Traefik 1.7 to 2.0 Docker for Windows

Iosif · September 30, 2019, 9:08am

Hi all,

I know that I've struggled quite some time to make this work on 1.7 due to the fact that I'm using Docker for Windows so before I start messing up my configuration I thought to ask for help of some wiser people than me

Compose.yml extract (only traefik and another 2 containers as an example)

traefik:
image: 'traefik:v1.7.16'
container_name: traefik
hostname: traefik
ports:
- '80:80'
- '8080:8080'
- '443:443'
volumes:
- '.\traefik:/etc/traefik'
- '/var/run/docker.sock:/var/run/docker.sock'
- '.\traefik\rules.toml:/etc/traefik/rules.toml'
env_file:
- .env
restart: unless-stopped
domainname: '${ZONE}'
environment:
- 'CF_API_EMAIL=${EMAIL}'
- 'CF_API_KEY=${API_KEY}'
- com.ouroboros.enable=true
- TZ=Europe/Bucharest
labels:
- traefik.enable=true
- traefik.backend=traefik
- traefik.port=8080
- traefik.frontend.headers.SSLRedirect=true
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.contentTypeNosniff=true
- traefik.frontend.headers.forceSTSHeader=true
- traefik.frontend.headers.SSLHost=example.com
- traefik.frontend.headers.STSIncludeSubdomains=true
- traefik.frontend.headers.STSPreload=true
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.passHostHeader=true
- 'traefik.frontend.rule=Host:traefik.localhost'
command: '--acme.storage=/acme.json'
bazarr:
image: 'linuxserver/bazarr:latest'
container_name: bazarr
hostname: bazarr
volumes:
- '.\bazarr\config:/config'
- 'F:\Download\TvSeries\:/series/'
- 'F:\Download\Action:/action/'
ports:
- '6767:6767'
environment:
- TZ=Europe/Bucharest
- com.ouroboros.enable=true
restart: unless-stopped
labels:
- 'traefik.frontend.rule=Host:bazarr.DOMAIN.com'
- traefik.frontend.passHostHeader=true
- traefik.enable=true
- traefik.port=6767
- traefik.backend=bazarr
chronograf:
image: 'chronograf:latest'
container_name: chronograf
hostname: chronograf
ports:
- '8888:8888'
volumes:
- '.\chronograf:/var/lib/chronograf'
env_file:
- .env
environment:
- 'TZ=${TZ}'
- com.ouroboros.enable=true
restart: unless-stopped
labels:
- 'traefik.frontend.rule=Host:chronograf.localhost'
- traefik.backend=chronograf

traefik.toml configuration file:

logLevel = "INFO" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC
InsecureSkipVerify = true 
defaultEntryPoints = ["https", "http"]

# WEB interface of Traefik - it will show web page with overview of frontend and backend configurations 
[api]
	entryPoint = "traefik"
	dashboard = true
	address = ":8080"

# Force HTTPS
[entryPoints]
	[entryPoints.http]
		address = ":80"
    [entryPoints.http.redirect]
    	entryPoint = "https"
	[entryPoints.https]
		address = ":443"
    [entryPoints.https.tls]

# Let's encrypt configuration
[acme]
	acmeLogging=true 
	email = "EMAIL@gmail.com" #any email id will work
	storage="/acme.json"
	entryPoint = "https"

[acme.dnsChallenge]
	provider = "cloudflare"
    delayBeforeCheck = "120"
	resolvers = ["1.1.1.1:53"]
#	onHostRule = true

#[[acme.domains]]
#	main = "DOMAIN.com"
[[acme.domains]]
	main = "*.DOMAIN.com"
	sans = ["DOMAIN.com"]
   
# Connection to docker host system (docker.sock)
[docker]
	endpoint = "unix:///var/run/docker.sock"
	domain = "DOMAIN.com"
	watch = true
# This will hide all docker containers that don't have explicitly  
# set label to "enable"
	exposedbydefault = true

[file]
  watch = true
  filename = "/etc/traefik/rules.toml"

rules.toml content for two services outside Docker:

[entryPoints]
[entryPoints.http]
address = ":8080"
[frontends]
[frontends.sonarr]
backend = "sonarr"
[frontends.sonarr.routes.test_1]
rule = "Host:sonarr.DOMAIN.com"
[frontends.radarr]
backend = "radarr"
[frontends.radarr.routes.test_1]
rule = "Host:radarr.DOMAIN.com"
[backends]
[backends.sonarr]
[backends.sonarr.servers.server1]
url = "http://192.168.0.55:8989"
[backends.radarr]
[backends.radarr.servers.server1]
url = "http://192.168.0.55:20000"

As per everyone's suggestions I started working on a new traefik.yml config file. Here's what I have so far plus som explanations.

Traefik dashboard must be accessible without credentials only from inside the LAN. This is how 1.7 was configured.
For HTTPS purposes I need wildcard and cloudflare, hence I used DNSchallenge in 1.7.
Each container used to have some labels, not all containers need to be exposed to the internet. I would like to retain this behaviour.
I don't use any auth middleware currently. What doesn't have a password is localhost based.

For subdomain (outside of LAN)

labels:
- 'traefik.frontend.rule=Host:bazarr.DOMAIN.com'
- traefik.frontend.passHostHeader=true
- traefik.enable=true
- traefik.port=6767
- traefik.backend=bazarr

For local subdomains (inside LAN only):

labels:
- 'traefik.frontend.rule=Host:chronograf.localhost'
- traefik.backend=chronograf

I started configuring the new container based on traefik 2.0.1 and here's what I have:

global:
  checkNewVersion: true
  sendAnonymousUsage: false
serversTransport:
  insecureSkipVerify: true
entryPoints:
  http:
    address: :80
  https:
    address: :443
providers:
  providersThrottleDuration: 2s
  docker:
    watch: true
    endpoint: unix:///var/run/docker.sock
    exposedByDefault: false
    swarmModeRefreshSeconds: 15s
  file:
    watch: true
    filename: /etc/traefik/rules.toml
api:
  insecure: true
  dashboard: true
log:
  level: DEBUG
certificatesResolvers:
  default:
    acme:
      email: EMAIL@gmail.com
      storage: /acme.json
      dnsChallenge:
        provider: cloudflare
        delayBeforeCheck: 2m0s
        resolvers:
        - 1.1.1.1:53

I'm at loss on how to finish this thing as V2 is so different vs V1.
So far the dashboard is accessible, however the certificate are not obtained and I have no idea how to integrate the content of rules.toml in the new config file.

Could someone here point me to the right way ? Discord and slack available if needed.

Iosif · September 30, 2019, 1:11pm

Thought to be more clear about the desired result of my config:

Traefik dashboard must be accessible without credentials only from inside the LAN. This is how 1.7 was configured.
I would like HTTPS certificate tyo be wildcard (one for all the subdomains) as in 1.7.
Each container used to have some labels, not all containers need to be exposed to the internet. I would like to retain this behaviour. If someone could help me with the needed labels for both cases (LAN like this, outside LAN like this).
I don't use any auth middleware currently. What doesn't have a password is localhost based.
I would like to have only traefik.yml file if possible, which means that (again if possible) I would like to move the functionality of rules.toml inside traefik.yml (2 services outside Docker)
I used the migration tool for the config file but I still miss some stuff as the only things working are the fact that the container starts and the dashboard is accessible.

Many thanks for all the help.

zespri · September 30, 2019, 7:17pm

Your rules.toml used to have entrypoits, and some routing rules.

