I have a domain on Ionos and a VPS running Ubuntu 22.04 and Docker engine v26 on Hetzner cloud.
The Firewall has the following ports open: ssh, 80, 443, 8181 and ICMP
I am using two servers: manager and worker.
When I deploy Traefik using ports "mode: host", it works, if I use "mode: ingress", I cannot access the dashboard.
When I deploy Traefik using docker-compose, it works, if I use swarm, I cannot access the catapp service, that is deployed in the worker node.
What is the correct configuration in this case? I am trouble since many days.
I am initializing the swarm cluster using the following configuration:
docker swarm init --advertise-addr enp7s0 --task-history-limit=2 --default-addr-pool 172.16.136.0/16
where enp7s0 is another ethernet interface (10.0.0.0/8) created by Hetzner used by all VPS members of the swarm cluster. Only the manager is exposed to the Internet. All other VPS shall use this ethernet to create a intranet.
enp7s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 10.0.0.2 netmask 255.255.255.255 broadcast 10.0.0.2
inet6 fe80::8400:ff:fe84:a6f0 prefixlen 64 scopeid 0x20<link>
ether 86:00:00:84:a6:f0 txqueuelen 1000 (Ethernet)
RX packets 26585 bytes 3836255 (3.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24159 bytes 3761072 (3.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
This is my traefik.yml file:
################################################################
# API and dashboard configuration
################################################################
api:
# Dashboard
#
#
dashboard: true
insecure: true
################################################################
# Docker configuration backend
################################################################
providers:
docker:
exposedByDefault: false
################################################################
# Traefik Logging
################################################################
log:
level: INFO
################################################################
# Entrypoint
################################################################
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
################################################################
# Challenge TLS
# Documentation at https://doc.traefik.io/traefik/user-guides/docker-compose/acme-tls/
################################################################
certificatesResolvers:
myresolver:
acme:
email: devops@example.com
storage: /letsencrypt/acme.json
tlsChallenge: true
This is my docker-compose.yml file:
version: '3'
services:
traefik:
image: traefik:v2.11.2
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8080
published: 8181
mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/letsencrypt:/letsencrypt
- ./traefik.yml:/etc/traefik/traefik.yml
deploy:
replicas: 1
placement:
constraints:
- "node.role==manager"
restart_policy:
condition: on-failure
# Add the catapp service
catapp:
image: mikesir87/cats:1.0
labels:
- "traefik.enable=true"
- "traefik.http.routers.catapp.rule=Host(`example.com`,`www.example.com`)"
- "traefik.http.routers.catapp.service=catapp"
- "traefik.http.services.catapp.loadbalancer.server.port=5000"
- "traefik.http.routers.catapp.entrypoints=websecure"
- "traefik.http.routers.catapp.tls.certresolver=myresolver"