Second traefik instance struggle

Traefik Traefik v3 (latest)
1

Hi all
I have been struggling for three days with this issue and not sure how to deal with it. Decided to split my homelab into two clusters. One for internal and one for public. The internal is for development and my personal apps, while public is only for running websites. Each cluster is on a different network in OPNsense. I have even opened the network completely until I get things right, but I fail to get to the Traefik dashboard or whoami app. In my docker compose file, I changed the ports and the certresolver,.

In my internal network everything runs fine. I can reach the Traefik dashboard and whoami plus all my internal services via https. In public cluster I get 404 not found for Traefik and whoami. Thanx in advance. Here is my public compose file:


services:

  traefik:
    image: traefik:3.1.2-alpine 
    networks:
      - webnet
    ports:
      - 80:80
      - 443:443
      - 8081:8080
    command:
      - --api.dashboard=true
      - --log.level=INFO
      #- --log.filepath=/var/log/traefik.log
      - --accesslog=true
      #- --accesslog.filepath=/var/log/traefik-access.log
      - --providers.swarm.endpoint=unix:///var/run/docker.sock
      - --providers.swarm=true
      - --providers.swarm.network=webnet
      - --providers.swarm.exposedByDefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entryPoints.web.http.redirections.entrypoint.scheme=https
      - --entryPoints.web.http.redirections.entrypoint.permanent=true
      - --entrypoints.websecure.address=:443
      - --entrypoints.dashboard.address=:8081
      # remove next line when using Traefik v2
      - --entrypoints.websecure.asDefault=true 
      - --entrypoints.websecure.http.tls.certresolver=webresolver
      - --certificatesresolvers.webresolver.acme.email=mymail@mailserver.com
      - --certificatesresolvers.webresolver.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.webresolver.acme.tlschallenge=true
      # - --certificatesresolvers.webresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.webresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
    deploy:
      mode: global
      placement:
        constraints:
          - node.role==manager
      labels:
        - traefik.enable=true
        - traefik.http.routers.dashboard.rule=Host(`proxy.example.com`)
        - traefik.http.routers.dashboard.service=api@internal
        - traefik.http.services.dashboard.loadbalancer.server.port=8080
        - traefik.http.routers.dashboard.middlewares=myauth
        - traefik.http.middlewares.myauth.basicauth.users=username:authid
    volumes:
      - ./traefik/logs:/var/log
      - ./data/traefik/ssl/acme.json:/letsencrypt/acme.json
      - /var/run/docker.sock:/var/run/docker.sock:ro

  whoami:
    image: traefik/whoami
    networks:
      - webnet
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
        - "traefik.http.services.whoami.loadbalancer.server.port=80"
        - "traefik.http.routers.whoami.entrypoints=websecure"
        - traefik.http.routers.whoami.middlewares=myauth
        - traefik.http.middlewares.myauth.basicauth.users=username:authid
      mode: replicated
      replicas: 3
      placement:
        # max_replicas_per_node: 1
        constraints:
          - "node.role==worker"

networks:
  webnet:
    external: true
2

You got two networks. You also use two separate Swarms? Separate reverse proxies?

3

Hi bluepuma77
The idea is to have two totally separate, independent swarm clusters and a Traefik instance for each. One must solely deal with internal and development apps while the other is only for web hosting. While they share the same firewall, they are on separate networks (LAN = 192.168.x.x, PUBLIC = 172.x.x.x and BACKEND (storage, dataabses, backups, etc) = 10.x.x.x). Each network has its own servers. Only my laptop and development pc can access all networks via rules set in firewall.
The Traefik dashboard on the dev network gets a letsencrypt certificate and is reachable. The instance on the public network gives 404 not found error and the dashboard cannot be reached. Whoami also can't be reached.
Thank you