traefik.docker.network mynet"
dockerproxy:
image: wollomatic/socket-proxy:1.5.4
container_name: g-docker-socket-proxy
command:
- -loglevel=info # change to info in prod
- -allowfrom=gotify
- -listenip=0.0.0.0
- -shutdowngracetime=5
- -allowGET=/containers/.*
- -watchdoginterval=600
- -stoponwatchdog
restart: unless-stopped
read_only: true
mem_limit: 64M
cap_drop:
- ALL
security_opt:
- no-new-privileges
user: 65534:110 # change gid from 998 to the gid of the docker group on your host
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- socket-g
networks:
socket-g:
internal: true
attachable: false
mynet:
external: true
gotify:
entryPoints:
- "https-external"
rule: "Host(`gotify.mynet.org`)"
middlewares:
- https-redirectscheme
#- authentik
tls: {}
service: gotify
gotify:
loadBalancer:
servers:
- url: "http://192.168.xxx.XXX:8081"
passHostHeader: true
Concerning the traefik commented labels, when using its, sometimes it is working for a certain amount of time until I have the websocket time out.
Thx
I can spot 3 potential issues:
thierry
February 17, 2025, 6:03am
3
Hi,
services:
gotify:
image: gotify/server:2.6.1
container_name: gotify
volumes:
- $BASE/gotify:/app/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
command:
- "--host=tcp://g-docker-socket-proxy:2375"
security_opt:
- no-new-privileges:true
depends_on:
- dockerproxy
networks:
- mynet
- socket-g
environment:
- TZ=Europe/Helsinki
- GOTIFY_SERVER_PORT=8081
labels:
- "traefik.enable=true"
# Traefik Redirect to HTTPS
- "traefik.http.middlewares.redirect-https.redirectScheme.scheme=https"
- "traefik.http.middlewares.redirect-https.redirectScheme.permanent=true"
# Traefik Router + Service Configuration
- "traefik.http.routers.gotify-server.rule=Host(`gotify.mynet.org`)"
- "traefik.http.routers.gotify-server.entrypoints=https-external"
- "traefik.http.routers.gotify-server.tls=true"
- "traefik.http.routers.gotify-server.tls.certresolver=cloudflare"
- "traefik.http.routers.gotify-server.middlewares=redirect-https"
- "traefik.http.routers.gotify-server.service=gotify-server"
- "traefik.http.services.gotify-server.loadbalancer.passhostheader=true"
- "traefik.http.services.gotify-server.loadbalancer.server.port=8081"
- "traefik.http.services.gotify-server.loadbalancer.sticky=true"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto = http"
- "traefik.http.routers.gotify-server.service.loadbalancer.server.respondingTimeouts.readTimeout=420"
- "traefik.http.routers.gotify-server.service.loadbalancer.server.respondingTimeouts.writeTimeout=420"
- "traefik.http.routers.gotify-server.service.loadbalancer.server.respondingTimeouts.idleTimeout=420"
- "traefik.docker.network=mynet"
#- "traefik.enable=true"
#- "traefik.http.routers.gotify.entrypoints=http-external"
#- "traefik.http.routers.gotify.rule=Host(`gotify.mynet.org`)"
#- "traefik.http.middlewares.gotify-https-redirect.redirectscheme.scheme=https"
#- "traefik.http.routers.gotify.middlewares=gotify-https-redirect"
#- "traefik.http.routers.gotify-secure.entrypoints=https-external"
#- "traefik.http.routers.gotify-secure.rule=Host(`gotify.mynet.org`)"
#- "traefik.http.routers.gotify-secure.tls=true"
#- "traefik.http.routers.gotify-secure.service=gotify"
#- "traefik.http.services.gotify.loadbalancer.server.port=8081"
#- "traefik.docker.network=mynet"
dockerproxy:
image: wollomatic/socket-proxy:1.5.4
container_name: g-docker-socket-proxy
command:
- -loglevel=info # change to info in prod
- -allowfrom=gotify
- -listenip=0.0.0.0
- -shutdowngracetime=5
- -allowGET=/containers/.*
- -watchdoginterval=600
- -stoponwatchdog
restart: unless-stopped
read_only: true
mem_limit: 64M
cap_drop:
- ALL
security_opt:
- no-new-privileges
