Moving from docker compose to Traefik.yml

I’ve currently got Traefik working with all setup in my docker compose file using commands and now trying to move that to a Traefik.yml file - mainly to add the crowdsec bouncer more easily.

I’ve done a fair bit of digging and worked out how to map the commands over. Just having an issue that’s driving me mad at the moment as I keep getting an error field not found, node: provider

I know this is going to be something simple in terms of formatting of the file but for the life of me I can’t figure it out.

Here’s my Traefik.yml - if anyone can tell me what stupid mistake I’ve made I’d appreciate it.

# Static configuration
#
entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
#
  websecure:
    address: ":443"
    http:
      tls: 
        certResolver: myresolver
        domains:
          - main: "gdb19.mydomain"
            sans: 
              - "*.gdb19.mydomain"
#
#
certificatesResolvers:
  myresolver:
    acme:
      email: myemail@gmail.com
      storage: /data/acme.json
      dnsChallenge:
        provider: duckdns
#
#Duckdns token is in docker compose file
#
providers:
  docker:
    endpoint: "tcp://dockerproxy:2375"
    exposedByDefault: false
    network: Dockerproxy
#
#
  serverstransport:
    insecureskipverify: true
#
#
api:
  insecure: true
  dashboard: true
#
#
log:
  level: DEBUG
  filepath: /data/traefik.log
  maxSize: 1 
  maxBackups: 3
#
#
http:
  routers:
    router-dsm:
      rule: "Host(`dsm.mydomain`)"
      entryPoints:
        - websecure
      service: dsm
      tls:
        certResolver: myresolver

  services:
    dsm:
      loadBalancer:
        passHostHeader: true
        servers:
          - url: 'https://172.18.0.1:50005'
#

Use 3 backticks before and after code/config to preserve spacing, which is important in yaml.

Thanks, wasn’t sure what a backtick was so had to google it. I did try adding ``` to the start and end of my code and removed all blank lines and comments but getting a different error now

Found character that cannot start any token

Use 3 backticks in the post to preserve the spacing

Ah apologies - being really quite dumb there.

I’ve amended the code as I noticed the serverstransport wasn’t correctly aligned.

Traefik seems to be working now as no errors in the container logs but when I try to open for example sonarr.mydomain.duckdns.org I get an error saying the site could not be reached.

Nothing in the Traefik.log file either at the time of my request

To add some more info here is the docker compose command I’m trying to move from

  traefik:
    image: traefik
    container_name: traefik
    networks:
        - Docker
        - Dockerproxy
    restart: unless-stopped
    command:
      # Debug & logging 
      - "--log.level=WARN"
      - "--api.insecure=true"
      - "--log.filePath=/data/traefik.log"
      - "--accesslog=true"
      - "--accesslog.filePath=/data/access.log"
      # Common Properties
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.filename=/data/rules.yml"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls=true"
      # SSL/TLS Properties
      - "--entrypoints.websecure.http.tls.certResolver=myresolver"
      - "--entrypoints.websecure.http.tls.domains[0].main=${DOMAIN}"
      - "--entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN}"
      - "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com"
      - "--certificatesresolvers.myresolver.acme.storage=/data/acme.json"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=duckdns"
      - "--serverstransport.insecureskipverify=true"
      # Docker socket
      - "--providers.docker.endpoint=tcp://dockerproxy:2375"
    ports:
      - "80:80"
      - "443:443"
      - "8089:8080"
    environment:
      - DUCKDNS_TOKEN=${DUCKDNS_TOKEN}
    labels:
      - "traefik.enable=true"
      - "traefik.backend=dashboard"
      - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.middlewares=authelia@docker"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"  
    volumes:
      - ${VOLUME}/Traefik:/data

And here’s my new version of docker compose and traefik.yml

  traefik:
    image: traefik
    container_name: traefik
    networks:
        - Docker
        - Dockerproxy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "8089:8080"
    environment:
      - DUCKDNS_TOKEN=${DUCKDNS_TOKEN}
    labels:
      - "traefik.enable=true"
      - "traefik.backend=dashboard"
      - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.middlewares=authelia@docker"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"  
    volumes:
      - ${VOLUME}/Traefik:/data
      - ${VOLUME}/Traefik/traefik.yml:/etc/traefik/traefik.yml
#

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
websecure:
    address: ":443"
    http:
      tls: 
        certResolver: myresolver
        domains:
          - main: "mydomain.duckdns.org"
            sans: 
              - "*.mydomain.duckdns.org"
certificatesResolvers:
  myresolver:
    acme:
      email: email@gmail.com
      storage: /data/acme.json
      dnsChallenge:
        provider: duckdns
providers:
  docker:
    endpoint: "tcp://dockerproxy:2375"
    exposedByDefault: false
    network: Dockerproxy
#serverstransport:
#  insecureskipverify: true
api:
  insecure: true
  dashboard: true
log:
  level: DEBUG
  filepath: /data/traefik.log
  maxSize: 1 
  maxBackups: 3
accessLog:
  filepath: /data/access.log
http:
  routers:
    router-dsm:
      rule: "Host(`dsm.mydomain.duckdns.org`)"
      entryPoints:
        - websecure
      service: dsm
      tls:
        certResolver: myresolver
services:
    dsm:
      loadBalancer:
        passHostHeader: true
        servers:
          - url: 'https://172.18.0.1:50005'
# Have to specify the ip address of the docker network gateway and not the nas ip address
#
#
#experimental:
#  plugins:
#    bouncer:
#      moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
#      version: v1.3.3 # To update
#

When I use the amended config with the cut down docker compose and new traefik.yml files I can’t get to my hosted apps.

I don’t get anything in access.log and nothing in traefik.log for the time when I try to access so looks like it’s not hitting traefik but no idea why as all other setup is the same (ddns, router port forwarding, etc).

If I switch back to the full docker compose I pasted in then it works straight away

Interestingly I can access the one service that I have specified in the traefik.yml (dsm) when I specify a port on the end of the url - https://dsm.mydomain.duckdns.org:5000

I can’t access any of the services that traefik should be picking up from the docker compose labels on all my other containers - even if I add the port on the end.

Guessing that there is something wrong with how I have setup docker as a provider

More info in case this helps diagnose the issue.

When I try to hit

http://homepage.mydomain.duckdns.org I get a 404 page not found error

When I use

https://homepage.mydomain.duckdns.org I get an error saying

Safari can't open the page because it couldn't connect to the server.

I can also see these lines in the traefik logs

2024-08-21T15:34:33Z ERR github.com/traefik/traefik/v3/pkg/config/runtime/runtime_http.go:32 > EntryPoint doesn't exist entryPointName=websecure routerName=homepage@docker

2024-08-21T15:34:33Z ERR github.com/traefik/traefik/v3/pkg/config/runtime/runtime_http.go:48 > No valid entryPoint for this router routerName=homepage@docker

Hello,
for the last error you pasted your websecure entryption definition should be indented one more level I guess seems like traefik isn't reading your configuration because of that you should have some logs on stdout you can see them with docker logs [container].

Brilliant, thanks for spotting that. After changing the indentation I’m now able to access almost all my services.

Just can’t access DSM which I have mapped in traefik.yml instead of via docker labels - but I’ll take a look at this

Appreciate the replies

unless I'm mistaken you can't define routers in a static file (traefik.yml) it's doable either via labels or in a dynamic file (example from the doc)

Thanks. I’ve shifted the setup related to Synology DSM into a dynamic config file that I load from traefik.yml via a file provider.

Everything is working fine now

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.