Router not showing up using Consul+Nomad

Hi,

I'm trying to route to the Nomad Web UI using Traefik. I use the consulCatalog for service discovery. Traefik is enabled for the Nomad service by adding a tag to /etc/nomad.d/nomad.hcl configuration:

consul {
  tags = [
    "traefik.enable=true",

This will make the nomad and nomad-client services appear on the Traefik dashboard. I now tried to add a router in the static configuration toml, which is part of the Nomad job configuration, but it does not appear on the dashboard and I don't see any error messages within the server logs.

This is my traefik.toml:

[entryPoints]
  [entryPoints.http]
    address = ":80"
  [entryPoints.https]
    address = ":443"

[api]
  dashboard = true

[certificatesresolvers.tls-resolver.acme]
  email = "..."
  storage = "/acme/acme.json"

  [certificatesresolvers.tls-resolver.acme.dnsChallenge]
    provider = "acme-dns"

[http.routers.nomad-ui]
  entryPoints = ["https"]
  rule = "Host(`nomad.domain.com`)"
  service = "nomad-client@consulcatalog"

  [http.routers.nomad-ui.tls]
    certResolver = "tls-resolver"

    [[http.routers.nomad-ui.tls.domains]]
      main = "domain.com"
      sans = ["*.domain.com"]

[providers.consulCatalog]
  prefix = "traefik"
  exposedByDefault = false

  [providers.consulCatalog.endpoint]
    address = "127.0.0.1:8500"
    scheme = "http"

    [providers.consulCatalog.endpoint.tls]
      insecureSkipVerify = true

I first thought the consulCatalog might overwrite the configuration for the router, but even after I changed the name to nomad-ui it did not appear. Something I also tried (which works for the Traefik dashboard itself and a few other services) is to add tags to the Nomad configuration to configure the router, but that leads to duplicate router definitions as the tags are added to both services (nomad and nomad-client).

Any ideas on how I could fix this? My main goal is to use the SSL certificate for the Nomad UI and use it on a subdomain. Does Traefik even support mixing static and dynamic routers?

Got it! I removed the router definition from the traefik.toml and moved it to the tags of the Nomad job instead. This way Consul will pick it up and send it to Traefik. Here is the service stanza of my Traefik job:

service {
  name = "traefik"

  tags = [
    # Traefik dashboard router
    "traefik.enable=true",
    "traefik.port=9999",
    "traefik.http.routers.api.entrypoints=https",
    "traefik.http.routers.api.rule=Host(`traefik.domain.com`)",
    "traefik.http.routers.api.service=api@internal",
    "traefik.http.routers.api.middlewares=api-auth",
    "traefik.http.middlewares.api-auth.basicauth.users=user:password",
    "traefik.http.routers.api.tls.domains[0].main=domain.com",
    "traefik.http.routers.api.tls.domains[0].sans=*.domain.com",
    "traefik.http.routers.api.tls.certresolver=tls-resolver",

    # Nomad UI router
    "traefik.http.routers.nomad-ui.entrypoints=https",
    "traefik.http.routers.nomad-ui.rule=Host(`nomad.domain.com`)",
    "traefik.http.routers.nomad-ui.service=nomad-client@consulcatalog", # <<<<<<<<<<<<<<<<<<
    "traefik.http.routers.nomad-ui.tls.domains[0].main=domain.com",
    "traefik.http.routers.nomad-ui.tls.domains[0].sans=*.domain.com",
    "traefik.http.routers.nomad-ui.tls.certresolver=tls-resolver",

    # global redirection: http to https
    "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:(www\\.)?.+}`)",
    "traefik.http.routers.http-catchall.entrypoints=http",
    "traefik.http.routers.http-catchall.middlewares=wwwtohttps",

    # global redirection: https (www.) to https
    "traefik.http.routers.wwwsecure-catchall.rule=HostRegexp(`{host:(www\\.).+}`)",
    "traefik.http.routers.wwwsecure-catchall.entrypoints=https",
    "traefik.http.routers.wwwsecure-catchall.tls=true",
    "traefik.http.routers.wwwsecure-catchall.middlewares=wwwtohttps",

    # middleware: http(s)://(www.) to  https://
    "traefik.http.middlewares.wwwtohttps.redirectregex.regex=^https?://(?:www\\.)?(.+)",
    "traefik.http.middlewares.wwwtohttps.redirectregex.replacement=https://${1}",
    "traefik.http.middlewares.wwwtohttps.redirectregex.permanent=true",
  ]
1 Like