I'm attempting to convert my first v1 Labels over to v2 and running into some roadblocks. I'm also not able to successfully able to get LibreNMS working via the dynamic file.
Labels from service:
labels:
- "traefik.enable=true"
- "traefik.http.routers.guac.rule=guac.domain.net"
- "traefik.http.middlewares.guac.addprefix.prefix=/guacamole"
- "traefik.http.services.guac.loadbalancer.server.port=8085"
- "traefik.http.middelwares.guac.basicauth.users=user1:randomstring"
- "traefik.docker.network=proxy"
#dynamic_conf.toml
[http.middlewares]
[http.middlewares.https-redirect.redirectscheme]
scheme = "https"
[http.routers]
[http.routers.guac]
entryPoints = ["http", "https"]
rule = "Host(`guac.domain.net`)"
middleware = "guac"
service = "guac"
[http.routers.librenms]
rule = "Host('librenms.domain.net')"
middleware = ["auth"]
service = "librenms"
[http.services]
[http.services.librenms.loadbalancer.server]
url = "http://192.168.*.*:8080"
[http.middleware]
[http.middlewares.auth.basicAuth]
users = [
"user:randompass",
]
#traefik.toml
[log]
level = "ERROR"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.traefik]
address = ":8090"
[providers]
[providers.docker]
exposedByDefault = false
endpoint = "unix:///var/run/docker.sock"
[providers.file]
filename = "/dynamic_conf.toml"
[api]
dashboard = true
insecure = true
#debug = true
[certificatesResolvers.domain.acme]
email = "email@email"
storage = "acme.json"
[certificatesResolvers.domain.acme.httpChallenge]
entryPoint = "http"
ldez
September 18, 2019, 9:56pm
2
There is an error in the acme configuration:
[certificatesResolvers.domain.acme]
email = "email@email.com"
storage = "acme.json"
[certificatesResolvers.domain.acme.httpChallenge]
entryPoint = "web"
https://docs.traefik.io/v2.0/https/acme/
ldez
September 18, 2019, 9:59pm
3
there are also some errors in labels:
labels:
- "traefik.enable=true"
- "traefik.http.routers.guac.rule=Host(`guac.domain.net`)"
- "traefik.http.routers.guac.middlewares=auth,add"
- "traefik.http.services.guac.loadbalancer.server.port=8085"
- "traefik.http.middlewares.add.addprefix.prefix=/guacamole"
- "traefik.http.middelwares.auth.basicauth.users=user1:randomstring"
- "traefik.docker.network=proxy"
https://docs.traefik.io/v2.0/providers/docker/#middleware
ldez
September 18, 2019, 10:01pm
4
And typo in the file:
[http.routers]
[http.routers.guac]
entryPoints = ["http", "https"]
rule = "Host(`guac.domain.net`)"
middlewares = ["guac"]
service = "guac@docker"
[http.routers.librenms]
rule = "Host('librenms.domain.net')"
middlewares = ["auth"]
service = "librenms"
[http.services]
[http.services.librenms.loadbalancer.server]
url = "http://192.168.*.*:8080"
[http.middlewares]
[http.middlewares.auth.basicAuth]
users = [
"user:randompass",
]
[http.middlewares.https-redirect.redirectscheme]
scheme = "https"
Thank you for clarification on my configurations. The "guac" router now receives a cert as I added tls section, I also changed middleware to reflect " middleware = "auth,add"
However I still receive an error, it appears to me that the labels in the guac container are conflicting with the section below in the dynamic_conf.toml
time="2019-09-18T22:11:58Z" level=error msg="the service \"guac@file\" does not exist" entryPointName=https routerName=guac@file
time="2019-09-18T22:11:58Z" level=error msg="the service \"guac@file\" does not exist" entryPointName=http routerName=guac@file
#dynamic_conf.toml
[http.routers]
[http.routers.guac]
entryPoints = ["http", "https"]
rule = "Host(`guac.domain.net`)"
middleware = "auth,add"
service = "guac"
[http.routers.guac.tls]
certResolver = "basic"
ldez
September 18, 2019, 10:21pm
6
because the service guac
doesn't exist in the scope of the file.
you can:
create a service guac
in the file
use the provider namespace to reference a service created in Docker service = "guac@docker"
Also don't use the same rule on two routers.
ldez
September 18, 2019, 10:24pm
7
Please re-check my previous answers.
You have a typo in your router:
[http.routers]
[http.routers.guac]
entryPoints = ["http", "https"]
rule = "Host(`guac.domain.net`)"
middlewares = ["auth","add"]
service = "guac@docker"
[http.routers.guac.tls]
certResolver = "basic"
Apparently I missed it again, thanks.
Ok, based on some confusion on my part, I commented out everything related to guac in the dynamic_conf.toml file and am using labels only for the container.
I'm able to get the authentication screen now! However, after authenticating, it says Bad Gateway.
The logs show:
level=error msg="the router guac uses a non-existent resolver: basic"
And here are the updated labels:
labels:
- "traefik.enable=true"
- "traefik.http.routers.guac.rule=Host(`guac.domain.net`)"
- "traefik.http.routers.guac.middlewares=auth,add"
- "traefik.http.routers.guac.service=guac@docker"
- "traefik.http.routers.guac.tls.certresolver=basic"
- "traefik.http.services.guac.loadbalancer.server.port=8085"
- "traefik.http.middlewares.add.addprefix.prefix=/guacamole"
- "traefik.http.middlewares.auth.basicauth.users=user:randompass"
- "traefik.docker.network=proxy"
ldez
September 18, 2019, 10:50pm
9
From your previous configuration:
[certificatesResolvers.domain.acme]
so the certs resolver name is domain
It actually contains my domain, same one as listed in:
Host(`guac.domain.net`)"
ldez
September 18, 2019, 10:54pm
11
the cert resolver in the static configuration is not related to a domain:
[certificatesResolvers.myresolver.acme]
email = "email@email.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.httpChallenge]
entryPoint = "web"
labels:
- "traefik.enable=true"
- "traefik.http.routers.guac.rule=Host(`guac.domain.net`)"
- "traefik.http.routers.guac.middlewares=auth,add"
- "traefik.http.routers.guac.service=guac@docker"
- "traefik.http.routers.guac.tls.certresolver=myresolver"
- "traefik.http.services.guac.loadbalancer.server.port=8085"
- "traefik.http.middlewares.add.addprefix.prefix=/guacamole"
- "traefik.http.middlewares.auth.basicauth.users=user:randompass"
- "traefik.docker.network=proxy"
Gotcha. Updated. Unfortunately still am receiving "Bad Gateway". I commented out the prefix to test if that was causing the issue, but still the same result. Log Files are not showing an error and the serivce is accessible locally by IP