Hello there,
i try to setup traefik 2.0 on my swarm for a while now, but cant get it running.
the swarm constists of 5 VPS nodes, 3 manager 2 workers, all based on debian10 with docker ce 19.03.2 running.
Whenever i wanna access a service with a port like traefik 8080 i do get 404 page not found.
When i do the same with the whoami serivce all works as wanted.
Toml: https://pastebin.com/raw/EriUZvNH
Compose: https://pastebin.com/raw/SVMJxRX9
1 Like
Adding Log, cause cant do more than 2 links as new user:
Log: https://pastebin.com/raw/VAkF4LAn
Would be glad if anyone could help me out, tried different basic configs already like:
or others
ldez
September 25, 2019, 2:39pm
3
hello,
with your configuration:
the dashboard is accessible on the port 80 (and 443) with the path /dashboard
.
whoami is accessible on the port 80 (and 443) with the path /whoami
.
I fixed some errors:
version: "3"
services:
traefik:
image: traefik:v2.0
restart: unless-stopped
networks:
- proxy
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /gluster/global/data/traefik/acme.json:/acme.json:rw
- /gluster/global/data/traefik/traefik.toml:/traefik.toml:ro
environment:
- API_KEY=bla
- API_PASSWORD=bla
deploy:
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik_https.rule=Path(`/dashboard`)"
- "traefik.http.routers.traefik_https.entrypoints=websecure"
- "traefik.http.routers.traefik_https.tls=true"
- "traefik.http.routers.traefik_https.tls.certResolver=letsencrypt"
- "traefik.http.routers.traefik_https.tls.domains[0].main=example.tld"
- "traefik.http.routers.traefik_https.service=api@internal"
- "traefik.http.routers.traefik_https.middlewares=traefik-auth"
- "traefik.http.services.noop.loadbalancer.server.port=888"
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$apr1$$iNdRs1II$$Qdw59WFY6y0Oaf0JaZTip0"
- "traefik.http.routers.http_traefik.entrypoints=web"
- "traefik.http.routers.http_traefik.rule=Path(`/dashboard`)"
- "traefik.http.routers.http_traefik.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
whoami:
image: containous/whoami
networks:
- proxy
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami_http.rule=Path(`/whoami`)"
- "traefik.http.routers.whoami_http.entrypoints=web"
- "traefik.http.routers.whoami_http.middlewares=redirect-https-whoami"
- "traefik.http.middlewares.redirect-https-whoami.redirectscheme.scheme=https"
- "traefik.http.routers.whoami_https.rule=Path(`/whoami`)"
- "traefik.http.routers.whoami_https.entrypoints=websecure"
- "traefik.http.routers.whoami_https.tls=true"
- "traefik.http.routers.whoami_https.tls.certResolver=letsencrypt"
- "traefik.http.routers.whoami_https.service=whoami"
- "traefik.http.services.whoami.loadbalancer.server.port=80"
networks:
proxy:
external: true
[global]
checkNewVersion = true
sendAnonymousUsage = true
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[log]
level = "DEBUG"
[api]
[certificatesResolvers.letsencrypt.acme]
email = "email@example.tld"
storage = "acme.json"
[certificatesResolvers.letsencrypt.acme.dnsChallenge]
provider = "netcup"
[ping]
[providers]
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
defaultRule = "Host(`{{ normalize .Name }}.example.tld`)"
watch = true
exposedByDefault = false
swarmMode = true
if you want to use the defaultRule
you have to remove traefik.http.routers.xxx.rule
labels.
https://docs.traefik.io/v2.0/providers/docker/#defaultrule
hey there,
first off thanks for the help, i disabled the defaultRule and changed everything to your corrected version, sadly i still get 404 at example.tld/dashboard and same on https one.
New Logs:
https://pastebin.com/raw/Ka9EXNUt
1 Like
zespri
September 25, 2019, 8:55pm
5
404 simply means that your request did not match any rule. What exactly your request was and which rule did you expect it to match?
