I am setting up traefik on a swarm for the first time, have set it up for simple configurations before. I'm currently running traefik from docker stack deploy -c docker-compose.yml traefik with this docker-compose.yml:
services:
traefik:
image: traefik:1.7
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/etc/traefik/traefik.toml
- ./acme.json:/certificates/acme.json
networks:
- traefik-public
- webgateway
ports:
- target: 80
published: 80
- target: 443
published: 443
- target: 8080
published: 8080
mode: host
deploy:
mode: global
placement:
constraints:
- node.role == manager
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
labels:
traefik.enable: 1
traefik.port: 8080
traefik.frontend.rule: "Host:traefik.{snip}"
traefik.backend: traefik
traefik.docker.network: webgateway
env_file: ./traefikenv
secrets:
- cf_api_email
- cf_api_key
networks:
traefik-public:
driver: overlay
external: true
webgateway:
driver: overlay
external: true
secrets:
cf_api_email:
external: true
cf_api_key:
external: true
All references to the actual domain replaced with {snip}.
This is the traefik.toml:
logLevel = "DEBUG"
[api]
debug = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "mymail@example.com"
storage = "/certificates/acme.json"
entryPoint = "https"
[acme.dnsChallenge]
provider = "cloudflare"
delayBeforeCheck = 30
[[acme.domains]]
main = "*.{snip}"
[[acme.domains]]
main = "{snip}"
[docker]
swarmMode = true
watch = true
exposedByDefault=true
network = "webgateway"
domain = "{snip}"
Traefik starts up without any errors and does all the tls stuff and https redirecting, but when trying to access the dashboard through traefik.{snip} I'm greeted with traefik's 404 error page.
Here are some relevant log rows:
time="2019-08-18T11:50:53Z" level=debug msg="allLabelsmap[:map[traefik.backend:traefik traefik.docker.network:webgateway traefik.enable:1 traefik.frontend.rule:Host:traefik.{snip} traefik.port:8080]]",
time="2019-08-18T11:50:53Z" level=debug msg="originLabelsmap[com.docker.stack.image:traefik:1.7 com.docker.stack.namespace:traefik traefik.backend:traefik traefik.docker.network:webgateway traefik.enable:1 traefik.frontend.rule:Host:traefik.{snip} traefik.port:8080]",
time="2019-08-18T11:49:38Z" level=debug msg="Backend backend-traefik: no load-balancer defined, fallback to 'wrr' method"
These get repeated with the same values a few times as well.
So yeah, no idea why it's not working at this point. I've got some suspicions but no idea how to verify them. In one of my other setups(not on swarm) my frontends are labeled as having both http and https endpoints in the traefik dashboard, but the ones I'm setting up now on this swarm are labeled only with http. There really isn't any configuration differences between them except for swarm though so I don't know why they wouldn't be labeled with https as well.
edit1: the "webgateway" network has Scope: swarm, Driver: overlay and Host:{same as traefik container}