You can read about entrypoints here and about routing rules here.

I also advise reading all the documentation from start to finish. It will walk you trough all the concepts required to configure traefik v2. If you do not you'll have hard time configuring anything at all.

After you've been through it if you have any particular questions, or anything not working as you'd expect please post your v2 configuration (both static and dynamic), logs, and what's not right.

It's better to focus on particular issues and work through them.

Hope that gets you started, good luck!

Iosif · September 30, 2019, 7:37pm

So basically I need to config files. One for static (docker and let'sencrypt) and one dynamy for https redirect and the capabilities from the old rules.toml file? I already read through the documentation, but if v1 was readable for a noob, v2 is way more complicated. Sorry for my ignorance.

zespri · September 30, 2019, 7:59pm

There are many ways to slice a cat. I find it useful to start with something and then modify it when something does not work. For you I'd recommend to start with basic example. In this case you are using command line flags for static configuration (not file) and docker label for dynamic configuration (not file), but you can add files later if at any point you feel you need them. Remember though, that you cannot mix static configuration, so if you ever switch to a file, make sure to remove it from the command line!

I do understand that it may be difficult to get started. Just break down your migration tasks to smaller chunks. (Like, "get dashboard working", "get let's encrypt working", "get that app working", etc, what fits you), and work on them once at a time.

Iosif · October 1, 2019, 11:59am

ok, after I put together everything I managed to find from the official documentation and from other forum examples, here's what I have so far.
For the moment my approach is to stop the traefik 1.7 container and start another one based on 2.0.1 for tests until I have a working environment again.

Below is my current compose file with traefik and a guinea pig container.

  bazarr:
    image: 'linuxserver/bazarr:latest'
    container_name: bazarr
    hostname: bazarr
    volumes:
      - '.\bazarr\config:/config'
    ports:
      - '6767:6767'
    environment:
      - TZ=Europe/Bucharest
      - com.ouroboros.enable=true
    restart: unless-stopped
    env_file:
      - .env
    labels:
#      - 'traefik.frontend.rule=Host:bazarr.DOMAIN.com'
#      - traefik.frontend.passHostHeader=true
#      - traefik.enable=true
      - traefik.port=6767
#      - traefik.backend=bazarr
      - "traefik.enable=true"
      - "traefik.http.routers.bazarr_http.rule=Host(`bazarr.DOMAIN.com`)"
      - "traefik.http.routers.bazarr_http.entrypoints=http"
      - "traefik.http.routers.bazarr_http.middlewares=redirect-https-bazarr"
      - "traefik.http.middlewares.redirect-https-bazarr.redirectscheme.scheme=https"
      - "traefik.http.routers.bazarr_https.rule=Host(`bazarr.DOMAIN.com`)"
      - "traefik.http.routers.bazarr_https.entrypoints=https"
      - "traefik.http.routers.bazarr_https.tls=true"
      - "traefik.http.routers.bazarr_https.tls.certResolver=letsencrypt"    
      - "traefik.http.services.bazarr.loadbalancer.server.port=6767"  
  traefik_2.0.1:
    image: traefik
    container_name: traefik_2.0
    hostname: traefik_2.0
    ports:
      - '443:443'
      - '80:80'
      - '8080:8080'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
      - '.\traefik_2.0.1\traefik.yml:/etc/traefik/traefik.yml'
    env_file:
      - .env
    restart: unless-stopped
    domainname: '${ZONE}'
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik_https.rule=Host(`traefik.localhost`)"
      - "traefik.http.routers.traefik_https.entrypoints=https"
      - "traefik.http.routers.traefik_https.tls=true"
      - "traefik.http.routers.traefik_https.tls.certResolver=letsencrypt"
      - "traefik.http.routers.traefik_https.service=api@internal"
      - "traefik.http.routers.http_traefik.rule=Host(`traefik.localhost`)"
      - "traefik.http.routers.http_traefik.entrypoints=http"
      - "traefik.http.routers.http_traefik.middlewares=https_redirect"
      - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
    environment:
      - 'CF_API_EMAIL=${EMAIL}'
      - 'CF_API_KEY=${API_KEY}'
      - com.ouroboros.enable=true
      - TZ=Europe/Bucharest
    command:
      - '--acme.storage=/acme.json'
      - '--log.level=DEBUG'
      - '--log.filePath=/traefik.log'
      - '--log.format=json'
      - '--global.checkNewVersion=true'
      - '--global.sendAnonymousUsage=false'
      - '--entryPoints.http.address=:80'
      - '--entryPoints.https.address=:443'
      - '--api'
      - '--ping'
      - '--certificatesResolvers.letsencrypt.acme.email="EMAIL@gmail.com"'
      - '--certificatesResolvers.letsencrypt.acmestorage="acme.json"'
      - '--certificatesResolvers.letsencrypt.acme.dnsChallenge.provider="cloudflare"'
      - '--providers.docker.exposedByDefault=false'
      - '--providers.docker.watch=true'
      - '--providers.docker.swarmMode=false'

Dashboard available, and Bazarr service looks ok.
9 Routers, 7 Services and 2 Middlewares. To be noted that only one (bazarr) container is setup for traefik 2.0

No errors across the dashboard, but certificates are not being fetched.

Here's my latest log since the last restart of the container.

