Help with getting new labels configured correctly (unsupported *ast.SelectorExpr)

alarmsail · September 18, 2019, 9:41pm

I'm attempting to convert my first v1 Labels over to v2 and running into some roadblocks. I'm also not able to successfully able to get LibreNMS working via the dynamic file.
Labels from service:

labels:
     - "traefik.enable=true"
     - "traefik.http.routers.guac.rule=guac.domain.net"
     - "traefik.http.middlewares.guac.addprefix.prefix=/guacamole"
     - "traefik.http.services.guac.loadbalancer.server.port=8085"
     - "traefik.http.middelwares.guac.basicauth.users=user1:randomstring"
     - "traefik.docker.network=proxy"

#dynamic_conf.toml

[http.middlewares]
 [http.middlewares.https-redirect.redirectscheme]
  scheme = "https"

[http.routers]
 [http.routers.guac]
  entryPoints = ["http", "https"]
  rule = "Host(`guac.domain.net`)"
  middleware = "guac"
  service = "guac"

 [http.routers.librenms]
  rule = "Host('librenms.domain.net')"
  middleware = ["auth"]
  service = "librenms"

[http.services]
 [http.services.librenms.loadbalancer.server]
  url = "http://192.168.*.*:8080"

[http.middleware]
 [http.middlewares.auth.basicAuth]
  users = [
   "user:randompass",
   ]

#traefik.toml

[log]
 level = "ERROR"

[entryPoints]
  [entryPoints.http]
   address = ":80"

 [entryPoints.https]
  address = ":443"

 [entryPoints.traefik]
  address = ":8090"

[providers]
 [providers.docker]
  exposedByDefault = false
  endpoint = "unix:///var/run/docker.sock"

 [providers.file]
  filename = "/dynamic_conf.toml"

[api]
dashboard = true
insecure = true
#debug = true

[certificatesResolvers.domain.acme]
 email = "email@email"
 storage = "acme.json"
 [certificatesResolvers.domain.acme.httpChallenge]
  entryPoint = "http"

ldez · September 18, 2019, 9:56pm

There is an error in the acme configuration:

[certificatesResolvers.domain.acme]
 email = "email@email.com"
 storage = "acme.json"
 [certificatesResolvers.domain.acme.httpChallenge]
  entryPoint = "web"

https://docs.traefik.io/v2.0/https/acme/

ldez · September 18, 2019, 9:59pm

there are also some errors in labels:

labels:
     - "traefik.enable=true"
     - "traefik.http.routers.guac.rule=Host(`guac.domain.net`)"
     - "traefik.http.routers.guac.middlewares=auth,add"
     - "traefik.http.services.guac.loadbalancer.server.port=8085"
     - "traefik.http.middlewares.add.addprefix.prefix=/guacamole"
     - "traefik.http.middelwares.auth.basicauth.users=user1:randomstring"
     - "traefik.docker.network=proxy"

https://docs.traefik.io/v2.0/providers/docker/#middleware

ldez · September 18, 2019, 10:01pm

And typo in the file:


[http.routers]
 [http.routers.guac]
  entryPoints = ["http", "https"]
  rule = "Host(`guac.domain.net`)"
  middlewares = ["guac"]
  service = "guac@docker"

 [http.routers.librenms]
  rule = "Host('librenms.domain.net')"
  middlewares = ["auth"]
  service = "librenms"

[http.services]
 [http.services.librenms.loadbalancer.server]
  url = "http://192.168.*.*:8080"

[http.middlewares]
 [http.middlewares.auth.basicAuth]
  users = [
   "user:randompass",
   ]

 [http.middlewares.https-redirect.redirectscheme]
  scheme = "https"

alarmsail · September 18, 2019, 10:18pm

Thank you for clarification on my configurations. The "guac" router now receives a cert as I added tls section, I also changed middleware to reflect " middleware = "auth,add"
However I still receive an error, it appears to me that the labels in the guac container are conflicting with the section below in the dynamic_conf.toml

time="2019-09-18T22:11:58Z" level=error msg="the service \"guac@file\" does not exist" entryPointName=https routerName=guac@file
time="2019-09-18T22:11:58Z" level=error msg="the service \"guac@file\" does not exist" entryPointName=http routerName=guac@file

