I'm struggling to get traefik to deploy via swarm.
My server configuration consists of 6 nodes (all manager nodes in swarm). Each has a mount point for my NAS where I'm storing the config files for all my docker containers, and the mount point is added in /etc/fstab.
When running docker stack deploy -c compose-file.yml traefik from a single node, it works, but treats it as a single node deployment. However, when trying to deploy is as global, it never seems to work. It will attempt to spin up the services, but they all get rejected without any logs (per portainer gui).
Here is my compose file:
version: '3.5'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
proxy:
ports:
- "80:80"
- "443:443"
- "8096:8096"
- "8920:8920"
- "2283:2283"
- "3001:3001"
environment:
- CF_API_EMAIL=email
- CF_DNS_API_TOKEN=<token>
- CF_API_KEY=
- LEGO_DISABLE_CNAME_SUPPORT=true
- CLOUDFLARE_POLLING_INTERVAL=30
- CLOUDFLARE_PROPOGATION_TIMEOUT=300
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /mnt/DockerSwarm/traefik/traefik.yml:/traefik.yml:ro
- /mnt/DockerSwarm/traefik/acme.json:/acme.json
- /mnt/DockerSwarm/traefik/config.yml:/config.yml:ro
- /logs:/var/log/traefik
deploy:
mode: global
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`dashboard.domain.net`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:password"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.services.traefik.loadbalancer.server.port=80"
- "traefik.http.services.traefik.loadbalancer.server.port=443"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`dashboard.domain.net`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[1].main= domain.net"
- "traefik.http.routers.traefik-secure.tls.domains[1].sans=*.domain.net"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
proxy:
external: true
And here is my traefik.yml:
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
jellyfin:
address: ":8096"
immich:
address: ":2283"
services:
jellyfin:
loadbalancer:
server:
ports:
- "8096:8096"
- "8920:8920"
labels:
- "traefik.http.routers.jellyfin.rule=Host(jellyfin.domain.net)"
- "traefik.http.routers.jellyfin.entrypoints=https"
- "traefik.http.routers.jellyfin.tls.certresolver=cloudflare"
immich:
loadbalancer:
server:
ports:
- "2283:2283"
labels:
- "traefik.http.routers.immich.rule=Host(immich.domain.net)"
- "traefik.http.routers.immich.entrypoints=https"
- "traefik.http.routers.immich.tls.certresolver=cloudflare"
routers:
jellyfin:
rule: "Host('jellyfin.domain.net')"
entrypoints:
- http
service: jellyfin
tls:
certresolver: cloudflare
immich:
rule: "Host(immich.domain.net)"
entrypoints:
-http
service: immich
tls:
certresolver: cloudflare
serversTransport:
insecureSkipVerify: true
providers:
swarm:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /mnt/DockerSwarm/traefik/config.yml
certificatesResolvers:
cloudflare:
acme:
email: email #add your email
storage: /mnt/DockerSwarm/traefik/acme.json
dnsChallenge:
provider: cloudflare
disablePropagationCheck: true # uncomment this if you have issues pulling c>
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"