Hello everyone,
I have set up a RPi cluster and used docker swarm with traefik 1.7.x before without issues.
Now I've upgraded to traefik 2.2.0, after fighting a little with the new concepts everything works fine from outside my LAN network.
The services like the traefik dashboard or nextcloud using the domains externally (e.g. traefik.sub.domain.org, or nextcloud.sub.domain.org) are accessible, but if I try to connect from my LAN network it does not work. This means that to access my nextcloud I have to connect to my mobile hotspot, instead of my wifi.
The hostnames are dynamic DNS on noip.com
What might I be missing?
Here my traefik.yml
version: '3.7'
services:
reverse-proxy:
image: traefik:latest
command:
- '--providers.docker=true'
- '--entryPoints.web.address=:80'
- '--entryPoints.websecure.address=:443'
- '--providers.providersThrottleDuration=2s'
- '--providers.docker.watch=true'
- '--providers.docker.swarmMode=true'
- '--providers.docker.swarmModeRefreshSeconds=15s'
- '--providers.docker.exposedbydefault=false'
- '--providers.docker.defaultRule=Host(`sub.domain.org`)'
- '--providers.docker.constraints=Label(`traefik.tags`,`public`)'
- '--accessLog.bufferingSize=0'
- '--api=true'
- '--api.dashboard=true'
- '--log.level=DEBUG'
- '--certificatesResolvers.letsencrypt.acme.tlsChallenge=true'
- '--certificatesResolvers.letsencrypt.acme.httpChallenge=true'
- '--certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint=web'
- '--certificatesResolvers.letsencrypt.acme.email=admin@domain.org'
- '--certificatesResolvers.letsencrypt.acme.storage=/var/lib/traefik/acme.json'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
- 'vol_traefik_certs:/var/lib/traefik'
- 'vol_traefik_configs:/run'
environment:
- TZ=${TIME_ZONE:-Europe/Berlin}
ports:
- '80:80'
- '443:443'
deploy:
placement:
constraints:
- node.role == manager
labels:
- 'traefik.enable=true'
- 'traefik.tags=public'
- 'traefik.docker.network=traefik-public'
- 'traefik.http.routers.traefik-http.rule=Host(`traefik.sub.domain.org`)'
- 'traefik.http.routers.traefik-http.entrypoints=web'
- 'traefik.http.routers.traefik-http.middlewares=traefik-redirect'
- 'traefik.http.routers.traefik-https.rule=Host(`traefik.sub.domain.org`)'
- 'traefik.http.routers.traefik-https.entrypoints=websecure'
- 'traefik.http.routers.traefik-https.middlewares=traefik-auth'
- 'traefik.http.routers.traefik-https.service=api@internal'
- 'traefik.http.services.traefik-https.loadbalancer.server.port=8080'
- 'traefik.http.routers.traefik-https.tls=true'
- 'traefik.http.routers.traefik-https.tls.certResolver=letsencrypt'
- 'traefik.http.routers.traefik-https.tls.domains[0].main=traefik.sub.domain.org'
- 'traefik.http.middlewares.traefik-auth.basicauth.users=user:hashedpasword
- 'traefik.http.middlewares.traefik-redirect.redirectscheme.scheme=https'
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
update_config:
delay: 10s
order: start-first
parallelism: 1
rollback_config:
parallelism: 0
order: stop-first
logging:
driver: json-file
options:
'max-size': '10m'
'max-file': '5'
networks:
- traefik-public
- default
networks:
traefik-public:
external: true
volumes:
vol_traefik_certs:
driver: local
driver_opts:
type: nfs
o: addr=NASIP,nolock,soft,rw
device: ":/docker/data/traefik2/certs/"
vol_traefik_configs:
driver: local
driver_opts:
type: nfs
o: addr=NASIP,nolock,soft,rw
device: ":/docker/data/traefik2/configs/"
Thank you!