Service configuration problems with Home Assistant

So I just finally migrated to v2 on my Docker setup at home, and I'm reasonably sure that this is a bug, but I just wanted to make sure before I open an issue on Github.

Home Assistant is set up in docker as using the host network, and for that reason Traefik can't get an IP from Docker (it can reach it just fine though), so I need to setup the service manually. Which works if I specify it in a file, but not in docker.

My labels look like this:

  - traefik.enable=true
  - traefik.http.routers.homeassistant.entryPoints=https
  - traefik.http.routers.homeassistant.rule=Host(`hass.${DOMAIN}`)
  - traefik.http.routers.homeassistant.service=homeassistant
  - traefik.http.routers.homeassistant.middlewares=without-sso@file
  - traefik.http.routers.homeassistant.tls=true
  - traefik.http.routers.homeassistant.tls.certResolver=letsencrypt

With this configuration, I can see in the access logs that it tries to access - - [26/Oct/2019:17:12:48 +0000] "GET / HTTP/2.0" 502 11 "-" "-" 260 "homeassistant@docker" "" 0ms - - [26/Oct/2019:17:12:50 +0000] "GET /service_worker.js HTTP/2.0" 502 11 "-" "-" 261 "homeassistant@docker" "" 0ms

However if I specify it in the dynamic configuration, like this:

    entryPoints = ["https"]
    middlewares = ["without-sso"]
    rule = "Host(``)"
    service = "hass"
      certResolver = "letsencrypt"
      url = "http://some-ip:8123"
      port = 8123

It works just fine.

For reference the relevant middleware configuration:

    middlewares = ["httpsredirect", "compression", "security-headers"]


    BrowserXssFilter = true
    ContentTypeNosniff = true
    ForceSTSHeader = true
    FrameDeny = true
    SSLRedirect = true
    STSIncludeSubdomains = true
    STSPreload = true
    STSSeconds = 315360000

    scheme = "https"

What I did for home assistant was to create a macvlan network for it, then put the home assistant container on both the network that traefik watches as well as macvlan:

    image: homeassistant/home-assistant:0.100.3
      - macvlan
      - traefik_proxy

      name: traefik_proxy
    driver: bridge
    driver: macvlan
      parent: eno1
        - subnet:
1 Like

Thanks for the tip on macvlan, that seems to be the way to go, but it doesn't entirely work the way I expect it to, because depending on whether or not traefik's accesslog is set to true, traefik either chooses the address on the macvlan network(corresponding to my hosts IP, which no longer responds with the macvlan configuration) or the network traefik is monitoring (which works fine).

I'll have to look into this more when I have time again, meanwhile I think I'll open an issue on Github regarding the configuration part, that part still doesn't seem intended even if I could work around it with your suggestion.

Edit: The docs actually doesn't mention the URL as a valid label for docker, so I guess it's intended after all.