I'm using traefik for over a year and is working great, but i have trouble making it run in swarm mode.
My setup
I have a docker swarm with 1 manager and 1 worker. Both are on an overlay network called "traefik_net"
Traefik run on the manager node and my web apps on the worker.
The issue
Service discovery work perfectly fine, the only issue is that i cannot access my services if deployed on the worker node, if i deploy them on the manager node i can access them.
If i try to access my webapp it load for few seconds and my browser return a 400 error.
What i've tryed
- From within the traefik container I can make a wget on a service running in the worker node therefore i assume that the swarm network is working well.
- Running my apps on the manager node, work well.
- Look at traefik log on DEBUG mode, there is none when i try to access my service.
- In the dasboard my services have correct IP:PORT in the 'Servers' section
- As it work if my services run on the manager i assume my docker compose is correct.
Docker compose
Traefik
version: '3.8'
services:
traefik:
image: traefik:latest
restart: always
ports:
- "80:80"
- "443:443"
- "8080:8080"
environment:
- OVH_APPLICATION_KEY=x
- OVH_ENDPOINT=ovh-eu
- OVH_CONSUMER_KEY=x
- OVH_APPLICATION_SECRET=x
command:
- --api.insecure=true
- --api.dashboard=true
- --api.debug=true
- --log.level=DEBUG
- --providers.docker=true
- --providers.docker.swarmMode=true
- --providers.docker.network=traefik_net
- --providers.docker.exposedByDefault=false
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --entrypoints.http.http.redirections.entrypoint.to=https
- --entrypoints.http.http.redirections.entrypoint.scheme=https
- --providers.docker.network=traefik_net
- --certificatesresolvers.sslresolver.acme.dnschallenge=true
- --certificatesresolvers.sslresolver.acme.dnschallenge.provider=ovh
- --certificatesresolvers.sslresolver.acme.email=x
- --certificatesresolvers.sslresolver.acme.storage=/letsencrypt/acme.json
deploy:
mode: global
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.entrypoints=https"
- "traefik.http.routers.dashboard.tls.certresolver=sslresolver"
- "traefik.http.routers.dashboard.rule=Host(`MY_DOMAIN`)"
- "traefik.http.services.dumy.loadbalancer.server.port=9999"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=auth"
networks:
- traefik_net
extra_hosts:
- "host.docker.internal:host-gateway"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- .:/traefik
- ./letsencrypt:/letsencrypt
networks:
traefik_net:
external: true
Wep app
version: '3.8'
services:
foxtv:
env_file: .env
image: "registry.gitlab.com/..."
command: npm run start
deploy:
replicas: 1
labels:
- traefik.enable=true
- traefik.http.routers.foxtv.rule=Host(`MY_DOMAIN`)
- traefik.http.routers.foxtv.tls.certresolver=sslresolver
- traefik.http.routers.foxtv.service=foxtv
- traefik.http.services.foxtv.loadbalancer.server.port=3010
networks:
- traefik_net
Thank you in advance for your help !