The situation:
We have a VPS with multiple services on it. We want to access them using subdomains. In this case that would be registry.<company>.com and gitlab.<company name>.com. The servers have their own SSL certificates and they are confirmed to be working properly.
I setup the following for the registry server:
- "traefik.enable=true"
- "traefik.tcp.routers.registry.rule=HostSNI(`registry.<company name>.com`)"
- "traefik.tcp.routers.registry.entrypoints=websecure"
- "traefik.tcp.routers.registry.tls=true"
- "traefik.tcp.routers.registry.tls.passthrough=true"
- "traefik.tcp.routers.registry.service=registry"
- "traefik.tcp.services.registry.loadbalancer.server.port=5000"
This works fine which is great! However trouble starts as soon as I add the Gitlab server to the mix.
The gitlab server has the following labels:
- "traefik.enable=true"
- "traefik.tcp.routers.gitlab.rule=HostSNI(`gitlab.<company name>.com`)"
- "traefik.tcp.routers.gitlab.entrypoints=websecure"
- "traefik.tcp.routers.gitlab.tls=true"
- "traefik.tcp.routers.gitlab.tls.passthrough=true"
- "traefik.tcp.routers.gitlab.service=gitlab"
- "traefik.tcp.services.gitlab.loadbalancer.server.port=443"
Looking at the dashboard, everything is fine. The services and routers show up on the Traefik dashboard without errors.
However when attempting to connect, for some reason sometimes I get to the gitlab server and other times I get to the registry server...
I am probably missing something, but I haven't been able to find it on my self.
Share your full Traefik static and dynamic config, and docker-compose.yml if used.
For some reason the first link I visit will dictate the repose the other link will give. So I had gitlab accessed in one browser, and the registry in another....
Traefik docker compose:
version: "3.3"
networks:
# This allows other containers to connect to it.
t-net:
external: true
services:
traefik:
image: "traefik:v2.10"
container_name: "traefik"
command:
# - "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--providers.file.directory=/etc/traefik/dynamic"
ports:
- "80:80"
- "443:443"
expose:
- 8080
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- ./dynamic:/etc/traefik/dynamic
- ./certs:/etc/certs
networks:
- t-net
Registry:
networks:
t-net:
external: true
services:
registry:
image: registry:2
environment:
- REGISTRY_HTTP_ADDR=0.0.0.0:5000
- REGISTRY_HTTP_TLS_CERTIFICATE=/certs/gitlab.<company>.com.crt
- REGISTRY_HTTP_TLS_KEY=/certs/gitlab.<company>.com.key
volumes:
- ./data:/var/lib/registry
- /srv/gitlab/config/ssl:/certs
expose:
- 5000
networks:
- t-net
labels:
- "traefik.enable=true"
- "traefik.tcp.routers.registry.rule=HostSNI(`registry.<company>.com`)"
- "traefik.tcp.routers.registry.entrypoints=websecure"
- "traefik.tcp.routers.registry.tls=true"
- "traefik.tcp.routers.registry.tls.passthrough=true"
- "traefik.tcp.routers.registry.service=registry"
- "traefik.tcp.services.registry.loadbalancer.server.port=5000"
Gitlab:
version: '3.6'
networks:
t-net:
external: true
services:
gitlab:
image: gitlab/gitlab-ee:latest
container_name: gitlab_server
hostname: vpshost2.<company>.local.com
restart: always
expose:
- 80
- 443
ports:
- 22:22
volumes:
- /srv/gitlab/config:/etc/gitlab
- /srv/gitlab/logs:/var/log/gitlab
- /srv/gitlab/data:/var/opt/gitlab
shm_size: 256m
networks:
- t-net
labels:
- "traefik.enable=true"
- "traefik.tcp.routers.gitlab.rule=HostSNI(`gitlab.<company>.com`)"
- "traefik.tcp.routers.gitlab.entrypoints=websecure"
- "traefik.tcp.routers.gitlab.tls=true"
- "traefik.tcp.routers.gitlab.tls.passthrough=true"
- "traefik.tcp.routers.gitlab.service=gitlab"
- "traefik.tcp.services.gitlab.loadbalancer.server.port=443"