Hello. I'm trying to deploy a docker swarm stack with some containers to supply a guacamole application. I have already this in some server but I"m using apache as reverse proxy.
I found some issues while serving this using traefik as I have not been able to properly map this apache config in traefik:
version: "3.8"
services:
traefik:
image: traefik:v2.10
command:
- "--log.level=DEBUG"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker=true"
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=traefik-network"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--api"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencryptresolver.acme.email=${EMAIL}"
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
ports:
- "80:80"
- "443:443"
- "9090:8080" # to not conflict with guacamole frontenc (guac) port
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik-data/letsencrypt:/letsencrypt"
networks:
- traefik-network
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.admin-auth.basicauth.users=${TRAEFIK_DASHBOARD_USERNAME}:${TRAEFIK_DASHBOARD_HASHED_PASSWORD}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik-dashboard-http.rule=Host(`${TRAEFIK_DASHBOARD_DOMAIN}`)"
- "traefik.http.routers.traefik-dashboard-http.entrypoints=websecure"
- "traefik.http.routers.traefik-dashboard-http.middlewares=https-redirect"
- "traefik.http.routers.traefik-dashboard-https.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.traefik-dashboard-https.service=api@internal"
- "traefik.http.routers.traefik-dashboard-https.middlewares=admin-auth,traefik-https-redirect"
- "traefik.http.services.traefik-dashboard-https.loadbalancer.server.port=9090"
placement:
constraints:
- "node.role==manager"
postgres:
image: postgres
deploy:
restart_policy:
condition: on-failure
volumes:
- pg-data:/var/lib/postgresql/data
- ./postgres:/docker-entrypoint-initdb.d
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
networks:
- guacnet
guacd:
image: guacamole/guacd
deploy:
restart_policy:
condition: on-failure
networks:
- guacnet
guac:
image: guacamole/guacamole
deploy:
restart_policy:
condition: on-failure
environment:
POSTGRESQL_HOSTNAME: postgres
POSTGRESQL_PORT: 5432
POSTGRESQL_DATABASE: ${POSTGRESQL_DATABASE}
POSTGRESQL_USER: ${POSTGRESQL_USER}
POSTGRESQL_PASSWORD: ${POSTGRESQL_PASSWORD}
GUACD_HOSTNAME: guacd
GUACD_PORT: 4822
TOTP_ENABLED: 'true'
networks:
- guacnet
- traefik-network
deploy:
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.guacamole.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.guacamole.entrypoints=websecure"
- "traefik.http.routers.guacamole.tls.certresolver=letsencryptresolver"
- "traefik.http.services.guacamole.loadbalancer.server.port=8080"
- "traefik.http.middlewares.guacamoleMdl.addprefix.prefix=/guacamole"
- "traefik.http.routers.guacamole-ws.rule=Host(`${DOMAIN}`) && Path(`/guacamole/websocket-tunnel`)"
- "traefik.http.routers.guacamole-ws.entrypoints=websecure"
- "traefik.http.routers.guacamole-ws.service=guacamole"
networks:
traefik-network:
driver: bridge
external: true
guacnet:
external: true
volumes:
pg-data:
name: pg-data
I tested so many combinations with strip prefix and so on and I"m not able to achieve this same easy configuration done with Apache:
<Location />
Order allow,deny
Allow from all
ProxyPass http://localhost:8080/guacamole/ max=20 flushpackets=on
ProxyPassReverse http://localhost:8080/guacamole/
</Location>
<Location /websocket-tunnel>
#Order allow,deny
#Allow from all
ProxyPass ws://localhost:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel
</Location>
SO basically I would like to display everhting under:
The only way I've been able to make everything work is through mydomain.com/guacamole, but I want to avoid this.
How can I do that? I have spend serveral hours with this and I'm not able to achieve pretty easy task done with apache or nginx
I hope you can give me a hand.