Well, my goal is this:
When user access home.mydomain.tld or any subdomain from that, like *.home.mydomain.tld, it will go through the CF Tunnel that is pointing to my Traefik container.
Traefik will then redirect the user to the container with the proper rule, for example:
User access home.mydomain.tld, Traefik redirects to Portainer container, then the Portainer webpage appears.
User access whoami.home.mydomain.tld, Traefik redirects to Whoami container, showing the OS and request details as shown in Traefik docs.
User access vw.home.mydomain.tld, Traefik redirects to the Vaultwarden container, so if it is on browser, it shows VW dashboard, if it is from the Bitwarden app, it uses that VW server.
Basically the CF Tunnel is used only to redirect to Traefik, then this Traefik container will do all the redirects and balancing.
My issue is that nothing is working.
I created a network using docker create network traefik.
These are my docker compose files:
# Traefik + CF Tunnel docker-compose.yml
networks:
traefik:
external: true
services:
traefik:
container_name: traefik
image: traefik:3.2
restart: unless-stopped
command:
- --api.insecure=false
- --api.dashboard=true
- --log.level=INFO
- --accesslog=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entryPoints.web.address=:80
ports:
- 8000:80
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- traefik
cloudflare_tunnel:
container_name: cloudflare_tunnel
image: cloudflare/cloudflared:1643-c59d56c65502
restart: unless-stopped
command: tunnel --no-autoupdate run
environment:
- TUNNEL_TOKEN=${CF_TUNNEL_TOKEN}
networks:
- traefik
And this:
# Whoami + Vaultwarden docker-compose.yml
networks:
traefik:
external: true
services:
whoami:
container_name: whoami
image: traefik/whoami:v1.10
labels:
- traefik.enable=true
- traefik.http.routers.whoami.rule=Host(`whoami.home.mydomain.tld`)
- traefik.http.routers.whoami.entrypoints=web
networks:
- traefik
vaultwarden:
container_name: vaultwarden
image: vaultwarden/server:1.32.5-alpine
restart: unless-stopped
ports:
- ${VW_WEB_PORT}:80
labels:
- traefik.enable=true
- traefik.http.routers.vw.rule=Host(`vw.home.mydomain.tld`)
- traefik.http.routers.vw.entrypoints=web
volumes:
- ./vw-data/:/data/
networks:
- traefik
I labeled the containers as I should, and for now, I am not worried about protecting the traffic between Traefik and the other containers with HTTPS, so not using websecure, TLS and other label stuffs.
On CF Tunnel config, I tried setting these options:
home.mydomain.tld -> http://traefik
This was creating the DNS record, but did not work.
Then I tried with:
*.home.mydomain.tld -> http://traefik
This did not create any DNS record as pointed by CF warning, so I headed to the DNS records form to add it manually and created aCNAME * -> <cf-tunnel-id>.cfargotunnel.com.
For both options, I waited a few minutes, but when I tried to access any of those options, being home.mydomain.tld, whoami.home.mydomain.tld or vw.mydomain.tld, these were the results:
On both CF Tunnel configs, I got Safari can't find the server for two subdomains whoami.home and vw.home, but for home.mydomain.tld, I got 404 page not found, and this is the Traefik log:
172.19.0.5 - - [11/Dec/2024:18:18:43 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 1 "-" "-" 0ms
I thought this last should at least redirect to the Traefik dashboard... And why isn't my rules working so that whoami and vw are reachable? What is wrong with my setup?
EDIT: I am ignoring the fact of using ports 8000 and 8080 for Traefik, since CF Tunnel container can directly access the Traefik container by using its service name because they are on the same docker network. Also, I have no idea where to put the port 8080 to then access the dashboard if that's what's missing to access that.