I'm using different dockers with similar config and simple copy my compose file like this.
services:
cryptpad:
image: "cryptpad/cryptpad:version-5.6.0"
restart: unless-stopped
container_name: cryptpad
networks:
- myNetwork
labels:
- traefik.enable=true
- traefik.http.routers.cryptpad.rule=Host(`office.intranet`, `sandbox.office.intranet`) && ClientIP(`192.168.0.0/16`)
volumes:
- /media/nfs/docker/cryptpad/data/blob:/cryptpad/blob
- /media/nfs/docker/cryptpad/data/block:/cryptpad/block
- /media/nfs/docker/cryptpad/customize:/cryptpad/customize
- /media/nfs/docker/cryptpad/data/data:/cryptpad/data
- /media/nfs/docker/cryptpad/data/files:/cryptpad/datastore
- /media/nfs/docker/cryptpad/config/config.js:/cryptpad/config/config.js
environment:
- CPAD_MAIN_DOMAIN=https://office.intranet
- CPAD_SANDBOX_DOMAIN=https://sandbox.office.intranet
- CPAD_CONF=/cryptpad/config/config.js
ports:
- "3500:3000"
networks:
myNetwork:
external: true
In my traefik.yml is this part active
providers:
docker:
exposedByDefault: false
With debug mode in traefik I only see this in log.
23bc2161a6dbd2342343230ab1921c977 From:cryptpad/cryptpad:version-5.6.0 Type:container Action:start Actor:{ID:a5b8f16cc6e6c9289c23bc21234234234b2e30ab1921c977 Attributes:map[com.docker.compose.config-hash:d4b4681cc90bd4decc234236408dde0041bdb0a30e82 com.docker.compose.container-number:1 com.docker.compose.depends_on: com.docker.compose.image:sha256:9e77f6a5a53faf116ea024d927fb7292a76ae4571a7b8490ea9465804d2942a9 com.docker.compose.oneoff:False com.docker.compose.project:cryptpad com.docker.compose.project.config_files:/media/nfs/docker/cryptpad/docker-compose.yml com.docker.compose.project.working_dir:/media/nfs/docker/cryptpad com.docker.compose.replace:4541b0c63960cc1a4f1595398782a87270ababa06be27cd80181d93dc1639397 com.docker.compose.service:cryptpad com.docker.compose.version:2.21.0 image:cryptpad/cryptpad:version-5.6.0 name:cryptpad traefik.enable:true traefik.http.routers.cryptpad.rule:Host(`office.intranet`, `sandbox.office.intranet`) && ClientIP(`192.168.0.0/16`)]} Scope:local Time:1707321600 TimeNano:1707321600370378773}" providerName=docker
After start the container the router will not be created and I see this router not on the dashboard in traefik web ui. In my other containers like baikal or nagios with similar config works fine. What can be the problem? Thanks for hints ...
Do you use different names for the routers?
Is the service/container running?
I would recommend to set the target service port for Traefik to use, compare to simple Traefik example.
Share your full Traefik static and dynamic config, and docker-compose.yml if used.
Yes, I'm using different names for each docker services.
This is my static config:
providers:
docker:
exposedByDefault: false
network: traefik_proxy
file:
filename: /etc/traefik/dynamic.yml
watch: true
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
http:
tls:
certResolver: le
certificatesResolvers:
le:
acme:
tlsChallenge: true
email: "mymail"
storage: "/etc/traefik/acme/acme.json"
api:
dashboard: true
## insecure: true
log:
level: "DEBUG"
filePath: "/var/log/traefik/traefik.log"
accessLog:
filePath: "/var/log/traefik/access.log"
bufferingSize: 100
serversTransport:
insecureSkipVerify: "true"
Here the dynamic one:
tls:
certificates:
- certFile: /etc/traefik/certs/cert.crt
keyFile: /etc/traefik/certs/Root-CA-Home.pem
stores:
default:
defaultCertificate:
certFile: /etc/traefik/certs/cert.crt
keyFile: /etc/traefik/certs/Root-CA-Home.pem
http:
middlewares:
authTraefik:
basicAuth:
users:
- "traefik_user:secret"
The cryptpad container runs and I can access this service via ip address. I don't understand why traefik do no create the router. Here is an example from baikal which works. Other dockers works also. It doesn't have this problem anytime with other container and I'm confused. 