time="2019-10-01T14:47:03+03:00" level=info msg="Server stopped",
time="2019-10-01T14:47:03+03:00" level=info msg="Shutting down",
time="2019-10-01T14:47:11+03:00" level=info msg="Configuration loaded from file: /etc/traefik/traefik.yml",
time="2019-10-01T14:47:11+03:00" level=info msg="Traefik version 2.0.1 built on 2019-09-26T16:18:03Z",
time="2019-10-01T14:47:11+03:00" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"insecureSkipVerify\":true,\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"http\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}},\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}},\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":15000000000},\"file\":{\"watch\":true,\"filename\":\"/etc/traefik/rules.toml\"}},\"api\":{\"insecure\":true,\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"certificatesResolvers\":{\"default\":{\"acme\":{\"email\":\"EMAIL@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\",\"delayBeforeCheck\":120000000000,\"resolvers\":[\"1.1.1.1:53\"]}}}}}",
time="2019-10-01T14:47:11+03:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/v2.0/contributing/data-collection/\n",
time="2019-10-01T14:47:11+03:00" level=debug msg="No default certificate, generating one",
time="2019-10-01T14:47:11+03:00" level=info msg="Starting provider aggregator.ProviderAggregator {}",
time="2019-10-01T14:47:11+03:00" level=debug msg="Start TCP Server" entryPointName=https,
time="2019-10-01T14:47:11+03:00" level=debug msg="Start TCP Server" entryPointName=traefik,
time="2019-10-01T14:47:11+03:00" level=debug msg="Start TCP Server" entryPointName=http,
time="2019-10-01T14:47:11+03:00" level=info msg="Starting provider *file.Provider {\"watch\":true,\"filename\":\"/etc/traefik/rules.toml\"}",
time="2019-10-01T14:47:11+03:00" level=error msg="Cannot start the provider *file.Provider: error reading configuration file: /etc/traefik/rules.toml - open /etc/traefik/rules.toml: no such file or directory",
time="2019-10-01T14:47:11+03:00" level=info msg="Starting provider *acme.Provider {\"email\":\"EMAIL@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\",\"delayBeforeCheck\":120000000000,\"resolvers\":[\"1.1.1.1:53\"]},\"ResolverName\":\"default\",\"store\":{},\"ChallengeStore\":{}}",
time="2019-10-01T14:47:11+03:00" level=info msg="Testing certificate renew..." providerName=default.acme,
time="2019-10-01T14:47:11+03:00" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":15000000000}",
time="2019-10-01T14:47:11+03:00" level=debug msg="Configuration received from provider default.acme: {\"http\":{},\"tls\":{}}" providerName=default.acme,
time="2019-10-01T14:47:11+03:00" level=debug msg="No default certificate, generating one",
time="2019-10-01T14:47:11+03:00" level=debug msg="Provider connection established with docker 19.03.2 (API 1.40)" providerName=docker,
time="2019-10-01T14:47:11+03:00" level=debug msg="Filtering disabled container" providerName=docker container=kibana-media-server-c1316fbc05f3a7eb527d270d1f1a037f84d0b8fff256f0abd5d5392bd8668291,
time="2019-10-01T14:47:11+03:00" level=debug msg="Filtering disabled container" providerName=docker container=filebeat-media-server-f80e988ab2b068b18cdc6fb193817361377435241652be1cf18f20b37346bae5,
time="2019-10-01T14:47:11+03:00" level=debug msg="Filtering disabled container" providerName=docker container=elasticsearch-media-server-48620b88fa282f6d4471f3ae2a36155d0e3c12d78dda63e59b49a1218e6111a8,
time="2019-10-01T14:47:11+03:00" level=debug msg="Filtering disabled container" container=ouroboros-media-server-2c373d7a804d3b62c02c16fe99dda574996cbe0f7bb0c004a245b8a1c41166df providerName=docker,
time="2019-10-01T14:47:11+03:00" level=debug msg="Filtering disabled container" container=chronograf-media-server-42f5ff510c4cae99e65defc4f42a9ce0c04466cda021117f9879cf3376f6504e providerName=docker,
time="2019-10-01T14:47:11+03:00" level=debug msg="Filtering disabled container" providerName=docker container=influxdb-telegraf-media-server-5ea37b993a0dfa03a961971d7ca28b8cd9cc745642de30e541963e2b03259c93,
time="2019-10-01T14:47:11+03:00" level=debug msg="Filtering disabled container" providerName=docker container=portainer-media-server-c5d350f8f78bd181729c91f52e3a9cbcfca18b4072c807a321307a5aca415a60,
time="2019-10-01T14:47:11+03:00" level=debug msg="Filtering disabled container" providerName=docker container=logarr-media-server-c7cf89bea2d8bc5b4ffbfc25ab4513b9e5ffb714ecb18f46b793a7bdf93fd7f5,
time="2019-10-01T14:47:11+03:00" level=debug msg="Filtering disabled container" providerName=docker container=cloudflare-ddns-media-server-c885127c8daf936bcec87b253a9aa404500bf662ff7c50f7e6fc63f898ae55c4,
time="2019-10-01T14:47:11+03:00" level=debug msg="Filtering disabled container" providerName=docker container=piholeinflux-media-server-462d6822c39e3da20a725b24ad3c60ed7a2a61d37a996f9bf33431aeceada7b9,
time="2019-10-01T14:47:11+03:00" level=debug msg="Configuration received from provider docker: {\"http\":{\"routers\":{\"bazarr_http\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"redirect-https-bazarr\"],\"service\":\"bazarr\",\"rule\":\"Host(`bazarr.DOMAIN.com`)\"},\"bazarr_https\":{\"entryPoints\":[\"https\"],\"service\":\"bazarr\",\"rule\":\"Host(`bazarr.DOMAIN.com`)\",\"tls\":{\"certResolver\":\"letsencrypt\"}},\"grafana-media-server\":{\"service\":\"grafana-media-server\",\"rule\":\"Host(`grafana-media-server`)\"},\"heimdall-media-server\":{\"service\":\"heimdall-media-server\",\"rule\":\"Host(`heimdall-media-server`)\"},\"http_traefik\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https_redirect\"],\"service\":\"traefik-2-0-1-media-server\",\"rule\":\"Host(`traefik.localhost`)\"},\"ombi-media-server\":{\"service\":\"ombi-media-server\",\"rule\":\"Host(`ombi-media-server`)\"},\"organizr-media-server\":{\"service\":\"organizr-media-server\",\"rule\":\"Host(`organizr-media-server`)\"},\"tautulli-media-server\":{\"service\":\"tautulli-media-server\",\"rule\":\"Host(`tautulli-media-server`)\"},\"traefik_https\":{\"entryPoints\":[\"https\"],\"service\":\"api@internal\",\"rule\":\"Host(`traefik.localhost`)\",\"tls\":{\"certResolver\":\"letsencrypt\"}}},\"middlewares\":{\"https_redirect\":{\"redirectScheme\":{\"scheme\":\"https\",\"permanent\":true}},\"redirect-https-bazarr\":{\"redirectScheme\":{\"scheme\":\"https\"}}},\"services\":{\"bazarr\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.7:6767\"}],\"passHostHeader\":true}},\"grafana-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.2:3000\"}],\"passHostHeader\":true}},\"heimdall-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.15:80\"}],\"passHostHeader\":true}},\"ombi-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.4:3579\"}],\"passHostHeader\":true}},\"organizr-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.18:80\"}],\"passHostHeader\":true}},\"tautulli-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.16:8181\"}],\"passHostHeader\":true}},\"traefik-2-0-1-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.8:80\"}],\"passHostHeader\":true}}}},\"tcp\":{}}" providerName=docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https traefik http]" routerName=heimdall-media-server@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https traefik http]" routerName=organizr-media-server@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https traefik http]" routerName=grafana-media-server@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https traefik http]" routerName=ombi-media-server@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https traefik http]" routerName=tautulli-media-server@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" routerName=http_traefik@docker serviceName=traefik-2-0-1-media-server entryPointName=http middlewareName=pipelining middlewareType=Pipelining,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating load-balancer" entryPointName=http routerName=http_traefik@docker serviceName=traefik-2-0-1-media-server,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating server 0 http://172.18.0.8:80" entryPointName=http routerName=http_traefik@docker serviceName=traefik-2-0-1-media-server serverName=0,
time="2019-10-01T14:47:12+03:00" level=debug msg="Added outgoing tracing middleware traefik-2-0-1-media-server" entryPointName=http routerName=http_traefik@docker middlewareName=tracing middlewareType=TracingForwarder,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" entryPointName=http routerName=http_traefik@docker middlewareName=https_redirect@docker middlewareType=RedirectScheme,
time="2019-10-01T14:47:12+03:00" level=debug msg="Setting up redirection to https " middlewareName=https_redirect@docker middlewareType=RedirectScheme entryPointName=http routerName=http_traefik@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="Adding tracing to middleware" entryPointName=http routerName=http_traefik@docker middlewareName=https_redirect@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" serviceName=organizr-media-server entryPointName=http middlewareName=pipelining middlewareType=Pipelining routerName=organizr-media-server@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating load-balancer" entryPointName=http routerName=organizr-media-server@docker serviceName=organizr-media-server,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating server 0 http://172.18.0.18:80" routerName=organizr-media-server@docker serviceName=organizr-media-server serverName=0 entryPointName=http,
time="2019-10-01T14:47:12+03:00" level=debug msg="Added outgoing tracing middleware organizr-media-server" entryPointName=http middlewareName=tracing middlewareType=TracingForwarder routerName=organizr-media-server@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" entryPointName=http middlewareName=pipelining middlewareType=Pipelining routerName=grafana-media-server@docker serviceName=grafana-media-server,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating load-balancer" routerName=grafana-media-server@docker serviceName=grafana-media-server entryPointName=http,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating server 0 http://172.18.0.2:3000" routerName=grafana-media-server@docker serviceName=grafana-media-server entryPointName=http serverName=0,
time="2019-10-01T14:47:12+03:00" level=debug msg="Added outgoing tracing middleware grafana-media-server" entryPointName=http middlewareName=tracing middlewareType=TracingForwarder routerName=grafana-media-server@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=http routerName=ombi-media-server@docker serviceName=ombi-media-server middlewareName=pipelining,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating load-balancer" entryPointName=http routerName=ombi-media-server@docker serviceName=ombi-media-server,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating server 0 http://172.18.0.4:3579" entryPointName=http routerName=ombi-media-server@docker serviceName=ombi-media-server serverName=0,
time="2019-10-01T14:47:12+03:00" level=debug msg="Added outgoing tracing middleware ombi-media-server" entryPointName=http routerName=ombi-media-server@docker middlewareName=tracing middlewareType=TracingForwarder,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" entryPointName=http routerName=tautulli-media-server@docker middlewareName=pipelining middlewareType=Pipelining serviceName=tautulli-media-server,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating load-balancer" serviceName=tautulli-media-server entryPointName=http routerName=tautulli-media-server@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating server 0 http://172.18.0.16:8181" serverName=0 entryPointName=http routerName=tautulli-media-server@docker serviceName=tautulli-media-server,
time="2019-10-01T14:47:12+03:00" level=debug msg="Added outgoing tracing middleware tautulli-media-server" middlewareName=tracing routerName=tautulli-media-server@docker entryPointName=http middlewareType=TracingForwarder,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" serviceName=bazarr routerName=bazarr_http@docker entryPointName=http middlewareName=pipelining middlewareType=Pipelining,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating load-balancer" routerName=bazarr_http@docker entryPointName=http serviceName=bazarr,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating server 0 http://172.18.0.7:6767" entryPointName=http serviceName=bazarr serverName=0 routerName=bazarr_http@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="Added outgoing tracing middleware bazarr" middlewareName=tracing middlewareType=TracingForwarder entryPointName=http routerName=bazarr_http@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=http routerName=bazarr_http@docker middlewareName=redirect-https-bazarr@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="Setting up redirection to https " entryPointName=http routerName=bazarr_http@docker middlewareName=redirect-https-bazarr@docker middlewareType=RedirectScheme,
time="2019-10-01T14:47:12+03:00" level=debug msg="Adding tracing to middleware" routerName=bazarr_http@docker middlewareName=redirect-https-bazarr@docker entryPointName=http,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" serviceName=heimdall-media-server middlewareName=pipelining middlewareType=Pipelining entryPointName=http routerName=heimdall-media-server@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating load-balancer" entryPointName=http routerName=heimdall-media-server@docker serviceName=heimdall-media-server,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating server 0 http://172.18.0.15:80" serviceName=heimdall-media-server entryPointName=http routerName=heimdall-media-server@docker serverName=0,
time="2019-10-01T14:47:12+03:00" level=debug msg="Added outgoing tracing middleware heimdall-media-server" entryPointName=http routerName=heimdall-media-server@docker middlewareName=tracing middlewareType=TracingForwarder,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" entryPointName=http middlewareName=traefik-internal-recovery middlewareType=Recovery,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery,
time="2019-10-01T14:47:12+03:00" level=debug msg="Added outgoing tracing middleware api@internal" middlewareType=TracingForwarder entryPointName=https routerName=traefik_https@docker middlewareName=tracing,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" serviceName=bazarr entryPointName=https routerName=bazarr_https@docker middlewareName=pipelining middlewareType=Pipelining,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating load-balancer" entryPointName=https routerName=bazarr_https@docker serviceName=bazarr,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating server 0 http://172.18.0.7:6767" entryPointName=https routerName=bazarr_https@docker serviceName=bazarr serverName=0,
time="2019-10-01T14:47:12+03:00" level=debug msg="Added outgoing tracing middleware bazarr" middlewareName=tracing middlewareType=TracingForwarder entryPointName=https routerName=bazarr_https@docker,
time="2019-10-01T14:47:12+03:00" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery,
time="2019-10-01T14:47:12+03:00" level=debug msg="No default certificate, generating one",
time="2019-10-01T14:47:12+03:00" level=error msg="the router traefik_https uses a non-existent resolver: letsencrypt",
time="2019-10-01T14:47:12+03:00" level=error msg="the router bazarr_https uses a non-existent resolver: letsencrypt",
time="2019-10-01T14:49:02+03:00" level=debug msg="Serving default certificate for request: \"bazarr.DOMAIN.com\"",
time="2019-10-01T14:49:02+03:00" level=debug msg="http: TLS handshake error from 172.18.0.1:45524: remote error: tls: unknown certificate",
time="2019-10-01T14:49:02+03:00" level=debug msg="Serving default certificate for request: \"bazarr.DOMAIN.com\"",
time="2019-10-01T14:49:02+03:00" level=debug msg="http: TLS handshake error from 172.18.0.1:45554: remote error: tls: unknown certificate",
time="2019-10-01T14:49:03+03:00" level=debug msg="Serving default certificate for request: \"bazarr.DOMAIN.com\"",
time="2019-10-01T14:49:03+03:00" level=debug msg="http: TLS handshake error from 172.18.0.1:45570: remote error: tls: unknown certificate",

