Help with getting sftpgo to work with traefik

Traefik Traefik v3 (latest)
1

i have followed

to get sftpgo to work with traefik but cant seem to be able to do it. follwing is my docker compose and what i have tried so far. thank u in advance

  sftpgo:
    #image: drakkan/sftpgo:v2-alpine
    image: ghcr.io/drakkan/sftpgo:edge-plugins
    container_name: sftpgo
    restart: unless-stopped
    user: 1000:1000    
    ports:
      - '8084:8080'
      # - '2022:2022' #sftp
      # - '2121:2121' #ftp
      - '50000-50100:50000-50100'
      - '10080:10080' #webdav
    environment:
      PUID: $PUID
      PGID: $PGID
      TZ: $TIME_ZONE    
      SFTPGO_FTPD__BINDINGS__0__PORT: 2121
      SFTPGO_SFTPD__BINDINGS__0__PORT: 2022
      SFTPGO_WEBDAVD__BINDINGS__0__PORT: 10080            
      SFTPGO_COMMON__PROXY_PROTOCOL: 2      
      SFTPGO_FTPD__BINDINGS__0__FORCE_PASSIVE_IP: xxx
      SFTPGO_DATA_PROVIDER__DRIVER: mysql
      SFTPGO_DATA_PROVIDER__NAME: sftpgo
      SFTPGO_DATA_PROVIDER__HOST: sftpgo_mysql
      SFTPGO_DATA_PROVIDER__PORT: 3306
      SFTPGO_DATA_PROVIDER__USERNAME: sftpgo # please change
      SFTPGO_DATA_PROVIDER__PASSWORD: xxx # please change
      SFTPGO_COMMON__DEFENDER__ENABLED: true
      SFTPGO_COMMON__DEFENDER__BAN_TIME: 15
      SFTPGO_COMMON__DEFENDER__BAN_TIME_INCREMENT: 100
      SFTPGO_COMMON__DEFENDER__THRESHOLD: 5
      SFTPGO_COMMON__DEFENDER__OBSERVATION_TIME: 15      
    volumes:
      - $PERSIST/sftpgo/config:/srv/sftpgo
      - $PERSIST/sftpgo/home:/srv/sftpgo/data
      - $PERSIST/sftpgo/backups:/srv/sftpgo/backups
      - /data:/data
    labels:
      - "traefik.enable=true"
      # - "traefik.http.routers.sftpgo.entrypoints=http"
      # - "traefik.http.routers.sftpgo.rule=Host(`xxx`)"
      # - "traefik.http.middlewares.sftpgo-https-redirect.redirectscheme.scheme=https"
      # - "traefik.http.routers.sftpgo.middlewares=sftpgo-https-redirect"
      # - "traefik.http.routers.sftpgo-secure.entrypoints=https"
      # - "traefik.http.routers.sftpgo-secure.rule=Host(`xxx`)"
      # - "traefik.http.routers.sftpgo-secure.tls=true"
      # - "traefik.http.routers.sftpgo-secure.service=sftpgo"
      # - "traefik.http.services.sftpgo.loadbalancer.server.port=8080"

      # - "traefik.tcp.routers.sftp.rule=Host(`xxx`)"
      # - "traefik.tcp.routers.sftp-secure.entrypoints=sftp"
      # - "traefik.tcp.routers.sftp-secure.service=sftp"
      # - "traefik.tcp.services.sftp.loadbalancer.server.port=2022"
      # - "traefik.tcp.services.sftp-service.loadbalancer.proxyprotocol.version=2"

      # - "traefik.tcp.routers.ftp.rule=Host(`xxx`)"
      # - "traefik.tcp.routers.ftp-secure.entrypoints=ftp"
      # - "traefik.tcp.routers.ftp-secure.service=ftp"
      # - "traefik.tcp.services.ftp.loadbalancer.server.port=2121"
      # - "traefik.tcp.services.ftp-service.loadbalancer.proxyprotocol.version=2"

      - "traefik.http.routers.sftpgo.entrypoints=http"
      - "traefik.http.routers.sftpgo.rule=Host(`xxx`)"
      - "traefik.http.middlewares.sftpgo-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.sftpgo.middlewares=sftpgo-https-redirect"
      - "traefik.http.routers.sftpgo-secure.entrypoints=https"
      - "traefik.http.routers.sftpgo-secure.rule=Host(`xxx`)"
      - "traefik.http.routers.sftpgo-secure.tls=true"
      - "traefik.http.routers.sftpgo-secure.service=sftpgo"
      - "traefik.http.services.sftpgo.loadbalancer.server.port=8080"
      - "traefik.tcp.routers.sftpgo-sftp.entrypoints=sftp"
      - "traefik.tcp.routers.sftpgo-sftp.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.sftpgo-sftp.service=sftpgo-sftp"
      - "traefik.tcp.services.sftpgo-sftp.loadBalancer.server.port=2022"
      - "traefik.tcp.services.sftpgo-sftp.loadbalancer.proxyprotocol.version=2"
      - "traefik.tcp.routers.sftpgo-ftp.entrypoints=ftp"
      - "traefik.tcp.routers.sftpgo-ftp.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.sftpgo-ftp.service=sftpgo-ftp"
      - "traefik.tcp.services.sftpgo-ftp.loadBalancer.server.port=2121"  
      - "traefik.tcp.services.sftpgo-ftp.loadbalancer.proxyprotocol.version=2"
    
    expose:
      - 2022
      - 2121
    #   - 8084
2

What do you want to achieve? Use a few ports with Traefik and other SFTP ports directly with the SFTP container?

Share your full Traefik static and dynamic config, and docker-compose.yml if used.

3

thank you for getting back to me. yes i want to have access to ui, ftp and sftp either using one domain entry xxx.xxx.xx or different ones like sftpgoui.xxx.xx, ftp.xxx.xx, etc.
here is my traefik.yml

api:
  dashboard: true
  debug: true
entryPoints:
  sftp:
    address: ":2022"
  ftp:
    address: ":2121"
  mcjava-tcp:
    address: ":25565"
  mcjava-udp:
    address: ":25565/udp"
  mcbedrock-tcp:
    address: ":19132"
  mcbedrock-udp:
    address: ":19132/udp"
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: xxx
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

and here is my traefik container:

  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    # networks:
    #   - proxy
    ports:
      - 80:80
      - 443:443
      - 2022:2022
      - 2121:2121      
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TIME_ZONE    
      - CF_API_EMAIL=xxx
      - CF_DNS_API_TOKEN=xxx
      # - CF_API_KEY=YOUR_API_KEY
      # be sure to use the correct one depending on if you are using a token or key
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $PERSIST/traefik/traefik.yml:/traefik.yml:ro
      - $PERSIST/traefik/acme.json:/acme.json
      - $PERSIST/traefik/config.yml:/config.yml:ro
      #- $PERSIST/traefik/traefik-logs:/var/log/traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.xxx.top`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=aniel:xxx"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.xxx.top`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=xxx.top"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.xxx.top"
      - "traefik.http.routers.traefik-secure.service=api@internal"

thank u in advance