I'm running traefik in docker and would like to securely proxy connections to both other containers and servers on other hosts. However, traefik only appears to pull in configuration from docker labels and ignores the http section of my traefik.yml config. I would only use labels but http.services.service.loadbalancer.servers.url is not supported. Please see below and let me know what I'm missing. I'm pulling my hair out here.
################################################################
# Global Configuration
################################################################
global:
checkNewVersion: false
sendAnonymousUsage: false
################################################################
# EntryPoints configuration
################################################################
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
################################################################
# Providers Configuration
################################################################
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
################################################################
# Certificates Resolvers Configuration
################################################################
certificatesResolvers:
cloudflare:
acme:
email: "${TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL}"
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare
delayBeforeCheck: 120
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
################################################################
# API and Dashboard Configuration
################################################################
api:
dashboard: true
insecure: false
################################################################
# HTTP Routers, Services, and Middlewares Configuration
################################################################
http:
routers:
dashboard:
entryPoints:
- websecure
rule: "Host(`traefik-pi.${DOMAIN}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service: api@internal
tls:
certResolver: cloudflare
middlewares:
- security-headers
adguard:
entryPoints:
- websecure
rule: "Host(`dns-pi.${DOMAIN}`)"
service: adguard
tls:
certResolver: cloudflare
middlewares:
- security-headers
services:
adguard:
loadBalancer:
servers:
- url: "http://10.10.0.4:3000"
middlewares:
security-headers:
headers:
frameDeny: true
sslRedirect: true
contentSecurityPolicy: "default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self'; frame-ancestors 'none'; base-uri 'self';"
referrerPolicy: "no-referrer-when-downgrade"
featurePolicy: "camera 'none'; microphone 'none'; geolocation 'none';"
stsSeconds: 63072000
stsIncludeSubdomains: true
stsPreload: true
customResponseHeaders:
X-Content-Type-Options: "nosniff"
X-Frame-Options: "SAMEORIGIN"
X-XSS-Protection: "1; mode=block"
################################################################
# Log Configuration
################################################################
log:
level: DEBUG
accessLog: {}
name: traefik
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik:/etc/traefik
environment:
DOMAIN: ${DOMAIN}
CF_DNS_API_TOKEN: ${CLOUDFLARE_API_TOKEN}
TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL: ${TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL}
networks:
- proxy
networks:
proxy:
name: proxy
external: true
volumes:
traefik:
name: traefik
external: true
Static configuration loaded [json] staticConfiguration={"accessLog":{"fields":{"defaultMode":"keep","headers":{"defaultMode":"drop"}},"filters":{},"format":"common"},"api":{"dashboard":true},"certificatesResolvers":{"cloudflare":{"acme":{"caServer":"https://acme-v02.api.letsencrypt.org/directory","certificatesDuration":2160,"dnsChallenge":{"delayBeforeCheck":"2m0s","provider":"cloudflare","resolvers":["1.1.1.1:53","1.0.0.1:53"]},"email":"${TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL}","keyType":"RSA4096","storage":"/etc/traefik/acme.json"}}},"entryPoints":{"web":{"address":":80","forwardedHeaders":{},"http":{"redirections":{"entryPoint":{"permanent":true,"priority":9223372036854775806,"scheme":"https","to":"websecure"}}},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}},"websecure":{"address":":443","forwardedHeaders":{},"http":{},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}}},"global":{},"log":{"format":"common","level":"DEBUG"},"providers":{"docker":{"defaultRule":"Host(`{{ normalize .Name }}`)","endpoint":"unix:///var/run/docker.sock","watch":true},"providersThrottleDuration":"2s"},"serversTransport":{"maxIdleConnsPerHost":200},"tcpServersTransport":{"dialKeepAlive":"15s","dialTimeout":"30s"}}