#dynamic_conf.toml

[http.routers]
 [http.routers.guac]
  entryPoints = ["http", "https"]
  rule = "Host(`guac.domain.net`)"
  middleware = "auth,add"
  service = "guac"
   [http.routers.guac.tls]
    certResolver = "basic"

ldez · September 18, 2019, 10:21pm

because the service guac doesn't exist in the scope of the file.

you can:

create a service guac in the file
use the provider namespace to reference a service created in Docker service = "guac@docker"

Also don't use the same rule on two routers.

ldez · September 18, 2019, 10:24pm

Please re-check my previous answers.

You have a typo in your router:

[http.routers]
 [http.routers.guac]
  entryPoints = ["http", "https"]
  rule = "Host(`guac.domain.net`)"
  middlewares = ["auth","add"]
  service = "guac@docker"
   [http.routers.guac.tls]
    certResolver = "basic"

alarmsail · September 18, 2019, 10:48pm

Apparently I missed it again, thanks.

Ok, based on some confusion on my part, I commented out everything related to guac in the dynamic_conf.toml file and am using labels only for the container.
I'm able to get the authentication screen now! However, after authenticating, it says Bad Gateway.
The logs show:

level=error msg="the router guac uses a non-existent resolver: basic"

And here are the updated labels:

labels:
     - "traefik.enable=true"
     - "traefik.http.routers.guac.rule=Host(`guac.domain.net`)"
     - "traefik.http.routers.guac.middlewares=auth,add"
     - "traefik.http.routers.guac.service=guac@docker"
     - "traefik.http.routers.guac.tls.certresolver=basic"
     - "traefik.http.services.guac.loadbalancer.server.port=8085"
     - "traefik.http.middlewares.add.addprefix.prefix=/guacamole"
     - "traefik.http.middlewares.auth.basicauth.users=user:randompass"
     - "traefik.docker.network=proxy"

ldez · September 18, 2019, 10:50pm

From your previous configuration:

[certificatesResolvers.domain.acme]

so the certs resolver name is domain

alarmsail · September 18, 2019, 10:52pm

It actually contains my domain, same one as listed in:

Host(`guac.domain.net`)"

ldez · September 18, 2019, 10:54pm

the cert resolver in the static configuration is not related to a domain:

[certificatesResolvers.myresolver.acme]
 email = "email@email.com"
 storage = "acme.json"
 [certificatesResolvers.myresolver.acme.httpChallenge]
  entryPoint = "web"

labels:
     - "traefik.enable=true"
     - "traefik.http.routers.guac.rule=Host(`guac.domain.net`)"
     - "traefik.http.routers.guac.middlewares=auth,add"
     - "traefik.http.routers.guac.service=guac@docker"
     - "traefik.http.routers.guac.tls.certresolver=myresolver"
     - "traefik.http.services.guac.loadbalancer.server.port=8085"
     - "traefik.http.middlewares.add.addprefix.prefix=/guacamole"
     - "traefik.http.middlewares.auth.basicauth.users=user:randompass"
     - "traefik.docker.network=proxy"

alarmsail · September 18, 2019, 11:06pm

Gotcha. Updated. Unfortunately still am receiving "Bad Gateway". I commented out the prefix to test if that was causing the issue, but still the same result. Log Files are not showing an error and the serivce is accessible locally by IP

Topic		Replies	Views
Label alternative Traefik v2 (latest) docker	6	731	March 24, 2021
Need some "macro expansion" in my docker-compose labels Traefik v2 (latest) docker	2	328	April 23, 2023
addPrefix label is ignored Traefik v2 (latest) docker , middleware	2	2502	March 19, 2020
Docker dynamic labels when not using swarm Traefik v2 (latest) docker	4	1379	February 21, 2020
Prefix / sub folder addition works, but page still doesn't load, works without adding prefix Traefik v2 (latest) docker	5	764	March 18, 2021

Help with getting new labels configured correctly (unsupported *ast.SelectorExpr)

Related Topics