Service configuration problems with Home Assistant

Traefik Traefik v2
1

So I just finally migrated to v2 on my Docker setup at home, and I'm reasonably sure that this is a bug, but I just wanted to make sure before I open an issue on Github.

Home Assistant is set up in docker as using the host network, and for that reason Traefik can't get an IP from Docker (it can reach it just fine though), so I need to setup the service manually. Which works if I specify it in a file, but not in docker.

My labels look like this:

 labels:
  - traefik.enable=true
  - traefik.http.services.homeassistant.loadbalancer.server.port=8123
  - traefik.http.services.homeassistant.loadbalancer.server.url=`http://some-ip:8123`
  - traefik.http.routers.homeassistant.entryPoints=https
  - traefik.http.routers.homeassistant.rule=Host(`hass.${DOMAIN}`)
  - traefik.http.routers.homeassistant.service=homeassistant
  - traefik.http.routers.homeassistant.middlewares=without-sso@file
  - traefik.http.routers.homeassistant.tls=true
  - traefik.http.routers.homeassistant.tls.certResolver=letsencrypt

With this configuration, I can see in the access logs that it tries to access http://127.0.0.1:8123

172.19.0.1 - - [26/Oct/2019:17:12:48 +0000] "GET / HTTP/2.0" 502 11 "-" "-" 260 "homeassistant@docker" "http://127.0.0.1:8123" 0ms
172.19.0.1 - - [26/Oct/2019:17:12:50 +0000] "GET /service_worker.js HTTP/2.0" 502 11 "-" "-" 261 "homeassistant@docker" "http://127.0.0.1:8123" 0ms

However if I specify it in the dynamic configuration, like this:

  [http.routers.hass]
    entryPoints = ["https"]
    middlewares = ["without-sso"]
    rule = "Host(`hass.my.domain`)"
    service = "hass"
    [http.routers.hass.tls]
      certResolver = "letsencrypt"
  [http.services.hass.loadBalancer]
    [[http.services.hass.loadBalancer.servers]]
      url = "http://some-ip:8123"
      port = 8123

It works just fine.

For reference the relevant middleware configuration:

[http.middlewares]
  [http.middlewares.without-sso.chain]
    middlewares = ["httpsredirect", "compression", "security-headers"]

  [http.middlewares.compression.compress]

  [http.middlewares.security-headers.headers]
    BrowserXssFilter = true
    ContentTypeNosniff = true
    ForceSTSHeader = true
    FrameDeny = true
    SSLRedirect = true
    STSIncludeSubdomains = true
    STSPreload = true
    STSSeconds = 315360000

  [http.middlewares.httpsredirect.redirectScheme]
    scheme = "https"
2

What I did for home assistant was to create a macvlan network for it, then put the home assistant container on both the network that traefik watches as well as macvlan:

services:
  homeassistant:
    image: homeassistant/home-assistant:0.100.3
    networks:
      - macvlan
      - traefik_proxy

networks:
  traefik_proxy:
    external:
      name: traefik_proxy
  default:
    driver: bridge
  macvlan:
    driver: macvlan
    driver_opts:
      parent: eno1
    ipam:
      config:
        - subnet: 10.0.10.0/24
1 Like
3

Thanks for the tip on macvlan, that seems to be the way to go, but it doesn't entirely work the way I expect it to, because depending on whether or not traefik's accesslog is set to true, traefik either chooses the address on the macvlan network(corresponding to my hosts IP, which no longer responds with the macvlan configuration) or the network traefik is monitoring (which works fine).

I'll have to look into this more when I have time again, meanwhile I think I'll open an issue on Github regarding the configuration part, that part still doesn't seem intended even if I could work around it with your suggestion.

Edit: The docs actually doesn't mention the URL as a valid label for docker, so I guess it's intended after all.