Hello everybody,
I tried to use some examples found online to allow connections from a postgres client to a postgres server in a docker container.
But it's not working, and traefik log messages aren't helping to pinpoint the problem.
It seems that the entrypoint is allocated by traefik, the router is active and the service (postgres container) is in error.
I tried both with and without ssl activated in postgres and with HostSNI(*), as suggested online.
I defined a tcp router with traefik labels in postgres container with no luck.
I also tried moving the tcp router/service definition in a separate dynamic config file, the result is the same.
I have an application stack containing postgres defined in a docker-compose like this :
services:
db:
build:
context: db
image: postgres
restart: unless-stopped
networks:
- private
#- public
expose:
- '5432'
volumes:
- db:/var/lib/postgresql/data
- ./db/sql-strutture:/var/tmp
environment:
POSTGRES_USER: xxx
POSTGRES_PASSWORD: xxx
spring:
...
...
cas:
...
...
With this minimal config postgres container works as expected with other containers in its stack.
In traefik docker-compose I just have this :
services:
traefik:
image: "traefik:v2.1.3"
restart: "unless-stopped"
container_name: "traefik2"
networks:
- public
ports:
- "80:80"
- "8080:8080"
- "8082:8082"
- "443:443"
- "10001:10001"
volumes:
- "./config/:/etc/traefik/"
- "./logs/traefik:/var/log/traefik"
- "./data/letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
public:
external: true
Where 'public' is the traefik network.
The rest of config is in config/traefik.yml :
...
...
entryPoints:
web:
address: ":80"
web-secure:
address: ":443"
dashboard:
address: ":8080"
metrics:
address: ":8082"
db-siv:
address: ":10001"
transport:
lifeCycle:
requestAcceptGraceTimeout: 42
graceTimeOut: 42
respondingTimeouts:
readTimeout: 42
writeTimeout: 42
idleTimeout: 42
proxyProtocol:
insecure: true
trustedIPs:
- "127.0.0.1"
- "192.168.20.0/24"
- "192.168.10.0/24"
...
...
And finally I added a dynamic config file in config/conf.d/.yml :
tcp:
routers:
db-siv-router:
entrypoints:
- db-siv
rule: HostSNI(`*`)
service: db-siv-service
services:
db-siv-service:
loadBalancer:
terminationDelay: 10000
servers:
#- address: db_ip_public_network:5432
- address: db_ip_private_network:5432
Another weird thing is that the tcp router accepts all entrypoints instead of just the defined one 'db-siv'
Can someone help to fix this problem ?
Online I just found a lot of people complaining about the lack of examples and in general the difficulty to fix this kind of problems with traefik v2.