Multiple traefik.docker.network on one container?

hilne · February 1, 2023, 6:16pm

Hi,
I have two traefik with docker, one on my LAN which exposed internal resources and another publicly accessible which exposed https webui.

I want to setup traefik with keycloak with my two traefik (local - port 9090 and public - port 80 & 443). I want to restrict in my LAN all admin routes through traefik local and expose publicly only the login panel of keycloack through my traefik public.

But I don't see any examples or documentation about the way to setup two traefik.docker.network and create two interfaces in one service on docker.

Is it really not possible?
and why? due to technical restrictions?
Because a router - service could belong to a docker network?

  labels:
    - traefik.enable=true
    - traefik.docker.network=traefik-local
    - traefik.constraint-label=traefik-local
    - traefik.http.routers.keycloak-router.rule=Host("keycloak.${PRIVATE_DOMAIN}")
    - traefik.http.routers.keycloak-router.entrypoints=web

Thanks for your help

bluepuma77 · February 2, 2023, 10:24am

You can define the Docker network in static config provider.docker for a Traefik instance.

That way each Traefik instance can use their own Docker network to reach target services, your special target service can be attached to multiple Docker networks.

hilne · February 2, 2023, 6:05pm

Thanks for your feedback.

I have setup the traefik.docker.network in provider docker in static conf of traefik.
I have setup also a constraint label for traefik public and another for traefik local and associate a docker service with theses labels.

I specified two different rule host one internal and the other public and it' s working.

But there is still a warning/durty thing about the traefik routes.
The constraint label is only on docker service so traefik catch all routes specified for this service. I can't filter rule host for my traefik public instance or my traefik local instance.

So in my traefik local instance, I have the public rule host setup with an https entrypoint which doesnt exist that' s why it's red (only traefik public instance has an https entrypoint) and the internal rule setup
And in my traefik public instance, I have an internal rule and the public rule also.

I think there is no way to filter rule access by label constraint in docker service with traefik ?
I would setup two rules (internal and public) which are created respectively by the right traefik instance.

If not possible. I will rename entrypoints on traefik local which dont match entrypoint in traefik public.

Thanks.

Topic		Replies	Views
One Container/Service, two routers/host/entrypoints - http and https Traefik v2 docker	2	270	November 4, 2023
How to connect two traefik in local area network? I tried, but it's not work Traefik v3 (latest) docker	2	1494	March 29, 2023
Specifying docker network multiple times Traefik v2 docker	4	774	June 12, 2023
Multiple Docker providers across hosts in local network? Traefik v2 docker	1	843	April 17, 2020
Traefik is trying to target IP from different docker network Traefik v2 docker	7	807	June 10, 2023

Multiple traefik.docker.network on one container?

Related Topics