WoJ
January 24, 2020, 12:50pm
1
I currently access the V2 dashboard through http://traefik.my.server:8080/dashboard/
(Traefik runs in a docker container and 8080 is exposed to the host).
I would like to change that so that the dashboard is available at http://traefik.my.server/dashboard
I tried to add the following labels to configure this behavior but I get a 404
when accessing http://traefik.my.server/dashboard
- traefik.http.routers.dashboard.rule=Host(`traefik.my.server:`) && Path(`/dashboard`)
- traefik.http.services.dashboard.loadbalancer.server.port=8080
- traefik.http.routers.dashboard.entryPoints=http
(the http
entrypoint is port 80
)
What is the correct way to set up such redirection?
ldez
January 24, 2020, 1:35pm
2
Hello,
Recommend read:
FYI it's not redirection but a routing.
WoJ
January 24, 2020, 1:52pm
3
Thank you for the information @ldez . https://docs.traefik.io/v2.1/operations/dashboard/#secure-mode is a particularly good read.
I modified my configuration to read
- traefik.http.routers.api.rule=Host(`traefik.mydomain.org`)
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.middlewares=lan
- traefik.http.routers.api.entryPoints=http # I tested with and without this entry, not knowing if api@internal manages it itself
- traefik.http.middlewares.lan.ipwhitelist.sourcerange=192.168.10.0/24, 192.168.20.0/24
I also modified the configuration file with
api:
#insecure: true
dashboard: true
Accessing http://traefik.mydomain.org/dashboard/
(or http://traefik.mydomain.org/dashboard
or http://traefik.mydomain.org
just to make sure I go though all the variants) still yields a 404 page not found
ldez
January 24, 2020, 1:54pm
4
To get an accurate answer, you must provide all of your configurations, not just the parts.
WoJ
January 24, 2020, 2:01pm
5
Fair enough, sorry
The docker-compose
file:
services:
traefik:
container_name: traefik
image: traefik
ports:
- 80:80
- 443:443
restart: unless-stopped
volumes:
- /etc/docker/container-data/traefik:/etc/traefik
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
labels:
- traefik.http.routers.api.rule=Host(`traefik.mydomain.org`)
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.middlewares=lan
- traefik.http.middlewares.lan.ipwhitelist.sourcerange=192.168.10.0/24, 192.168.20.0/24
# also tried with an entryPoint
# - traefik.http.routers.api.entryPoints=http
version: "3"
Configuration file
global:
sendAnonymousUsage: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
api:
dashboard: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\" }}.mydomain.org`)"
log:
level: INFO
#level: DEBUG
certificatesResolvers:
le:
acme:
email: le@mydomain.org
storage: /etc/traefik/acme.json
tlsChallenge: {}
#caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
Thank you for your help so far!
ldez
January 24, 2020, 2:06pm
6
WoJ:
exposedByDefault: false
so you have to set traefik.enable=true
on your container.
version: "3"
services:
traefik:
container_name: traefik
image: traefik
ports:
- 80:80
- 443:443
restart: unless-stopped
volumes:
- /etc/docker/container-data/traefik:/etc/traefik
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
labels:
- traefik.enable=true
- traefik.http.routers.api.rule=Host(`traefik.mydomain.org`)
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.middlewares=lan
- traefik.http.middlewares.lan.ipwhitelist.sourcerange=192.168.10.0/24, 192.168.20.0/24
1 Like
WoJ
January 24, 2020, 2:09pm
7
Ahhh! I did not realize that Traefik itself needed to be enabled (for itself). It works perfectly - thank you very much.
WoJ
January 24, 2020, 2:18pm
8
I have also posted the working configuration at SO, follwing your hint (whcih I marked as the answer).
As a side question: since Traefik itself follows the rules of all services, why isn't there an entryPoint for it in the docker configuration?
shot
June 27, 2020, 1:46am
9
I'm trying to do exactly the same thing - i.e. hide/conceal the port number in the URL when visiting the dashboard at a subdomain. It is working as expected if I put the port number in the URL and configure the host as...
- "traefik.http.routers.api.rule=Host(`traefik.mydomain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
Here's my current docker YAML file...
version: "3.3"
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
- "--log.level=INFO"
- "--api.dashboard=true"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`traefik.mydomain.com`)"
- "traefik.http.routers.api.entrypoints=web"
- "traefik.http.routers.api.service=api@internal"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
With this configuration, visiting https://mydomain.com
(secure) works as expected and shows the "whoami" info, but visiting http://traefik.mydomain.com
(not secure) redirects to https://traefix.domain.com/dashboard
(secure), and I don't understand why. I don't want/need TLS for the dashboard right now, plus I don't understand why it's redirecting to the "dashboard" URL.
Any insights would be appreciated.
shot
June 27, 2020, 5:28pm
10
I got this to work via TLS. Here's my working config YAML...
version: "3.3"
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
- "--log.level=INFO"
- "--api.dashboard=true"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`traefik.mydomain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.api.entrypoints=web"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
- "traefik.http.routers.api.entrypoints=websecure"
- "traefik.http.routers.api.tls=true"
- "traefik.http.routers.api.tls.certresolver=myresolver"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
I don't know if this is the ideal configuration, but it does seem to work. I guess it's time to try a "real" Let's Encrypt certificate (instead of the staging one).