Proxy_pass path prefix docker swarm labels same as nginx or apache

Traefik Traefik v2
,
1

Hello. I'm trying to deploy a docker swarm stack with some containers to supply a guacamole application. I have already this in some server but I"m using apache as reverse proxy.

I found some issues while serving this using traefik as I have not been able to properly map this apache config in traefik:

version: "3.8"

services:
  traefik:
    image: traefik:v2.10
    command:
      - "--log.level=DEBUG"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker=true"
      - "--providers.docker.swarmMode=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=traefik-network"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--api"
      - "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencryptresolver.acme.email=${EMAIL}"
      - "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
    ports:
      - "80:80"
      - "443:443"
      - "9090:8080" # to not conflict with guacamole frontenc (guac) port
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik-data/letsencrypt:/letsencrypt"
    networks:
      - traefik-network
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.middlewares.admin-auth.basicauth.users=${TRAEFIK_DASHBOARD_USERNAME}:${TRAEFIK_DASHBOARD_HASHED_PASSWORD}"
        - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
        - "traefik.http.routers.traefik-dashboard-http.rule=Host(`${TRAEFIK_DASHBOARD_DOMAIN}`)"
        - "traefik.http.routers.traefik-dashboard-http.entrypoints=websecure"
        - "traefik.http.routers.traefik-dashboard-http.middlewares=https-redirect"
        - "traefik.http.routers.traefik-dashboard-https.tls.certresolver=letsencryptresolver"
        - "traefik.http.routers.traefik-dashboard-https.service=api@internal"
        - "traefik.http.routers.traefik-dashboard-https.middlewares=admin-auth,traefik-https-redirect"
        - "traefik.http.services.traefik-dashboard-https.loadbalancer.server.port=9090"
      placement:
        constraints:
          - "node.role==manager"

  postgres:
    image: postgres
    deploy:
      restart_policy:
        condition: on-failure
    volumes:
      - pg-data:/var/lib/postgresql/data
      - ./postgres:/docker-entrypoint-initdb.d
    environment:
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    networks:
      - guacnet

  guacd:
    image: guacamole/guacd
    deploy:
      restart_policy:
        condition: on-failure
    networks:
      - guacnet

  guac:
    image: guacamole/guacamole
    deploy:
      restart_policy:
        condition: on-failure
    environment:
      POSTGRESQL_HOSTNAME: postgres
      POSTGRESQL_PORT: 5432
      POSTGRESQL_DATABASE: ${POSTGRESQL_DATABASE}
      POSTGRESQL_USER: ${POSTGRESQL_USER}
      POSTGRESQL_PASSWORD: ${POSTGRESQL_PASSWORD}
      GUACD_HOSTNAME: guacd
      GUACD_PORT: 4822
      TOTP_ENABLED: 'true'
    networks:
      - guacnet
      - traefik-network
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik-network"
        - "traefik.http.routers.guacamole.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.guacamole.entrypoints=websecure"
        - "traefik.http.routers.guacamole.tls.certresolver=letsencryptresolver"
        - "traefik.http.services.guacamole.loadbalancer.server.port=8080"
        - "traefik.http.middlewares.guacamoleMdl.addprefix.prefix=/guacamole"
        - "traefik.http.routers.guacamole-ws.rule=Host(`${DOMAIN}`) && Path(`/guacamole/websocket-tunnel`)"
        - "traefik.http.routers.guacamole-ws.entrypoints=websecure"
        - "traefik.http.routers.guacamole-ws.service=guacamole"


networks:
  traefik-network:
    driver: bridge
    external: true
  guacnet:
    external: true


volumes:
  pg-data:
    name: pg-data

I tested so many combinations with strip prefix and so on and I"m not able to achieve this same easy configuration done with Apache:

<Location />
        Order allow,deny
        Allow from all
        ProxyPass http://localhost:8080/guacamole/ max=20 flushpackets=on
        ProxyPassReverse http://localhost:8080/guacamole/
</Location>

<Location /websocket-tunnel>
    #Order allow,deny
    #Allow from all
        ProxyPass ws://localhost:8080/guacamole/websocket-tunnel
        ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel
</Location>

SO basically I would like to display everhting under:

The only way I've been able to make everything work is through mydomain.com/guacamole, but I want to avoid this.

How can I do that? I have spend serveral hours with this and I'm not able to achieve pretty easy task done with apache or nginx :smiley:

I hope you can give me a hand.

2

Can you share the mapping you want to achieve? I am not familiar with the Apache config.