Later Edit: Tried to fine tune the certificate part and try to put everything in a more orderly fashion and now bazarr dropped from the services list and I lost the middleware

Current compose status

  bazarr:
    image: 'linuxserver/bazarr:latest'
    container_name: bazarr
    hostname: bazarr
    volumes:
      - '.\bazarr\config:/config'
    ports:
      - '6767:6767'
    environment:
      - TZ=Europe/Bucharest
      - com.ouroboros.enable=true
    restart: unless-stopped
    env_file:
      - .env
    labels:
#      - 'traefik.frontend.rule=Host:bazarr.DOMAIN.com'
#      - traefik.frontend.passHostHeader=true
#      - traefik.enable=true
      - traefik.port=6767
#      - traefik.backend=bazarr
      - "traefik.enable=true"
      - "traefik.http.routers.bazarr_http.rule=Host(`bazarr.DOMAIN.com`)"
      - "traefik.http.routers.bazarr_http.entrypoints=http"
      - "traefik.http.routers.bazarr_http.middlewares=redirect-https-bazarr"
      - "traefik.http.middlewares.redirect-https-bazarr.redirectscheme.scheme=https"
      - "traefik.http.routers.bazarr_https.rule=Host(`bazarr.DOMAIN.com`)"
      - "traefik.http.routers.bazarr_https.entrypoints=https"
      - "traefik.http.routers.bazarr_https.tls=true"
      - "traefik.http.routers.bazarr_tls.certresolver=mydnschallenge"    
      - "traefik.http.services.bazarr.loadbalancer.server.port=6767"  
  traefik_2.0.1:
    image: traefik
    container_name: traefik_2.0
    hostname: traefik_2.0
    ports:
      - '443:443'
      - '80:80'
      - '8080:8080'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
      - '.\traefik_2.0.1\traefik.yml:/etc/traefik/traefik.yml'
    env_file:
      - .env
    restart: unless-stopped
    domainname: '${ZONE}'
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik_https.rule=Host(`traefik.localhost`)"
      - "traefik.http.routers.http_traefik.rule=Host(`traefik.localhost`)"      
      - "traefik.http.routers.http_traefik.entrypoints=http"      
      - "traefik.http.routers.traefik_https.entrypoints=https"
      - "traefik.http.routers.traefik_https.tls=true"
      - "traefik.http.routers.traefik_tls.certresolver=mydnschallenge"
      - "traefik.http.routers.traefik_https.service=api@internal"
      - "traefik.http.routers.http_traefik.middlewares=https_redirect"
      - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
    environment:
      - 'CF_API_EMAIL=${EMAIL}'
      - 'CF_API_KEY=${API_KEY}'
      - com.ouroboros.enable=true
      - TZ=Europe/Bucharest
    command:
      - '--acme.storage=/acme.json'
      - '--log.level=DEBUG'
      - '--log.filePath=/traefik.log'
      - '--log.format=json'
      - '--global.checkNewVersion=true'
      - '--global.sendAnonymousUsage=false'
      - '--entryPoints.http.address=:80'
      - '--entryPoints.https.address=:443'
      - '--api'
      - '--ping'
      - '--certificatesResolvers.mydnschallenge.acme.email="${EMAIL}"'
      - '--certificatesresolvers.mydnschallenge.acme.storage="acme.json"'
      - '--certificatesResolvers.mydnschallenge.acme.dnsChallenge.provider="cloudflare"'
      - '--certificatesResolvers.mydnschallenge.acme.dnsChallenge.entryPoint=web'
      - '--providers.docker.exposedByDefault=false'
      - '--providers.docker.watch=true'
      - '--providers.docker.swarmMode=false'