user: 65534:110 # change gid from 998 to the gid of the docker group on your host
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- socket-g
networks:
socket-g:
internal: true
thierry
February 17, 2025, 7:30am
4
I have put back my original config, it is now working until the websocket pb appear, in the same time I have add three new flags in the command :
services:
gotify:
image: gotify/server:2.6.1
container_name: gotify
volumes:
- $BASE/gotify:/app/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
command:
- "--host=tcp://g-docker-socket-proxy:2375"
- "--entryPoints.https-external.transport.respondingTimeouts.readTimeout=420"
- "--entryPoints.https-external.transport.respondingTimeouts.writeTimeout=420"
- "--entryPoints.https-external.transport.respondingTimeouts.idleTimeout=420"
security_opt:
- no-new-privileges:true
depends_on:
- dockerproxy
networks:
- mynet
- socket-g
environment:
- TZ=Europe/Helsinki
- GOTIFY_SERVER_PORT=8081
labels:
- "traefik.enable=true"
- "traefik.http.routers.gotify.entrypoints=http-external"
- "traefik.http.routers.gotify.rule=Host(`gotify.domain.org`)"
- "traefik.http.middlewares.gotify-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.gotify.middlewares=gotify-https-redirect"
- "traefik.http.routers.gotify-secure.entrypoints=https-external"
- "traefik.http.routers.gotify-secure.rule=Host(`gotify.domain.org`)"
- "traefik.http.routers.gotify-secure.tls=true"
- "traefik.http.routers.gotify-secure.service=gotify"
- "traefik.http.services.gotify.loadbalancer.server.port=8081"
- "traefik.docker.network=mynet"
dockerproxy:
image: wollomatic/socket-proxy:1.5.4
container_name: g-docker-socket-proxy
command:
- -loglevel=info # change to info in prod
- -allowfrom=gotify
- -listenip=0.0.0.0
- -shutdowngracetime=5
- -allowGET=/containers/.*
- -watchdoginterval=600
- -stoponwatchdog
restart: unless-stopped
read_only: true
mem_limit: 64M
cap_drop:
- ALL
security_opt:
- no-new-privileges
user: 65534:110 # change gid from 998 to the gid of the docker group on your host
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- socket-g
networks:
socket-g:
internal: true
attachable: false
mynet:
external: true
thierry
February 17, 2025, 7:42am
5
I am writing to seek clarification regarding the correct way to specify the port number when using Docker and Traefik.
Today, I am a bit confused about how to properly configure the port number. If I am not mistaken, when using Docker and Traefik, I should not add any port number in the Docker configuration except for the "loadbalancer.server.port". It is Traefik that will reroute the traffic to the Docker container.
If my understanding is correct, I apologize for any confusion, but it seems that the current configuration for Gotify might be incorrect because I have added a port number.and "traefik.http.services.gotify.loadbalancer.server.port=8081"
Could you please confirm if this is the correct approach or provide guidance on the proper configuration?
Is it right ?
Thx
thierry
February 17, 2025, 8:10am
6
It break again .... Error 502.
The first one tells the application itself which port to use, the second one tells Traefik which port to use - so the port number should be the same.
It seems the application has a lot of env var config options (doc ), from best practice (without knowing the application) I would recommend:
GOTIFY_SERVER_SSL_ENABLED=false
GOTIFY_SERVER_SSL_REDIRECTTOHTTPS=false
GOTIFY_SERVER_SSL_LETSENCRYPT_ENABLED=false
thierry
February 17, 2025, 12:21pm
8
Ok I have applied your input, it break again.
gotify:
loadBalancer:
servers:
- url: "http://192.168.xxxxx:8081"
passHostHeader: true
When you tells the apps itself which port to use, an't you exposing this port to outside ??