1 Like
i want my traefik dashboard to show up when i type:
http://domain.tld/dashboard or https://domain.tld/dashboard
or another service like portainer:
http://domain.tld/portainer or https://domain.tld/portainer
but all i get is 404 every time, posted my config above, already apply'd fixes suggested by Idez
ldez
September 25, 2019, 9:30pm
7
version: "3"
services:
traefik:
image: traefik:v2.0
restart: unless-stopped
networks:
- proxy
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /gluster/global/data/traefik/acme.json:/acme.json:rw
- /gluster/global/data/traefik/traefik.toml:/traefik.toml:ro
environment:
- API_KEY=bla
- API_PASSWORD=bla
deploy:
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik_https.rule=Host(`dashboard.example.tld`) && (Path(`/dashboard`) || Path(`/api`)"
- "traefik.http.routers.traefik_https.entrypoints=websecure"
- "traefik.http.routers.traefik_https.tls=true"
- "traefik.http.routers.traefik_https.tls.certResolver=letsencrypt"
- "traefik.http.routers.traefik_https.tls.domains[0].main=example.tld"
- "traefik.http.routers.traefik_https.service=api@internal"
- "traefik.http.routers.traefik_https.middlewares=traefik-auth"
- "traefik.http.services.noop.loadbalancer.server.port=888"
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$apr1$$iNdRs1II$$Qdw59WFY6y0Oaf0JaZTip0"
- "traefik.http.routers.http_traefik.rule=Host(`dashboard.example.tld`) && (Path(`/dashboard`) || Path(`/api`)"
- "traefik.http.routers.http_traefik.entrypoints=web"
- "traefik.http.routers.http_traefik.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
whoami:
image: containous/whoami
networks:
- proxy
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami_http.rule=Host(`whoami.example.tld`) && Path(`/whoami`)"
- "traefik.http.routers.whoami_http.entrypoints=web"
- "traefik.http.routers.whoami_http.middlewares=redirect-https-whoami"
- "traefik.http.middlewares.redirect-https-whoami.redirectscheme.scheme=https"
- "traefik.http.routers.whoami_https.rule=Host(`whoami.example.tld`) && Path(`/whoami`)"
- "traefik.http.routers.whoami_https.entrypoints=websecure"
- "traefik.http.routers.whoami_https.tls=true"
- "traefik.http.routers.whoami_https.tls.certResolver=letsencrypt"
- "traefik.http.routers.whoami_https.service=whoami"
- "traefik.http.services.whoami.loadbalancer.server.port=80"
networks:
proxy:
external: true
with this the redirect from http to https does not work anymore but also 404 isnt gone still comes up at /dashboard or /api
ldez
September 25, 2019, 9:57pm
9
I created a simple working example (no swarm, no let's encrypt, no file):
version: "3"
services:
traefik:
image: traefik:v2.0.0
ports:
- "80:80"
- "443:443"
command:
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=true
- --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443
- --log.level=DEBUG
- --api
- --ping
# - --certificatesResolvers.letsencrypt.acme.email="email@example.tld"
# - --certificatesResolvers.letsencrypt.acmestorage="acme.json"
# - --certificatesResolvers.letsencrypt.acme.dnsChallenge.provider="netcup"
- --providers.docker.exposedByDefault=false
# - --providers.docker.watch=true
# - --providers.docker.swarmMode=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik_https.rule=Host(`dashboard.docker.localhost`)"
- "traefik.http.routers.traefik_https.entrypoints=websecure"
- "traefik.http.routers.traefik_https.tls=true"
# - "traefik.http.routers.traefik_https.tls.certResolver=letsencrypt"
- "traefik.http.routers.traefik_https.service=api@internal"
- "traefik.http.routers.traefik_https.middlewares=traefik-auth"
# - "traefik.http.services.noop.loadbalancer.server.port=888" # required only for swarm
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$apr1$$iNdRs1II$$Qdw59WFY6y0Oaf0JaZTip0"
- "traefik.http.routers.http_traefik.rule=Host(`dashboard.docker.localhost`)"
- "traefik.http.routers.http_traefik.entrypoints=web"
- "traefik.http.routers.http_traefik.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
whoami:
image: containous/whoami:v1.3.0
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami_http.rule=Host(`whoami.docker.localhost`)"
- "traefik.http.routers.whoami_http.entrypoints=web"
- "traefik.http.routers.whoami_http.middlewares=redirect-https-whoami"
- "traefik.http.middlewares.redirect-https-whoami.redirectscheme.scheme=https"
- "traefik.http.routers.whoami_https.rule=Host(`whoami.docker.localhost`)"
- "traefik.http.routers.whoami_https.entrypoints=websecure"
- "traefik.http.routers.whoami_https.tls=true"
# - "traefik.http.routers.whoami_https.tls.certResolver=letsencrypt"
- "traefik.http.services.whoami.loadbalancer.server.port=80"
dashboard.docker.localhost
serve the Traefik dashboard with auto-signed certificates
whoami.docker.localhost
serve the whoami with auto-signed certificates
tried to inspire you with that.
2 Likes
zespri
September 25, 2019, 11:50pm
10
@ldez sould it be PathPrefix
instead of Path
for /dashboard
and /api
?
ldez
September 26, 2019, 12:47am
11
yes PathPrefix
instead of Path
is the right anwser.
without swarm it works, but whats the mistake then?
another update, got it running now with swarm, mistake was:
- "traefik.http.routers.http_traefik.rule=Host(`dashboard.example.tld`) && (Path(`/dashboard`) || Path(`/api`)"
missing the closing ")". after that i got it running on the subdomain.
Is it possible that i add additional labels that i can access like:
domain.tld/traefik (redirects to dashboard but still shows /traefik)
domain.tld/portainer (redirects to portainer)
n so on? cause thats my final setup i wanna archive
thanks a lot so far!
zespri
September 26, 2019, 11:14pm
14
I don't know if it would work for traefik dashboard or not, but many applications are not written to support to be accessed on a different path than intended. In many cases, if apps expects to be found on /checkout
and you serve it on /shop
it won't work because it's not what the app expects and was never designed to support. You can redirect the particular request, but all dependencies may be wrong, which would make the app unusable.
oh so this picture from the guide seems a bit misleading then:
https://docs.traefik.io/v2.0/routing/providers/docker/
trajano
September 27, 2019, 1:29pm
16
It's not really misleading, it's just that Traefik's dashboard along with a few others like Portainer just didn't design themselves to work nicely in that sort of environment.
For Traefik, you may need to wait for a fix https://github.com/containous/traefik/issues/5374
The above configuration worked for me as well. Can someone explain why the dashboard doesn't work over HTTPS without having the HTTP redirect also configured? The documentation makes it seem like just having the HTTPS router configured and pointing to service api@internal would work, but that didn't seem to work.
1 Like
Thanks, helped a lot with dashboard in HTTPS