trajano · October 1, 2019, 2:24pm

How do you know the source IP to indicate that it is within the LAN? AFAIK, Docker Desktop's implementation (not docker-machine with VirtualBox) uses an Internal Switch which changes the IP address as such everything looks like it is internal.

Iosif · October 1, 2019, 3:20pm

I mean that I don't need to have it accessible from outside the house. Http://localhost:8080 is enough for my humble personal needs.

trajano · October 1, 2019, 3:24pm

Ok then that's the same as my swarm setup I just used port 44444 and 55555 (since I have public traefik and internal traefik)

This is the bit of code you're looking for for the local access. Note the mode: host is not needed, it was my attempt to get the source IP working before I realized how Docker for Windows is architected in a way that it makes it not possible.

github.com

trajano/trajano-swarm/blob/master/edge.yml#L15-L18

    
      
          - target: 8080
            published: 44444
            protocol: tcp
            # mode: host

Iosif · October 1, 2019, 3:54pm

Thanks but I just wanted to make clear the fact that I don't need to secure the traefik dashboard and I also don't need middlewares for basic http authentication. This part always worked without problems, even in the complicated 2.0.
My current problems would be

HTTP to HTTPS redirect
Certificates and their renewal (wildcard, cloudflare, DNS challenge).
And someone to double check my current config.

Iosif · October 2, 2019, 11:46am

According to whatever other examples I've found everythins is setup ok, but for some reasons my certificates are not being generated and I receive a resolver doesn't exist error.

