Exposing an external IP adress through traefik

Traefik Traefik v3 (latest)
,
1

Hello,

I am having trouble exposing external machines through traefik, with the same SSL certificate as my other services.
I have, up to this point, only used traefik to expose docker containers present on the same machine as traefik itself and so I find myself a bit lost.

I simply want to expose the adress http://192.168.1.20:8080 through traefik under subdomain https://panel.MYDOMAIN.COM.

Here is my configuration right now :

traefik's service in docker compose :

traefik:
    image: traefik:latest
    container_name: traefik
    environment:
      - TZ=${TIMEZONE}
      - REDACTED_ACCESS_TOKEN=${REDACTED_ACCESS_TOKEN}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${CONTAINERS_DIR}/traefik:/traefik
    ports:
      - 80:80
      - 443:443
      - 81:8080
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      - --api.insecure=true
      - --certificatesresolvers.myresolver.acme.dnschallenge=true
      - --certificatesresolvers.myresolver.acme.dnschallenge.provider=redacted
      - --certificatesresolvers.myresolver.acme.email=${EMAIL_ADRESS}
      - --certificatesresolvers.myresolver.acme.storage=/traefik/letsencrypt/acme.json
    restart: unless-stopped

other service exposed through traefik example :

uptime-kuma:
    image: louislam/uptime-kuma:latest
    container_name: uptime-kuma
    volumes:
      - ${CONTAINERS_DIR}/uptime-kuma:/app/data
    ports:
      - 3002:3001
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.routers.uptime_kuma.rule=Host(`${DOMAIN_NAME}`)
      - traefik.http.routers.uptime_kuma.entrypoints=websecure
      - traefik.http.routers.uptime_kuma.tls.certresolver=myresolver

The config as presented up here works flawlessly. What I am trying to do now is exposing a simple static IP adress to my domain name using the same acme as my docker containers.

I ideally would like to achieve this without having to use a config file (through commands or environment variables in traefik's docker config) but if this is the only way it's okay.
I have previously tried linking a config file to traefik by adding - --providers.file.filename=/traefik/config/static_config.yml to its config. The file i created looked like this :

static_config.yml :

http:
  routers:
    amp:
      rule: Host(`panel.MYDOMAIN.COM`)
      service: amp
      entrypoints: websecure
      tls:
          certresolver: myresolver
  services:
    amp:
      loadBalancer:
        servers:
          - url: http://192.168.1.20:8080

This then makes traefik throw error after error in the log files and clearly doesn't work but I can't figure out why.
Are settings through file and settings through docker compose incompatible ? Is my configuration just wrong ? Do I have to define my acme challenge again in the file ?

Any help would be much appreciated !
Thank you in advance.

2

Please don’t share the errors :wink:, as they might contain valuable information what the issue is.

Check simple Traefik external example. If customRequestHeaders.Host is required depends on your target service.

This year external URLs were enabled in Docker labels (doc), so you don’t need an extra file:

traefik.http.services.myservice.loadbalancer.server.url=http://foobar:8080
3

I finally managed to get it to work and I don't even know why traefik works the way it does. I haven't learned anything new and what I've done is probably hacky but it works.
My config looks like this right now :

traefik:
    image: traefik:latest
    container_name: traefik
    environment:
      - TZ=${TIMEZONE}
      - REDACTED_ACCESS_TOKEN=${REDACTED_ACCESS_TOKEN}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${CONTAINERS_DIR}/traefik:/traefik
    ports:
      - 80:80
      - 443:443
      - 81:8080
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      - --api.insecure=true
      - --certificatesresolvers.myresolver.acme.dnschallenge=true
      - --certificatesresolvers.myresolver.acme.dnschallenge.provider=redacted
      - --certificatesresolvers.myresolver.acme.email=${EMAIL_ADRESS}
      - --certificatesresolvers.myresolver.acme.storage=/traefik/letsencrypt/acme.json
    labels:
      - traefik.enable=true
      - traefik.http.routers.myServiceName.rule=Host(`subdomain.${DOMAIN_NAME}`)
      - traefik.http.routers.myServiceName.entrypoints=websecure
      - traefik.http.routers.myServiceName.tls.certresolver=myresolver
      - traefik.http.services.myServiceName.loadbalancer.server.url=http://192.168.1.20:8080
    restart: unless-stopped

From what I get, I simply said to traefik to expose itself but told it that it was on a different IP adress. There probably exists a cleaner way to do this but this is the only way that worked for me.
Hope this can help another lost soul

4

You complain about errors, but you still haven't shared them with us:

Traefik is a complex tool, it's not a simple hobby solution. I recommend to read Traefik docs to understand the basic functionality, start with configuration, requests, routers, services.