I am trying to expose web services running as container in a docker swarm via https. This is what I've come up with so far:
version: "3.7"
volumes:
certificates:
services:
proxy:
image: traefik:v2.4
environment:
- EMAIL=tcurdt@foo.com
- DOMAIN=foo.com
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- certificates:/certificates
command:
- --log.level=DEBUG
- --api.insecure=true
# docker
- --providers.docker.swarmmode
- --providers.docker.exposedbydefault=false
# ports
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls=true
# redirects
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
# certificats
- --entrypoints.websecure.http.tls.certResolver=le
- --certificatesresolvers.le.acme.tlschallenge=true
- --certificatesresolvers.le.acme.email=${EMAIL}
- --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
deploy:
placement:
constraints:
- node.role==manager
backend:
image: traefik/whoami
# expose:
# - 80
labels:
- traefik.enable=true
I am still unclear what labels are required to to make traefik find the backend services. The redirecting works, but no backends are responding.
> curl -sk http://127.0.0.1
Moved Permanently
> curl -sk https://127.0.0.1
404 page not found
It seems like traefik is not finding the containers:
> curl -s http://127.0.0.1:8080/api/rawdata | jq
{
"routers": {
"api@internal": {
"entryPoints": [
"traefik"
],
"service": "api@internal",
"rule": "PathPrefix(`/api`)",
"priority": 2147483646,
"status": "enabled",
"using": [
"traefik"
]
},
"dashboard@internal": {
"entryPoints": [
"traefik"
],
"middlewares": [
"dashboard_redirect@internal",
"dashboard_stripprefix@internal"
],
"service": "dashboard@internal",
"rule": "PathPrefix(`/`)",
"priority": 2147483645,
"status": "enabled",
"using": [
"traefik"
]
},
"web-to-websecure@internal": {
"entryPoints": [
"web"
],
"middlewares": [
"redirect-web-to-websecure@internal"
],
"service": "noop@internal",
"rule": "HostRegexp(`{host:.+}`)",
"priority": 2147483646,
"status": "enabled",
"using": [
"web"
]
}
},
"middlewares": {
"dashboard_redirect@internal": {
"redirectRegex": {
"regex": "^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$",
"replacement": "${1}/dashboard/",
"permanent": true
},
"status": "enabled",
"usedBy": [
"dashboard@internal"
]
},
"dashboard_stripprefix@internal": {
"stripPrefix": {
"prefixes": [
"/dashboard/",
"/dashboard"
]
},
"status": "enabled",
"usedBy": [
"dashboard@internal"
]
},
"redirect-web-to-websecure@internal": {
"redirectScheme": {
"scheme": "https",
"port": "443",
"permanent": true
},
"status": "enabled",
"usedBy": [
"web-to-websecure@internal"
]
}
},
"services": {
"api@internal": {
"status": "enabled",
"usedBy": [
"api@internal"
]
},
"dashboard@internal": {
"status": "enabled",
"usedBy": [
"dashboard@internal"
]
},
"noop@internal": {
"status": "enabled",
"usedBy": [
"web-to-websecure@internal"
]
}
}
}
What do I need to change?
It's a real shame that there are no "getting started examples".
At least I couldn't find any.