latest log

time="2019-10-02T14:44:19+03:00" level=info msg="Shutting down",
time="2019-10-02T14:44:23+03:00" level=info msg="Configuration loaded from file: /etc/traefik/traefik.yml",
time="2019-10-02T14:44:23+03:00" level=info msg="Traefik version 2.0.1 built on 2019-09-26T16:18:03Z",
time="2019-10-02T14:44:23+03:00" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"insecureSkipVerify\":true,\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"http\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}},\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}},\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":15000000000},\"file\":{\"watch\":true,\"filename\":\"/etc/traefik/rules.toml\"}},\"api\":{\"insecure\":true,\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"certificatesResolvers\":{\"default\":{\"acme\":{\"email\":\"EMAIL@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\",\"delayBeforeCheck\":120000000000,\"resolvers\":[\"1.1.1.1:53\"]}}}}}",
time="2019-10-02T14:44:23+03:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/v2.0/contributing/data-collection/\n",
time="2019-10-02T14:44:23+03:00" level=debug msg="No default certificate, generating one",
time="2019-10-02T14:44:23+03:00" level=debug msg="Start TCP Server" entryPointName=http,
time="2019-10-02T14:44:23+03:00" level=info msg="Starting provider aggregator.ProviderAggregator {}",
time="2019-10-02T14:44:23+03:00" level=debug msg="Start TCP Server" entryPointName=https,
time="2019-10-02T14:44:23+03:00" level=debug msg="Start TCP Server" entryPointName=traefik,
time="2019-10-02T14:44:23+03:00" level=info msg="Starting provider *file.Provider {\"watch\":true,\"filename\":\"/etc/traefik/rules.toml\"}",
time="2019-10-02T14:44:23+03:00" level=error msg="Cannot start the provider *file.Provider: error reading configuration file: /etc/traefik/rules.toml - open /etc/traefik/rules.toml: no such file or directory",
time="2019-10-02T14:44:23+03:00" level=info msg="Starting provider *acme.Provider {\"email\":\"EMAIL@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\",\"delayBeforeCheck\":120000000000,\"resolvers\":[\"1.1.1.1:53\"]},\"ResolverName\":\"default\",\"store\":{},\"ChallengeStore\":{}}",
time="2019-10-02T14:44:23+03:00" level=info msg="Testing certificate renew..." providerName=default.acme,
time="2019-10-02T14:44:23+03:00" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":15000000000}",
time="2019-10-02T14:44:23+03:00" level=debug msg="Configuration received from provider default.acme: {\"http\":{},\"tls\":{}}" providerName=default.acme,
time="2019-10-02T14:44:23+03:00" level=debug msg="No default certificate, generating one",
time="2019-10-02T14:44:23+03:00" level=debug msg="Provider connection established with docker 19.03.2 (API 1.40)" providerName=docker,
time="2019-10-02T14:44:23+03:00" level=error msg="field not found, node: certresolver" container=traefik-2-0-1-media-server-6c75813444e9ac2aeabbba3cb3be019b9a3410584a0d0218020bf6312d07bff8 providerName=docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="Filtering disabled container" container=kibana-media-server-c1316fbc05f3a7eb527d270d1f1a037f84d0b8fff256f0abd5d5392bd8668291 providerName=docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="Filtering disabled container" providerName=docker container=filebeat-media-server-f80e988ab2b068b18cdc6fb193817361377435241652be1cf18f20b37346bae5,
time="2019-10-02T14:44:23+03:00" level=debug msg="Filtering disabled container" providerName=docker container=elasticsearch-media-server-48620b88fa282f6d4471f3ae2a36155d0e3c12d78dda63e59b49a1218e6111a8,
time="2019-10-02T14:44:23+03:00" level=debug msg="Filtering disabled container" providerName=docker container=ouroboros-media-server-2c373d7a804d3b62c02c16fe99dda574996cbe0f7bb0c004a245b8a1c41166df,
time="2019-10-02T14:44:23+03:00" level=debug msg="Filtering disabled container" providerName=docker container=chronograf-media-server-42f5ff510c4cae99e65defc4f42a9ce0c04466cda021117f9879cf3376f6504e,
time="2019-10-02T14:44:23+03:00" level=debug msg="Filtering disabled container" providerName=docker container=influxdb-telegraf-media-server-5ea37b993a0dfa03a961971d7ca28b8cd9cc745642de30e541963e2b03259c93,
time="2019-10-02T14:44:23+03:00" level=debug msg="Filtering disabled container" providerName=docker container=portainer-media-server-c5d350f8f78bd181729c91f52e3a9cbcfca18b4072c807a321307a5aca415a60,
time="2019-10-02T14:44:23+03:00" level=debug msg="Filtering disabled container" providerName=docker container=logarr-media-server-c7cf89bea2d8bc5b4ffbfc25ab4513b9e5ffb714ecb18f46b793a7bdf93fd7f5,
time="2019-10-02T14:44:23+03:00" level=debug msg="Filtering disabled container" providerName=docker container=cloudflare-ddns-media-server-c885127c8daf936bcec87b253a9aa404500bf662ff7c50f7e6fc63f898ae55c4,
time="2019-10-02T14:44:23+03:00" level=debug msg="Filtering disabled container" providerName=docker container=piholeinflux-media-server-462d6822c39e3da20a725b24ad3c60ed7a2a61d37a996f9bf33431aeceada7b9,a,
19-10-02T14:44:23+03:00" level=debug msg="Configuration received from provider docker: {\"http\":{\"routers\":{\"bazarr\":{\"entryPoints\":[\"https\"],\"service\":\"bazarr\",\"rule\":\"Host(`bazarr-media-server`)\",\"tls\":{\"domains\":[{\"main\":\"DOMAIN.com\",\"sans\":[\"*.DOMAIN.com\"]}]}},\"bazarr_http\":{\"service\":\"bazarr\",\"rule\":\"Host(`bazarr.DOMAIN.com`)\"},\"bazarr_https\":{\"service\":\"bazarr\",\"rule\":\"Host(`bazarr-media-server`)\",\"tls\":{\"certResolver\":\"basic\"}},\"grafana-media-server\":{\"service\":\"grafana-media-server\",\"rule\":\"Host(`grafana-media-server`)\"},\"heimdall-media-server\":{\"service\":\"heimdall-media-server\",\"rule\":\"Host(`heimdall-media-server`)\"},\"ombi-media-server\":{\"service\":\"ombi-media-server\",\"rule\":\"Host(`ombi-media-server`)\"},\"organizr-media-server\":{\"service\":\"organizr-media-server\",\"rule\":\"Host(`organizr-media-server`)\"},\"tautulli-media-server\":{\"service\":\"tautulli-media-server\",\"rule\":\"Host(`tautulli-media-server`)\"}},\"services\":{\"bazarr\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.15:6767\"}],\"passHostHeader\":true}},\"grafana-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.14:3000\"}],\"passHostHeader\":true}},\"heimdall-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.16:80\"}],\"passHostHeader\":true}},\"ombi-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.10:3579\"}],\"passHostHeader\":true}},\"organizr-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.12:80\"}],\"passHostHeader\":true}},\"tautulli-media-server\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.11:8181\"}],\"passHostHeader\":true}}}},\"tcp\":{}}" providerName=docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https traefik http]" routerName=grafana-media-server@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https traefik http]" routerName=heimdall-media-server@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https traefik http]" routerName=ombi-media-server@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https traefik http]" routerName=organizr-media-server@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https traefik http]" routerName=tautulli-media-server@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https traefik http]" routerName=bazarr_http@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining serviceName=tautulli-media-server entryPointName=https routerName=tautulli-media-server@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating load-balancer" serviceName=tautulli-media-server entryPointName=https routerName=tautulli-media-server@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating server 0 http://172.18.0.11:8181" entryPointName=https routerName=tautulli-media-server@docker serviceName=tautulli-media-server serverName=0,
time="2019-10-02T14:44:23+03:00" level=debug msg="Added outgoing tracing middleware tautulli-media-server" middlewareType=TracingForwarder routerName=tautulli-media-server@docker entryPointName=https middlewareName=tracing,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" entryPointName=https routerName=bazarr_http@docker serviceName=bazarr middlewareName=pipelining middlewareType=Pipelining,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating load-balancer" routerName=bazarr_http@docker serviceName=bazarr entryPointName=https,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating server 0 http://172.18.0.15:6767" entryPointName=https routerName=bazarr_http@docker serviceName=bazarr serverName=0,
time="2019-10-02T14:44:23+03:00" level=debug msg="Added outgoing tracing middleware bazarr" routerName=bazarr_http@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=https,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" serviceName=grafana-media-server entryPointName=https routerName=grafana-media-server@docker middlewareName=pipelining middlewareType=Pipelining,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating load-balancer" entryPointName=https routerName=grafana-media-server@docker serviceName=grafana-media-server,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating server 0 http://172.18.0.14:3000" serverName=0 entryPointName=https routerName=grafana-media-server@docker serviceName=grafana-media-server,
time="2019-10-02T14:44:23+03:00" level=debug msg="Added outgoing tracing middleware grafana-media-server" middlewareType=TracingForwarder middlewareName=tracing entryPointName=https routerName=grafana-media-server@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" entryPointName=https routerName=heimdall-media-server@docker serviceName=heimdall-media-server middlewareName=pipelining middlewareType=Pipelining,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating load-balancer" entryPointName=https routerName=heimdall-media-server@docker serviceName=heimdall-media-server,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating server 0 http://172.18.0.16:80" serverName=0 serviceName=heimdall-media-server entryPointName=https routerName=heimdall-media-server@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="Added outgoing tracing middleware heimdall-media-server" entryPointName=https routerName=heimdall-media-server@docker middlewareName=tracing middlewareType=TracingForwarder,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining entryPointName=https routerName=ombi-media-server@docker serviceName=ombi-media-server,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating load-balancer" serviceName=ombi-media-server entryPointName=https routerName=ombi-media-server@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating server 0 http://172.18.0.10:3579" entryPointName=https routerName=ombi-media-server@docker serviceName=ombi-media-server serverName=0,
time="2019-10-02T14:44:23+03:00" level=debug msg="Added outgoing tracing middleware ombi-media-server" entryPointName=https routerName=ombi-media-server@docker middlewareType=TracingForwarder middlewareName=tracing,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" routerName=organizr-media-server@docker serviceName=organizr-media-server middlewareName=pipelining middlewareType=Pipelining entryPointName=https,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating load-balancer" routerName=organizr-media-server@docker serviceName=organizr-media-server entryPointName=https,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating server 0 http://172.18.0.12:80" serverName=0 entryPointName=https routerName=organizr-media-server@docker serviceName=organizr-media-server,
time="2019-10-02T14:44:23+03:00" level=debug msg="Added outgoing tracing middleware organizr-media-server" middlewareType=TracingForwarder middlewareName=tracing entryPointName=https routerName=organizr-media-server@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=traefik middlewareName=traefik-internal-recovery,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" entryPointName=http middlewareName=traefik-internal-recovery middlewareType=Recovery,
time="2019-10-02T14:44:23+03:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https traefik http]" routerName=bazarr_https@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" serviceName=bazarr middlewareName=pipelining middlewareType=Pipelining entryPointName=http routerName=bazarr_https@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating load-balancer" entryPointName=http routerName=bazarr_https@docker serviceName=bazarr,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating server 0 http://172.18.0.15:6767" routerName=bazarr_https@docker serviceName=bazarr entryPointName=http serverName=0,
time="2019-10-02T14:44:23+03:00" level=debug msg="Added outgoing tracing middleware bazarr" entryPointName=http routerName=bazarr_https@docker middlewareType=TracingForwarder middlewareName=tracing,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=http,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining routerName=bazarr@docker entryPointName=https serviceName=bazarr,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating load-balancer" serviceName=bazarr routerName=bazarr@docker entryPointName=https,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating server 0 http://172.18.0.15:6767" entryPointName=https serviceName=bazarr serverName=0 routerName=bazarr@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="Added outgoing tracing middleware bazarr" entryPointName=https routerName=bazarr@docker middlewareName=tracing middlewareType=TracingForwarder,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=https,
time="2019-10-02T14:44:23+03:00" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery,
time="2019-10-02T14:44:23+03:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https traefik http]" routerName=bazarr_https@docker,
time="2019-10-02T14:44:23+03:00" level=debug msg="No default certificate, generating one",
time="2019-10-02T14:44:24+03:00" level=error msg="the router bazarr_https uses a non-existent resolver: basic",

