How to redirect "parent" portainer?

Traefik Traefik v2 (latest)
1

Hi,

I've a docker environment that I manage with Portainer.
I've created a docker-compose file with all my home service and I do update them in a portainer stack.

This stack contains a traefik proxy for all my services. I'm just wondering if there is a possibility to add an entry for the portainer instance, which was not declared in my docker-compose file(since the docker-compose file is deployed with portainer itself).

Here is the traefik part of my docker-compose:

services:

  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
      - "--certificatesresolvers.myresolver.acme.email=AA@BB.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    environment:
      - "OVH_ENDPOINT=ovh-eu"
      - "OVH_APPLICATION_KEY=AAA"
      - "OVH_APPLICATION_SECRET=BBB"
      - "OVH_CONSUMER_KEY=CCC"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik.AAA.BBB`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
2

With a dynamic config you can define a router and a service, need to use provider.file to load the dynamic config file.

Sadly it is not possible to declare a loadbalancer with labels, like some other config items that are not possible through Docker labels.

Not sure why Traefik does not use a modular system and simply enable all settings on all providers. For that we need to ask @traefik_maintainers :slight_smile: @ldez

3

We use a modular system but we apply some restrictions on it.

4

I'm not sure to understand, does that mean that what I'm asking is not possible? Or just that I need to combine the label with a provider file?

I'm not sure what a "Dynamic config" is?

5

You should read the Traefik documentation, as static and dynamic config is very important to understand, you need to know which piece of config goes where, otherwise it does not work. Traefik is not plug and play.

In your static config (entrypoints, providers) you need to add a provider.file to load the dynamic config (which is usually done with labels), that looks roughly like this:

# traefik-dynamic.yml
http:
  routers:
    myPortainer:
      rule: "Host(`portainer.example.com`)"
      service: myPortainer
  services:
    myPortainer:
      loadBalancer:
        servers:
          - url: http://<DockerServiceName>
10

Thanks, I started to read.

Just for my understanding, can I mix the things I've in my docker file and what will be inside this provider file? As this is only interesting for a few elements for me compared to all the docker images.

How do you refers things from one to the other? Like will I to refer multiple time the SSL resolver?

11

Static config:

  • entrypoints, certresolver, etc
  • use traefik.yml file or place config in docker-compose.yml in command section
  • note you can't mix both, only use command: --configFile=/path/to/traefik.yml

Dynamic config:

  • router, service, etc.
  • use labels with your containers
  • some config can only be done with file, like loadbalancer

You can simply add to your command and mount the file into your Traefik container:

--providers.file.filename=/path/to/traefic-dynamic.yml

You can add the certresolver globally for all routers in static/command:

--entrypoints.websecure.http.tls.certResolver=myresolver

Alternatively you could "hack" your Portainer service and just attach the required labels to it :slight_smile: Use docker service update with --label-add, see docs.

Question: how did you create portainer in the first place? With a docker-compose.yml? Just add the labels and re-do it.

12

It's a pity that you cannot mix the label and the traefik.yml, but ok.
You have good point to add things globally, I love that, I will update my process.

My portainer was installed directly with the docker image, not docker compose, so I was tempted by the docker service approach, but it seems this is only for container on a swarm, I didn't find the --label-add on the docker update command.

Maybe I will re-start portainer with a docker-compose file, and that would do it? Even if traefik is not in the same docker-compose?

13

Yes, you can use different compose files.

Best practice is to use a Docker network and attach all services to it. That can happen over multiple files.

14

Ok. And just for my understanding, is it possible to use the traefik.yml for the configuration(which is static configuration) and still use the tags on the docker images?

15

YES!

Static is traefik.yml and command in docker-compose. Pick one!

Dynamic is via provider, for example file or docker (using labels). Here you can use both.