Help with Traefik Configuration in Docker Swarm

Traefik Traefik v3 (latest)
1

Hello,

I've been working on setting up Traefik as a reverse proxy in a Docker Swarm environment but am encountering several issues that I can't seem to resolve. My main problem is that traffic isn't being redirected to my whoami service, and depending on the configurations I try, I sometimes receive errors stating that ports are not found for either Traefik or whoami.

I'm including my docker-compose.yml and Traefik configuration files below. I would greatly appreciate it if someone could review my configuration and point out what I might be doing wrong or suggest how I can get this setup working correctly.

docker-compose

version: "3"
services:
  traefik:
    networks:
      - booker
    image: "traefik:v3.0"
    command:
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--providers.docker.exposedbydefault=false"
      - "--log.level=DEBUG"
      - "--accesslog=true"
      - "--api.debug=true"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/etc/traefik/traefik.yml:/etc/traefik/traefik.yml"
      - /etc/traefik/dyno/:/dynconf
      - "/etc/traefik/certs/cert.crt:/cert.crt"
      - "/etc/traefik/private/p.key:/p.key"
        #deploy:
      # labels:
        #- "traefik.docker.network=booker"
        #- "traefik.http.services.traefik.loadbalancer.server.port=8080"

  whoami:
    networks:
      - booker
    image: "traefik/whoami"
    ports:
      - "8080:80"
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoami.rule=Host(`helpme.ws`)"
        - "traefik.http.services.whoami.loadbalancer.server.port=:80"
        - "traefik.http.routers.whoami.entrypoints=websecure"
          #- traefik.http.middlewares.mywwwredirect.redirectregex.regex=^https://www\.(.*)
          #- traefik.http.middlewares.mywwwredirect.redirectregex.replacement=https://$${1}
          #- traefik.http.routers.mywhoami.middlewares=mywwwredirect

networks:
  booker:
    external: true

traefik.yml

log:
  level: debug
    
providers:
  swarm: {}
    #endpoint: "tcp://127.0.0.1:2377"
  file:
    directory: /dynconf
    watch: true

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: ":443"

dyn1.yml

tls:
  certificates:
    - certFile: "/cert.crt"
      keyFile: "/p.key"
      stores:
        - default
2

You can’t use static config in traefik.yml and command:, decide for one (doc).

Enable TLS on websecure entrypoint with .http.tls: {} (doc) to use the TLS certs from dynamic config file.

When using Swarm provider with Traefik you need to declare the internal port used in labels (doc).

When using docker stack depoy, you should tell in compose file how many replicas to deploy, or use mode: global for on instance on every node.

Compare to simple Traefik Swarm example (v2). Note that in Traefik v3 the Docker Swarm provider got its own name.

3

Hello bluepuma77,

Thank you for your response and the suggestions provided. I've opted to use a configuration file for Traefik settings. As for the internal port declaration, it's already specified in my docker-compose.yml file, and TLS has been properly enabled and is functioning as expected. I also have the replicas defined in my configuration. Despite these settings, traffic still doesn't seem to reach my whoami service. I'm attaching my updated configuration files below for further insight. Any thoughts on what might still be going wrong?

Updated docker-compose.yml:

version: "3"
services:
  traefik:
    networks:
      - booker
    image: "traefik:v3.0"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/etc/traefik/traefik.yml:/etc/traefik/traefik.yml"
      - /etc/traefik/dyno/:/dynconf
      - "/etc/traefik/certs/helpme_ws.crt:/helpme_ws.crt"
      - "/etc/traefik/private/helpme_ws.key:/helpme_ws.key"
    deploy:
      replicas: 1

  whoami:
    networks:
      - booker
    image: "traefik/whoami:v1.10"
    deploy:
      replicas: 1
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoami.rule=Host(`helpme.ws`) || PathPrefix(`/whoami`)"
        - "traefik.http.services.whoami.loadbalancer.server.port=80"

networks:
  booker:
    external: true

Updated traefik.yml:

log:
  level: debug

accessLog: {}
    
providers:
  swarm:
    network: booker
    exposedByDefault: false
    #endpoint: "tcp://127.0.0.1:2377"
  file:
    directory: /dynconf
    watch: true

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: ":443"
4

I don’t see TLS enabled on entrypoint websecure or on whoami labels.

Note that Traefik must run on a Docker Swarm manager node for correct configuration discovery.

Enable Traefik debug log, access log and Traefik dashboard to gain further insights.

Can Traefik read Docker socket, does it recognize whoami service, can Traefik route to it?