My two containers setup:

  bazarr:
    image: 'linuxserver/bazarr:latest'
    container_name: bazarr
    hostname: bazarr
    volumes:
      - '.\bazarr\config:/config'
    ports:
      - '6767:6767'
    environment:
      - TZ=Europe/Bucharest
      - com.ouroboros.enable=true
    restart: unless-stopped
    env_file:
      - .env
    labels:
      - traefik.port=6767
      - "traefik.enable=true"
      - "traefik.http.routers.bazarr_http.rule=Host(`bazarr.DOMAIN.com`)"
      - "traefik.http.routers.bazarr_https.tls.certresolver=basic"      
      - "traefik.http.routers.bazarr.tls.domains[0].main=DOMAIN.com"
      - "traefik.http.routers.bazarr.tls.domains[0].sans=*.DOMAIN.com"      
      - "traefik.http.routers.bazarr.entrypoints=https"      
      - "traefik.http.services.bazarr.loadbalancer.server.port=6767"  
  traefik_2.0.1:
    image: 'traefik:2.0'
    container_name: traefik_2.0
    hostname: traefik_2.0
    ports:
      - '443:443'
      - '80:80'
      - '8080:8080'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
      - '.\traefik_2.0.1\traefik.yml:/etc/traefik/traefik.yml'
    env_file:
      - .env
    restart: unless-stopped
    domainname: '${ZONE}'
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik_https.rule=Host(`traefik.localhost`)"
      - "traefik.http.routers.http_traefik.rule=Host(`traefik.localhost`)"      
      - "traefik.http.routers.http_traefik.entrypoints=http"      
      - "traefik.http.routers.traefik_https.entrypoints=https"
      - "traefik.http.routers.traefik_https.tls=true"
      - "traefik.http.routers.traefik_tls.certresolver=mydnschallenge"
      - "traefik.http.routers.traefik_https.service=api@internal"
      # global redirect to https
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirs.entrypoints=web"
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"
    environment:
      - 'CF_API_EMAIL=${EMAIL}'
      - 'CF_API_KEY=${API_KEY}'
      - com.ouroboros.enable=true
      - TZ=Europe/Bucharest
    command:
      - '--acme.storage=/acme.json'
      - '--log.level=DEBUG'
      - '--log.filePath=/traefik.log'
      - '--log.format=json'
      - '--global.checkNewVersion=true'
      - '--global.sendAnonymousUsage=false'
      - '--entryPoints.web.address=:80'
      - '--entryPoints.websecure.address=:443'
      - '--api'
      - '--ping'
      - '--certificatesResolvers.basic.acme.email=EMAIL@gmail.com'
      - '--certificatesResolvers.basic.acme.storage=/acme.json'
      - '--certificatesResolvers.basic.acme.dnschallenge.provider=cloudflare'
      - '--certificatesResolvers.basic.acme.dnsChallenge.delayBeforeCheck=60'
      - '--certificatesResolvers.basic.acme.dnsChallenge.entryPoint=web'
      - '--certificatesResolvers.basic.acme.dnsChallenge.resolvers="1.1.1.1:53,8.8.8.8:53"'
      - '--providers.docker.exposedByDefault=false'
      - '--providers.docker.watch=true'
      - '--providers.docker.swarmMode=false'

traefik.yml content although I tried to comment out the mounted file inside compose I received some errors, hence is still present although all config is done in compose and not in the config file:

global:
  checkNewVersion: true
  sendAnonymousUsage: false
serversTransport:
  insecureSkipVerify: true
entryPoints:
  web:
    address: :80
  websecure:
    address: :443
providers:
  docker:
    watch: true
    endpoint: unix:///var/run/docker.sock
    exposedByDefault: false
    swarmModeRefreshSeconds: 15s
api:
  insecure: true
  dashboard: true
log:
  level: DEBUG
##certificatesResolvers:
##  letsencrypt:
##    acme:
##      email: EMAIL@gmail.com
##      storage: /acme.json
##      dnsChallenge:
##        provider: cloudflare
##        delayBeforeCheck: 1m0s
##        resolvers:
##        - 1.1.1.1:53

zespri · October 2, 2019, 6:43pm

You reference resolver named basic but you do not define it in your configuration. This is the doco on the acme resolver (the only one to date I think) Traefik Let's Encrypt Documentation - Traefik In the examples they define resolver named sample

Iosif · October 2, 2019, 7:18pm

I thought that this was the resolver:

    command:
      - '--certificatesResolvers.basic.acme.email=EMAIL@gmail.com'
      - '--certificatesResolvers.basic.acme.storage=/acme.json'
      - '--certificatesResolvers.basic.acme.dnschallenge.provider=cloudflare'
      - '--certificatesResolvers.basic.acme.dnsChallenge.delayBeforeCheck=60'
      - '--certificatesResolvers.basic.acme.dnsChallenge.entryPoint=web'
      - '--certificatesResolvers.basic.acme.dnsChallenge.resolvers="1.1.1.1:53,8.8.8.8:53"'

zespri · October 2, 2019, 7:36pm

Different sources of static configuration (file, CLI flags, ...) cannot be mixed

Iosif · October 2, 2019, 7:47pm

As I said, I tried to get rid of the file today as I started adding labels and commands into the compose file but something didn't worked as expected and the container started spitting out some weird errors that I ca't exactly remember now.
As far as I can tell, the entire config file is transported as commands and labels into the compose file right now. So if you can explain to me how can I make traefik forget about the config file and work entirely out of the compose file I'll be more than happy to try again.

Thanks a lot.

zespri · October 2, 2019, 7:56pm

Just remove all references to traefik.toml from all your configuration. Report back any errors.

Iosif · October 2, 2019, 8:19pm

Here we go again.