Example with working baikal:
version: "2"
services:
baikal:
image: ckulka/baikal:nginx
container_name: baikal
labels:
- traefik.enable=true
- traefik.http.routers.baikal.rule=Host(`baikal.intranet`) && ClientIP(`192.168.0.0/16`)
# - traefik.http.routers.baikal.middlewares=mygeoblock@file
restart: always
ports:
- "8076:80"
volumes:
- config:/var/www/baikal/config
- data:/var/www/baikal/Specific
# - /media/nfs/docker/baikal/Server.php:/var/www/baikal/Core/Frameworks/Baikal/Core/Server.php
volumes:
config:
data:
networks:
default:
external: true
name: myNetwork
Example with cryptpad which not works.
version: '3.8'
services:
cryptpad:
image: "cryptpad/cryptpad:version-5.6.0"
restart: unless-stopped
container_name: cryptpad
labels:
- traefik.enable=true
- traefik.http.routers.cryptoffice.rule=Host(`office.intranet`, `sandbox.office.intranet`) && ClientIP(`192.168.0.0/16`)
volumes:
- /media/nfs/docker/cryptpad/data/blob:/cryptpad/blob
- /media/nfs/docker/cryptpad/data/block:/cryptpad/block
- /media/nfs/docker/cryptpad/customize:/cryptpad/customize
- /media/nfs/docker/cryptpad/data/data:/cryptpad/data
- /media/nfs/docker/cryptpad/data/files:/cryptpad/datastore
- /media/nfs/docker/cryptpad/config/config.js:/cryptpad/config/config.js
environment:
- CPAD_MAIN_DOMAIN=https://office.intranet
- CPAD_SANDBOX_DOMAIN=https://sandbox.office.intranet
- CPAD_CONF=/cryptpad/config/config.js
ports:
- "3500:3000"
networks:
default:
external: true
name: myNetwork
You are missing the Traefik docker-compose.yml.
Traefik and the services should use the same network. When you specify the network for Traefik in options, you need to make sure the name is correct as by default compose will prefix with a project name.
I usually prefer a dedicated Docker network, not default, to make it all clear. You don’t need to expose ports of your services (except Traefik). Check simple Traefik example.
Sorry, my mistake and forget the information.
This is the compose for traefik.
services:
traefik:
image: traefik:latest
container_name: traefik
command:
- "--providers.file.filename=/etc/traefik/traefik.yml"
restart: always
labels:
- traefik.http.routers.traefik.rule=Host(`traefik.intranet`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
- traefik.enable=true
- traefik.http.routers.traefik.middlewares=authTraefik@file
- traefik.http.routers.traefik.service=api@internal
- traefik.http.services.traefik.loadbalancer.sticky.cookie.httpOnly=true
- traefik.http.services.traefik.loadbalancer.sticky.cookie.secure=true
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock
- /media/nfs/docker/traefik/config:/etc/traefik
- /media/nfs/docker/traefik/log:/var/log/traefik/
- /media/nfs/docker/traefik/acme/acme.json:/etc/traefik/acme/acme.json
environment:
TZ: Europe/Berlin
ports:
- 80:80
- 443:443
networks:
default:
external: true
name: traefik_proxy
I want to use two docker networks. One for services with access to internet and one for internal stuff. But why it works with baikal? There is a another network name "myNetwork". baikal and cryptpad shold be only intern.
Thanks for your hints. I will check the example and try this in my env.
The problem still exists. I removed the exposed ports and put the container in the same network. Nothing changes the behaviour.
This is the actual yml for the cryptpad compose.
version: '3.8'
services:
cryptpad:
image: "cryptpad/cryptpad:version-5.6.0"
restart: unless-stopped
container_name: cryptpad
labels:
- traefik.enable=true
- traefik.http.routers.cryptpad.rule=Host(`office.intranet`, `sandbox.office.intranet`) && ClientIP(`192.168.0.0/16`)
environment:
- CPAD_MAIN_DOMAIN=https://office.intranet
- CPAD_SANDBOX_DOMAIN=https://sandbox.office.intranet
- CPAD_CONF=/cryptpad/config/config.js
# - CPAD_HTTP2_DISABLE=true
volumes:
- /media/nfs/docker/cryptpad/data/blob:/cryptpad/blob
- /media/nfs/docker/cryptpad/data/block:/cryptpad/block
- /media/nfs/docker/cryptpad/customize:/cryptpad/customize
- /media/nfs/docker/cryptpad/data/data:/cryptpad/data
- /media/nfs/docker/cryptpad/data/files:/cryptpad/datastore
- /media/nfs/docker/cryptpad/config/config.js:/cryptpad/config/config.js
# ulimits:
# nofile:
# soft: 1000000
# hard: 1000000
networks:
default:
external: true
name: traefik_proxy
Is there another thing what I can check?
Update:
I test this with a traefik/whoami service. This works. There must be a problem with the cryptpad specially. Could it be that the image (cryptpad) affected the behaviour of traefik labels?
You need to add the network to the service.
Then you can go into the Traefik container (docker exec -it <cid> sh) and try to ping cryptpad and wget http://cryptpad (maybe need to add port number).
You need to add the network to the service
I'm using a pre-existing network with the external option which assign the existing network to the service (Networking Docker). Or is there antoher thing which I do not understand?
I wrote that all other containers work with this config constellation. Why not with cryptpad? The cryptpad container is in the "traefik_proxy" network and it's reachable via ping from the traefik container.
Don't understand why, but using the image promasu/cryptpad works with exact the delivered config in past post.
Never mind. Because you declare the default network, you implicitly automatically add the network to your service. Usually you would use network: within a service declaration.