How can I get Traefik to listen and route on just the domain name?

Traefik Traefik v2 (latest)
1

Hi!

Im trying to follow along this tutorial: https://www.smarthomebeginner.com/traefik-2-docker-tutorial/ as probably many others. But I don't have the need of setting up a cloudflare account, or deal with certs - im just planning to run this inside my local network. I add all domains to the DNS option in my PiHole.

The above mentioned tutorial uses cloudflare, and I have tried to remove it with a lot of other containers. But one thing that I do want is to have Heimdall or another "front-page" container on the top level domain. In my docker-compose.yml file below, I use $DOMAINNAME set in /etc/envirionment (it is example.local).

But I cannot figure out why heimdall.$DOMAINNAME works but not just $DOMAINNAME. Either way traefik.$DOMAINNAME seems to work.

What im a doing wrong?

version: "3.5"

networks:
  t2_proxy:
    name: t2_proxy
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.1.0/24
  default:
    driver: bridge

# Common environment values
x-environment: &default-tz-puid-pgid
  TZ: $TZ
  PUID: $PUID
  PGID: $PGID

# Proxy Network and Security
x-network-and-security: &network-and-security
  networks:
    - t2_proxy
  security_opt:
    - no-new-privileges:true

# Keys common to some of the services in basic-services.txt
x-common-keys-core: &common-keys-core
  <<: *network-and-security
  restart: always
  # profiles:
  # - basic

# Keys common to some of the dependent services/apps
x-common-keys-apps: &common-keys-apps
  <<: *network-and-security
  restart: unless-stopped
  # profiles:
  # - apps

# Keys common to some of the services in media-services.txt
x-common-keys-media: &common-keys-media
  <<: *network-and-security
  restart: "no"
  # profiles:
  # - media

services:

  traefik:
    <<: *common-keys-core # See EXTENSION FIELDS at the top
    image: "traefik:v2.6"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      # - "--entryPoints.traefik.address=:8080"
      - "--global.checkNewVersion=true"
      - "--global.sendAnonymousUsage=false"
      - "--providers.docker.exposedByDefault=false"
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 8080
        published: 8080
        protocol: tcp
        mode: host
    labels:
      # HTTP Routers
      - "traefik.enable=true"
      - "traefik.http.routers.traefik-rtr.entrypoints=web"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
      ## Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"
      - "traefik.http.services.traefik-svc.loadbalancer.server.port=8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  whoami:
    <<: *common-keys-core # See EXTENSION FIELDS at the top
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.$DOMAINNAME`)"
      - "traefik.http.routers.whoami.entrypoints=web"

  # Portainer - WebUI for Containers
  portainer:
    <<: *common-keys-core # See EXTENSION FIELDS at the top
    container_name: portainer
    image: portainer/portainer-ce:latest
    # command: -H unix:///var/run/docker.sock # # Use Docker Socket Proxy instead for improved security
    # command: -H tcp://socket-proxy:2375
    volumes:
      # - /var/run/docker.sock:/var/run/docker.sock:ro # # Use Docker Socket Proxy instead for improved security
      - $USERDIR/docker/portainer/data:/data
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TZ=$TZ
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.portainer-rtr.entrypoints=web"
      - "traefik.http.routers.portainer-rtr.rule=Host(`portainer.$DOMAINNAME`)"
      ## HTTP Services
      - "traefik.http.routers.portainer-rtr.service=portainer-svc"
      - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"

  # Heimdall - Application Dashboard
  heimdall:
    <<: *common-keys-core # See EXTENSION FIELDS at the top
    image: lscr.io/linuxserver/heimdall
    container_name: heimdall
    # ports:
    #  - "3000:80"
    volumes:
      - $USERDIR/docker/heimdall:/config
    environment:
      <<: *default-tz-puid-pgid
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.heimdall-rtr.entrypoints=web"
      - "traefik.http.routers.heimdall-rtr.rule=Host(`heimdall.$DOMAINNAME`)"
      ## HTTP Services
      - "traefik.http.routers.heimdall-rtr.service=heimdall-svc"
      - "traefik.http.services.heimdall-svc.loadbalancer.server.port=80"

If you are kind enough to evaluate my main question, please feel free to address any security concerns.

2

Hello @Frontend,

I've tried to reproduce your use case, and I can have whoami running on both whoami.localhost and localhost.

--api.insecure=true is insecure :smiley:

1 Like
3

I suggest running docker-compose config and make sure all the env vars are being set as expected.

1 Like
4

Thanks for your reply

I also tried to set "whoami" as just $DOMAINNAME, but still the same result as with Heimdall. I cannot reach it...

From what I have understod, "--api.insecure=true" is okey to use when using Traefik in local environment? :smile: Correct me if im wrong

5

Thanks for your reply.

It seems that all variables are returning the correct values in the configuration.