Problem with prometheus/grafana - traefik/docker

Hello,

At the moment, I'm stuck on a situation.

When I want to deploy prometheus and grafana via docker with my docker-composite file and the configuration files going well, traefik is unable to serve the service.

The prometheus/grafana containers work but traefik does not service my service.

Docker-compose traefik :slight_smile:

version: '3.8'

services:
  dockerproxy:
    container_name: dockerproxy
    image: tecnativa/docker-socket-proxy
    restart: always
    environment:
      - CONTAINERS=1
    networks:
      - socket-docker
    ports:
      - 2375:2375
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro

  traefik:
    container_name: traefik
    depends_on:
      - dockerproxy
    env_file:
      - .env
    image: traefik:${TRAEFIK_VERSION}
    restart: always
    networks:
      - socket-docker
      - traefik
      - monitoring
    ports:
      - 80:80
      - 443:443
      #metrics
      - 8082:8082
    environment:
      - TZ=Europe/Paris
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik-secure.entrypoints=websecure
      - traefik.http.routers.traefik-secure.rule=Host(`${SUBDOMAIN}.${DOMAIN}`)
      - traefik.http.routers.traefik-secure.tls=true
      - traefik.http.routers.traefik-secure.tls.certresolver=le
      - traefik.http.routers.traefik-secure.tls.domains[0].main=${SUBDOMAIN}.${DOMAIN}
      - traefik.http.routers.traefik-secure.service=api@internal
      - traefik.http.routers.traefik-secure.middlewares=auth-admin
      - traefik.http.middlewares.auth-admin.basicauth.users=${DASHBOARD_ACCOUNT}:${DASHBOARD_PASSWORD}
      # metrics rules
      - traefik.http.routers.metrics.entrypoints=metrics
      - traefik.http.routers.metrics.rule=Host(`${SUBDOMAIN}.${DOMAIN}`) && Path(`/metrics`)
      - traefik.http.routers.metrics.service=prometheus@internal
      - traefik.http.routers.metrics.middlewares=auth-metrics
      - traefik.http.middlewares.auth-metrics.basicauth.users=${PROMETHEUS_ACCOUNT}:${PROMETHEUS_PASSWORD}
      - traefik.http.middlewares.prometheus-whitelist.ipwhitelist.sourcerange=127.0.0.1/32
    volumes:
      - "./config/traefik.yaml:/traefik.yaml:ro"
      - "letsencrypt:/letsencrypt/:rw,delegated"
      - "logs:/logs/:rw,delegated"

networks:
  socket-docker:
  traefik:
  monitoring:

volumes:
  letsencrypt:
    name: LE_cert
  logs:
    name: traefik_logs

Traefik config file :

# GLOBAL CONFIGURATION #

global:
  checkNewVersion: false
  sendAnonymousUsage: false

# METRICS #

metrics:
  prometheus:
    buckets:
      - 0.1
      - 0.3
      - 1.2
      - 5.0
    addEntryPointsLabels: true
    addServicesLabels: true
    entryPoint: metrics
    manualRouting: true

# ENTRYPOINTS #

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"
  metrics:
    address: ":8082"

#  API   #

api:
  dashboard: true

# LOGS #

log:
  filePath: "/logs/traefik.log"
  format: json
  level: WARN

accessLog:
  filePath: "/logs/access.log"
  format: json
  filters:
    statusCodes:
      - "200"
      - "300-302"
    retryAttempts: true
    minDuration: "15ms"

#// TODO
#tracing: {}

# LETS ENCRYPT #
certificatesResolvers:
  le:
    acme:
      email: contact@domain.com
      caServer: https://acme-v02.api.letsencrypt.org/directory
      storage: /letsencrypt/acme.json
      keyType: EC256
      #OnHostRule: true
      httpChallenge:
        entryPoint: web

# TLS #

tls:
  options:
    default:
      sniStrict: true
      minVersion: VersionTLS12
      cipherSuites:
        # https://ssl-config.mozilla.org/#server=traefik&version=2.1.2&config=intermediate&guideline=5.4
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
    mintls13:
      minVersion: VersionTLS13

# http directory #

# PROVIDER #

providers:
  docker:
    endpoint: "tcp://dockerproxy:2375"
    network: traefik
    exposedByDefault: false
    watch: true

Prometheus/grafana docker-compose :

version: '3.8'

services:
  prometheus:
    image: prom/prometheus:${PROMETHEUS_VERSION}
    container_name: prometheus
    volumes:
      - ./config/prometheus/:/etc/prometheus/
      - prometheus_data:/prometheus
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/usr/share/prometheus/console_libraries'
      - '--web.console.templates=/usr/share/prometheus/consoles'
    labels:
      - traefik.enable=true
      - traefik.frontend.rule=Host(`${PROMETHEUS_SUBDOMAIN}.${DOMAIN}`)
      - traefik.http.routers.prometheus.tls=true
      - traefik.http.routers.prometheus.tls.certresolver=le
      - traefik.http.routers.prometheus.middlewares=prometheus
      - traefik.http.middlewares.prometheus.basicauth.users=${PROMETHEUS_ACCOUNT}:${PROMETHEUS_PASSWORD}
      - traefik.port=9090
    networks:
      - monitoring
      - traefik

  grafana:
    image: grafana/grafana:${GRAFANA_VERSION}
    container_name: grafana
    depends_on:
      - prometheus
    volumes:
      - grafana_data:/var/lib/grafana
      - ./config/grafana/provisioning/:/etc/grafana/provisioning/
    #environment:
    #  GF_LOG_LEVEL: 'debug'
    env_file:
      - .env
    networks:
      - monitoring
      - traefik
    ports:
      - 3000:3000
    labels:
      - traefik.enable=true
      - traefik.http.routers.grafana.entrypoints=web
      - traefik.http.routers.grafana.rule=Host(`${GRAFANA_SUBDOMAIN}.${DOMAIN}`)
      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=websecure
      - traefik.http.routers.grafana-secure.entrypoints=websecure
      - traefik.http.routers.grafana-secure.rule=Host(`${GRAFANA_SUBDOMAIN}.${DOMAIN}`)
      - traefik.http.routers.grafana-secure.tls=true
      - traefik.http.routers.grafana-secure.tls.certresolver=le
      - traefik.http.routers.grafana-secure.service=grafana
      - traefik.http.services.grafana.loadbalancer.server.port=3000
      - traefik.docker.network=traefik
volumes:
  prometheus_data:
    name: prometheus_data
  grafana_data:
    name: grafana_data

networks:
  traefik:
  monitoring:

Do you have an idea about my problem?

1 Like

I just saw the logs and I found this :

Could not find network named 'traefik' for container

I don't understand, yet I did declare the networks well

I have the same issue with different configs. As I get - in dashboard everything fine and I can curl any address on the host. But for some reason I get only time out :frowning:

I have corrected my problem.

Here is the solution :

docker-compose.yml - traefik

networks:
 socket-docker:
 traefik:
   external: true
 monitoring:
   external: true

docker-compose grafana/prometheus :

networks:
  traefik:
    external: true
  monitoring:
    external: true

I'm looking to do custom port while having a valid certificate.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.