Current compose file:

  traefik_2.0.1:
    image: 'traefik:2.0'
    container_name: traefik_2.0
    hostname: traefik_2.0
    ports:
      - '443:443'
      - '80:80'
      - '8080:8080'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
#      - '.\traefik_2.0.1\traefik.yml:/etc/traefik/traefik.yml'
    env_file:
      - .env
    restart: unless-stopped
    domainname: '${ZONE}'
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik_https.rule=Host(`traefik.localhost`)"
      - "traefik.http.routers.http_traefik.rule=Host(`traefik.localhost`)"      
      - "traefik.http.routers.http_traefik.entrypoints=http"      
      - "traefik.http.routers.traefik_https.entrypoints=https"
      - "traefik.http.routers.traefik_https.tls=true"
      - "traefik.http.routers.traefik_tls.certresolver=basic"
      - "traefik.http.routers.traefik_https.service=api@internal"
      - "traefik.http.routers.traefik.tls.domains[0].main=DOMAIN.com"
      - "traefik.http.routers.traefik.tls.domains[0].sans=*.DOMAIN.com"         
      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      
    environment:
      - 'CF_API_EMAIL=${EMAIL}'
      - 'CF_API_KEY=${API_KEY}'
      - com.ouroboros.enable=true
      - TZ=Europe/Bucharest
    command:
      - '--acme.storage=/acme.json'
      - '--log.level=DEBUG'
      - '--log.filePath=/traefik.log'
      - '--log.format=json'
      - '--global.checkNewVersion=true'
      - '--global.sendAnonymousUsage=false'
      - '--entryPoints.web.address=:80'
      - '--entryPoints.websecure.address=:443'
      - '--api'
      - '--api.debug'
      - '--api.insecure'
      - '--api.dashboard'
      - '--ping'
      - '--certificatesresolvers.basic.acme.email=EMAIL@gmail.com'
      - '--certificatesresolvers.basic.acme.storage=/acme.json'
      - '--certificatesresolvers.basic.acme.dnschallenge.provider=cloudflare'
#      - '--certificatesresolvers.basic.acme.dnschallenge=true'
      - '--certificatesresolvers.basic.acme.dnsChallenge.delayBeforeCheck=60'
      - '--certificatesresolvers.basic.acme.dnsChallenge.entryPoint=web'
      - '--certificatesresolvers.basic.acme.dnsChallenge.resolvers="1.1.1.1:53,8.8.8.8:53"'
      - '--providers.docker.exposedByDefault=false'
      - '--providers.docker.watch=true'
      - '--providers.docker.swarmMode=false'

So I commented out the yml reference as you can see, now the container is in a boot loop with the below log:

2019/10/02 23:08:36 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:08:39 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:08:41 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:08:43 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:08:46 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:08:48 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:08:53 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:09:00 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:09:14 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:09:41 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:10:33 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:11:34 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:12:36 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:13:37 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:14:39 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:15:40 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:16:41 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:17:43 command traefik error: failed to decode configuration from flags: field not found, node: acme,
2019/10/02 23:18:44 command traefik error: failed to decode configuration from flags: field not found, node: acme,

zespri · October 2, 2019, 8:21pm

There is no --acme.storage flag in v2.

https://docs.traefik.io/reference/static-configuration/cli/

Iosif · October 2, 2019, 8:32pm

Commented that out, reboot and the log has an entrypoint problem now:

2019/10/02 23:31:00 command traefik error: failed to decode configuration from flags: field not found, node: entryPoint

Later Edit: I've read somewhere that this means that I have to remove the entrypoint used for dns challenge. Latest compose version:

  bazarr:
    image: 'linuxserver/bazarr:latest'
    container_name: bazarr
    hostname: bazarr
    volumes:
      - '.\bazarr\config:/config'
    ports:
      - '6767:6767'
    environment:
      - TZ=Europe/Bucharest
      - com.ouroboros.enable=true
    restart: unless-stopped
    env_file:
      - .env
    labels:
#      - traefik.frontend.passHostHeader=true
#      - traefik.port=6767
      - "traefik.enable=true"
      - "traefik.http.routers.bazarr_http.rule=Host(`bazarr.DOMAIN.com`)"
      - "traefik.http.routers.bazarr.tls=true"
      - "traefik.http.routers.bazarr.tls.certresolver=basic"
#      - "traefik.http.routers.bazarr.tls.domains[0].main=DOMAIN.com"
#      - "traefik.http.routers.bazarr.tls.domains[0].sans=*.DOMAIN.com"      
#      - "traefik.http.routers.bazarr.entrypoints=https"      
      - "traefik.http.services.bazarr.loadbalancer.server.port=6767"  
  traefik_2.0.1:
    image: 'traefik:2.0'
    container_name: traefik_2.0
    hostname: traefik_2.0
    ports:
      - '443:443'
      - '80:80'
      - '8080:8080'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
#      - '.\traefik_2.0.1\traefik.yml:/etc/traefik/traefik.yml'
    env_file:
      - .env
    restart: unless-stopped
    domainname: '${ZONE}'
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik_https.rule=Host(`traefik.localhost`)"
      - "traefik.http.routers.http_traefik.rule=Host(`traefik.localhost`)"      
      - "traefik.http.routers.http_traefik.entrypoints=http"      
      - "traefik.http.routers.traefik_https.entrypoints=https"
      - "traefik.http.routers.traefik_https.tls=true"
      - "traefik.http.routers.traefik_tls.certresolver=basic"
      - "traefik.http.routers.traefik_https.service=api@internal"
      - "traefik.http.routers.traefik.tls.domains[0].main=DOMAIN.com"
      - "traefik.http.routers.traefik.tls.domains[0].sans=*.DOMAIN.com"         
      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      
    environment:
      - 'CF_API_EMAIL=${EMAIL}'
      - 'CF_API_KEY=${API_KEY}'
      - com.ouroboros.enable=true
      - TZ=Europe/Bucharest
    command:
#      - '--acme.storage=/acme.json'
      - '--log.level=DEBUG'
      - '--log.filePath=/traefik.log'
      - '--log.format=json'
      - '--global.checkNewVersion=true'
      - '--global.sendAnonymousUsage=false'
      - '--entryPoints.web.address=:80'
      - '--entryPoints.web-secure.address=:443'
      - '--api'
      - '--api.debug'
      - '--api.insecure'
      - '--api.dashboard'
      - '--ping'
      - '--certificatesresolvers.basic.acme.email=EMAIL@gmail.com'
      - '--certificatesresolvers.basic.acme.storage=/acme.json'
      - '--certificatesresolvers.basic.acme.dnschallenge.provider=cloudflare'
#      - '--certificatesresolvers.basic.acme.dnschallenge=true'
      - '--certificatesresolvers.basic.acme.dnsChallenge.delayBeforeCheck=60'
#      - '--certificatesresolvers.basic.acme.dnsChallenge.entryPoint=web'
      - '--certificatesresolvers.basic.acme.dnsChallenge.resolvers="1.1.1.1:53,8.8.8.8:53"'
      - '--providers.docker.exposedByDefault=false'
      - '--providers.docker.watch=true'
      - '--providers.docker.swarmMode=false'

Below is the only log line passed since traefik container was restarted last time.

time="2019-10-03T00:13:57+03:00" level=info msg="Configuration loaded from flags."

Problems still standing, certificates and HTTPS redirect.

trajano · October 3, 2019, 1:16am

Maybe best you put the files for your swarm in a github project so people can compare. Minus any passwords.

Topic		Replies	Views
Caveats to "Traefik 2.0 & Docker 101" Traefik v2 docker , letsencrypt-acme	1	472	October 2, 2019
[docker-compose.yml] traefik v1.7.18 to v2.0 migration worked out / need help Traefik v2 docker , letsencrypt-acme , middleware	1	1172	October 2, 2019
Docker Compose from 1.7 -> 2.2 and...To toml or not to toml Traefik v2 docker , letsencrypt-acme	1	2356	May 15, 2020
V2, TLS, Let's Encrypt and http --> https - SUCCESS! Traefik v2 docker	3	962	November 12, 2019
Moving from docker compose to Traefik.yml Traefik v3 (latest) docker , file , letsencrypt-acme	14	1594	August 24, 2024

Traefik 1.7 to 2.0 Docker for Windows

Related topics