I am trying to get a simple Traefik docker container running. The things I am trying to do are:
- Get Let's Encrypt working
- Get the dashboard working
- Define the routers and middleware on a config file so that there is only one tag needed on each docker containers and there is a central config.
This seems like it should be easier than it is presenting itself. I have read through the documentation and can't seem to even get the dashboard working in secure mode. Any help would be appreciated.
If you want to expose docker containers, you are better off using the docker provider, and not file provider, because that's what docker provider is for. In particular it's responsible for detecting/configuring your container end points, which could be tricky with a file provider. How are you going to to configure application IP address in the file provider, if it can change when you recreated the container? This is not very maintainable.
Having said that, if that is the dashboard that you want to expose and nothing else that should not be a problem. Please post all your configs, logs, errors you are getting, etc.
You also say that you cannot understand the documentation, could you please specify what in particular do you find hard to understand, so that we could help you out.
If you want some examples, there are plenty here:
Note that there were some improvements in traefik since this blog post has been written.
Okay, I finally had time to spend a day hacking through this, and I figured out some of the issues and not others.
The reason I was having trouble with the dashboard is that for some reason, Traefik does not route correctly if you are on the same subnet. I have the server that I am trying to access through Traefik on my office subnet. This enables me to use the local network to access some of my docker containers that require this. For example, I access nextcloud locally on my network via an unencrypted connection due to limitations on my scanner. All of my docker containers are on a macvlan style network, and the ip's given are in a hole I have created in my DHCP's range, so there are no conflicts. This makes network discovery from apps running as docker containers work correctly. I am not sure if this is a Traefik limitation or if I need to change something in my router. But that is why I thought things were not working when I was following the documentation. As soon as i tried accessing from my phone, not connected to wifi, everything started working.
The use of label's files simplified my docker create commands, which is why I was trying to use a file as a provider instead of docker. So that question is solved.
I have trouble understanding your number one. May be draw a network diagram or something?
So uh, a few bullet points, I hope they are helpful.
If you want Let's Encrypt working automatically, LE needs to be able to hit your Traefik container from the internet to issue the cert.
Using MACVLAN is... troublesome to docker. Routing is really tough when it is "behind" docker, but also presented on "in front of" docker on the host level. The host that has the containers will unfortunately not be able to contact the containers on the MACVLAN network. This is a docker limitation, not a Traefik one.
I think you are in an "either-or" situation. Either you get network discovery for containers (via MACVLAN) or you get traefik routing to containers.
The first two bullet points are true, and I won't be surprised if the third is true too. (Not sure what the image means though).
I get what you are saying about MACVLAN being troublesome. I also know that the host has no visibility of the docker containers that are on the MACVLAN network. Here is the trouble.
- Device > Internet > Public IP > Router > Traefik > Docker works, and the certificates issue correctly.
- Device (on the same network as the server, but not the server) > Switch/router > Traefik > Docker doesn't work. It just times out. Yes, I am going to the domain not the local IP address of the traefik container.
I have tried this with both a Mikrotik and a Ubiquiti router and switch.
All of the containers, Traefik, and the containers being routed by traefik are on the same docker MACVLAN network
Okay, I think I may have answered my own question. I added a DNS entry on the local DNS server that points one of the domains to the Traefik container's local IP address. Now the domain resolves and the page loads. So I think this is a routing issue, not a Traefik one.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.