typedef
September 28, 2020, 9:23pm
1
Hey traefik community. I'm new to the whole cloud and container environment and currently experimenting with a setup on a VPS instance I own. I have exposed 3 ports from traefik container to local host ports:
127:0.0.1:10000:80
I want to route traefik dashboard to port 9090 with ultimate goal to have the dashboard/api exposed only locally and port forward via SSH tunnel when I want to access it. At a later stage, ports 80 and 443 will be exposed to the internet.
For now, I'm failing gracefully to route dashboard to port 9090.
This is my docker-compose.yml:
version: '3.7'
services:
# traefik service
traefik:
image: "traefik:v2.2"
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`dashboard.local`)"
- "traefik.http.routers.api.entrypoints=dashboard"
- "traefik.http.routers.api.service=api@internal"
#- "traefik.http.services.api.loadbalancer.server.port=9090"
container_name: "traefik"
ports:
- "127.0.0.1:10000:80"
- "127.0.0.1:10001:443"
- "127.0.0.1:10002:9090"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/home/traefik/traefik.toml:/traefik.toml:ro"
- "/home/traefik/acme.json:/acme.json"
# http-echo service
httpecho:
image: "hashicorp/http-echo"
command: "-text='hello world!'"
labels:
- "traefik.enable=true"
- "traefik.http.routers.httpecho.rule=Host(`mydomainofchoice123456.com`)"
- "traefik.http.routers.httpecho.entrypoints=http"
networks:
default:
external:
name: "traefik_network"
And this is my traefik.toml:
# Traefik.yml
defaultEntryPoints = ["http"]
# define HTTP and HTTPS entrypoints
[entryPoints]
[entryPoints.dashboard]
address = ":9090"
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[api]
dashboard = true
insecure = true
[providers]
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
network = "traefik_network"
exposedByDefault = false
Can anyone point me what I'm doing wrong?
Appreciate your time.
cakiwi
September 28, 2020, 9:30pm
2
typedef:
insecure = true
This.
It only binds on :8080 and sets up some other items for you.
Remove it and follow the secure mode instructions.
typedef
September 28, 2020, 9:51pm
3
Thank you for the quick response cakiwi!
The last two days I'm changing the configurations to the ones you suggested but no result. I've removed the insecure from toml and changed the docker-compose to:
version: '3.7'
services:
# traefik service
traefik:
image: "traefik:v2.2"
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`dashboard.local`)"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.entrypoints=dashboard"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=<REDACTED>"
container_name: "traefik"
ports:
- "127.0.0.1:10000:80"
- "127.0.0.1:10001:443"
- "127.0.0.1:10002:9090"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/home/traefik/traefik.toml:/traefik.toml:ro"
- "/home/traefik/acme.json:/acme.json"
# http-echo service
httpecho:
image: "hashicorp/http-echo"
command: "-text='hello world!'"
labels:
- "traefik.enable=true"
- "traefik.http.routers.httpecho.rule=Host(`mydomainofchoice123456.com`)"
- "traefik.http.routers.httpecho.entrypoints=http"
networks:
default:
external:
name: "traefik_network"
This time the backend doesn't reply at all:
curl -H Host:dashboard.local http://127.0.0.1:10002
curl: (56) Recv failure: Connection reset by peer
I'm getting a response from the other container:
curl -H Host:mydomainofchoice123456.com http://127.0.0.1:10000
hello world!
What else I'm missing?
cakiwi
September 28, 2020, 11:59pm
4
Not at all sure. I took your config and executed it. The only things I replaced was the mounts for traefik.toml , acme.json and the basic auth user.
Ran fine.
version: '3.7'
services:
# traefik service
traefik:
image: "traefik:v2.2"
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`dashboard.local`)"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.entrypoints=dashboard"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=admin:$$2b$$12$$R5/MWBFJgp6xelLHoCQJC.6Wdf5azFgefyptQXLjN2eoNZdrADWAK"
container_name: "traefik"
ports:
- "127.0.0.1:10000:80"
- "127.0.0.1:10001:443"
- "127.0.0.1:10002:9090"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik/traefik.toml:/traefik.toml:ro"
- "./traefik/acme.json:/acme.json"
# http-echo service
httpecho:
image: "hashicorp/http-echo"
command: "-text='hello world!'"
labels:
- "traefik.enable=true"
- "traefik.http.routers.httpecho.rule=Host(`mydomainofchoice123456.com`)"
- "traefik.http.routers.httpecho.entrypoints=http"
networks:
default:
external:
name: "traefik_network"
curl -H Host:dashboard.local -u 'admin:n0t secure at all' localhost:10002 -i
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: /dashboard/
Date: Mon, 28 Sep 2020 23:58:41 GMT
Content-Length: 34
<a href="/dashboard/">Found</a>.
typedef
September 29, 2020, 6:46pm
5
@cakiwi I honestly appreciate you took the time to check this! After changing the configuration on the firewall and trying the same docker and traefik configuration it finally worked! I have indeed strict firewall settings but I didn't expect these to affect routing within docker!
1 Like
system
October 2, 2020, 6:46pm
6
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.