Reverse proxy to Portainer in docker using a config.yml does not work

Larry · March 8, 2024, 4:28pm

Hello,

I'm trying to run Portainer through Traefik, I have a basic configuration without really anything complicated.

I'm using Traefik CE, using a config.yml (excerpt below) on a Debian Linux machine.

I am using a config.yml proxy configuration:

...
http:
  routers:
    portainer:
      service: portainer
      rule: Host(`portainer.moi.localhost`)
      entryPoints:
        - websecure
      tls: true

  services:
    portainer:
      loadBalancer:
        servers:
          - url: http://portainer:9000        # NO WAY... "Bad Gateway"
          # - url: http://filebrowser:8080 # WORKS FINE.

TLS is working fine, Certificates are ok, traefik is handing correctly all the stacks using label directives in docker-compose files, except with the portainer driven by the config file.

The redirection is ok : I verified it by trying to reach a container that works (filebrowser). Everything is ok. When I apply it to the portainer container, and it fails with a "Bad Gateway".

I cannot figure what I am missing

The filebrowser container has been running using a docker-compose in a portainer stack and runs in a "myNetwork" network.

The portainer container is run outside of portainer using a shell. It's in the "bridge" network. It has been ran this way:

docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

What's wrong with it? I don't want to run portainer in its own stack next to traefik as it says on the portainer website because we lose control from portainer of everything that is created outside portainer.

bluepuma77 · March 9, 2024, 8:31am

Note that "stack" (Docker Swarm stack deploy?) might be something different than a regular "service" in compose.

"Bad Gateway" indicates that Traefik can not reach the target service via the network.

Usually you would assign Traefik and all targets services to a Docker network for the internal traffic, see simple Traefik example.

Larry · March 9, 2024, 7:50pm

Thank you very much for your reply!

Sorry for the use of "stack", I'm just starting out with these technologies and I haven't quite mastered all the terminology yet.

How did I not think of this before? It's certain that if I don't run portainer in the same network as all the others, I won't be able to see it recognised by Traefik. So :

sudo docker run -d -p 8000:8000 -p 9443:9443 --network myNetwork --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

And immediately, it works much better !

system · March 12, 2024, 7:51pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Traefik v2.5 no redirecting to portainer portal Traefik v2 docker , middleware	7	4886	June 30, 2022
Using Traefik as a Reverse Proxy with Certificates Signed by My Own PKI Traefik v3 (latest) docker	8	1447	December 4, 2024
Traefik + Portainer Traefik v2 docker , tcp	3	6628	October 5, 2023
Portainer using traefik Traefik v2 docker	0	315	November 1, 2020
Proxy Portainer under sub path Traefik v2 docker , middleware	16	9828	February 23, 2023

Reverse proxy to Portainer in docker using a config.yml does not work

Related topics