My Gotify compose.yaml (maybe this will help).
services:
gotify:
image: gotify/server
container_name: gotify
restart: unless-stopped
environment:
- TZ=Phobos/Maelstrom
security_opt:
- no-new-privileges=true
volumes:
- data:/app/data
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.gotify.entrypoints=web-external"
- "traefik.http.routers.gotify.rule=Host(`go.somedomain`)"
- "traefik.http.middlewares.gotify-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.gotify.middlewares=gotify-https-redirect"
- "traefik.http.routers.gotify-secure.entrypoints=websecure-external"
- "traefik.http.routers.gotify-secure.rule=Host(`go.somedomain`)"
- "traefik.http.routers.gotify-secure.service=gotify"
- "traefik.http.services.gotify.loadbalancer.server.port=80"
networks:
proxy:
external: true
volumes:
data:
Anything else?
if I comment out #- GOTIFY_SERVER_PORT=8081 and leave - "traefik.http.services.gotify.loadbalancer.server.port=8081" commented, I do not have anymore access to the gotify URL ...
services:
gotify:
image: gotify/server:2.6.1
container_name: gotify
volumes:
- $BASE/gotify:/app/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
command:
- "--host=tcp://g-docker-socket-proxy:2375"
- "--entryPoints.https-external.transport.respondingTimeouts.readTimeout=420"
- "--entryPoints.https-external.transport.respondingTimeouts.writeTimeout=420"
- "--entryPoints.https-external.transport.respondingTimeouts.idleTimeout=420"
security_opt:
- no-new-privileges:true
depends_on:
- dockerproxy
networks:
- mynet
- socket-g
environment:
- TZ=Europe/Helsinki
#- GOTIFY_SERVER_PORT=8081
- GOTIFY_SERVER_SSL_ENABLED=false
- GOTIFY_SERVER_SSL_REDIRECTTOHTTPS=false
- GOTIFY_SERVER_SSL_LETSENCRYPT_ENABLED=false
labels:
- "traefik.enable=true"
- "traefik.http.routers.gotify.entrypoints=http-external"
- "traefik.http.routers.gotify.rule=Host(`gotify.domain.org`)"
- "traefik.http.middlewares.gotify-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.gotify.middlewares=gotify-https-redirect"
- "traefik.http.routers.gotify-secure.entrypoints=https-external"
- "traefik.http.routers.gotify-secure.rule=Host(`gotify.domains.org`)"
- "traefik.http.routers.gotify-secure.tls=true"
- "traefik.http.routers.gotify-secure.service=gotify"
- "traefik.http.services.gotify.loadbalancer.server.port=8081"
- "traefik.docker.network=mynet"
dockerproxy:
image: wollomatic/socket-proxy:1.5.4
container_name: g-docker-socket-proxy
command:
- -loglevel=info # change to info in prod
- -allowfrom=gotify
- -listenip=0.0.0.0
- -shutdowngracetime=5
- -allowGET=/containers/.*
- -watchdoginterval=600
- -stoponwatchdog
restart: unless-stopped
read_only: true
mem_limit: 64M
cap_drop:
- ALL
security_opt:
- no-new-privileges
user: 65534:110 # change gid from 998 to the gid of the docker group on your host
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- socket-g
networks:
socket-g:
internal: true
attachable: false
mynet:
external: true
This is a Traefik forum, we donβt know all the applications used.
It's probably better you understand the requirements of your application first (protocols, ports, paths) and then ask here for Traefik configuration support.
That's because you have assigned a custom port (8081) to the container. The default port is "80". I don't see the advantage in changing it, but if you must, then do not comment out that variable, and you must then use "8081" in the loadbalancer.
You've also added complexity to the Gotify compose. I would first establish that Gotify works in a simple manner before adding all those bits.
Problem Resolved
I am pleased to report that the issue has been successfully resolved. Initially, I removed the exposed port and excluded Gotify from the dynamic configuration file. The root cause was a misconfiguration on my part. When utilizing Traefik, it is essential not to expose ports directly in the product's Docker Compose file, as Traefik handles the routing. The Gotify configuration had become overly complex due to various online recommendations aimed at addressing the error 502 issue. Thank you for your assistance.
