Following this post :
I tried to configure by same dynamic approach ,
where :
Need the dashboard be accessible internally on :8888
and from outside https://traefik.mydomain.com
same for HA - internally on :8123
and outside https://ha.mydomain.com
at current :
not able to reach the traefik dashboard /HA from internally or from outside network.
I configure my domain in CF as following:
docker-compose
version: "3.3"
networks:
rev_traefik_proxy:
external: true
services:
traefik:
image: traefik:v2.2.0
container_name: traefik
networks:
- rev_traefik_proxy
command:
- --log.level=INFO
- --log.filePath=etc/traefik/log/traefik.log
- --accessLog.filePath=etc/traefik/log/access.log
- --accessLog.bufferingSize=100
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --api
- --api.insecure=true
- --entrypoints.dashboard.address=:8888
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --certificatesresolvers.myresolver.acme.dnschallenge=true
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare
##test
- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.myresolver.acme.email=${CF_API_EMAIL}
- --certificatesresolvers.myresolver.acme.storage=acme.json
ports:
- 80:80
- 443:443
- 8888:8888
environment:
- CF_API_EMAIL=${CF_API_EMAIL}
- CF_API_KEY=${CF_API_KEY}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik/acme.json:/acme.json
- ./traefik/:/etc/traefik/log/
labels:
traefik.enable: true
# middleware redirect
traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https
# global redirect to https
traefik.http.routers.redirs.rule: hostregexp(`{host:.+}`)
traefik.http.routers.redirs.entrypoints: web
traefik.http.routers.redirs.middlewares: redirect-to-https
# Dashboard
traefik.http.routers.traefik.rule: Host(`traefik.mydomain.com`)
traefik.http.routers.traefik.entrypoints: dashboard
traefik.http.routers.traefik.service: api@internal
traefik.http.routers.traefik.middlewares: auth
traefik.http.middlewares.auth.basicauth.users: user:$$apr1$$gnc3F4mv$$VNr.mLwolbwUF6vYVzPVs0
homeassistant:
container_name: homeassistant
image: homeassistant/home-assistant:latest
volumes:
- "./HA/:/config"
- /etc/localtime:/etc/localtime:ro
# ports:
# - 8123:8123
restart: always
network_mode: host
labels:
traefik.enable: true
traefik.http.routers.hasss.rule: Host(`ha.mydomain.com`)
traefik.http.routers.hasss.entrypoints: websecure
traefik.http.routers.hasss.tls.certresolver: myresolver
traefik.http.services.hasss.loadbalancer.server.port: 8123
log:
time="2020-04-11T12:51:50Z" level=info msg="Traefik version 2.2.0 built on 2020-03-25T17:32:57Z"
time="2020-04-11T12:51:50Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"dashboard\":{\"address\":\":8888\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}},\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":15000000000}},\"api\":{\"insecure\":true,\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"filePath\":\"etc/traefik/log/traefik.log\",\"format\":\"common\"},\"accessLog\":{\"filePath\":\"etc/traefik/log/access.log\",\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}},\"bufferingSize\":100},\"certificatesResolvers\":{\"myresolver\":{\"acme\":{\"email\":\"xxxxxx23@gmail.com\",\"caServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\"}}}}}"
time="2020-04-11T12:51:50Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/contributing/data-collection/\n"
time="2020-04-11T12:51:50Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2020-04-11T12:51:50Z" level=debug msg="Start TCP Server" entryPointName=dashboard
time="2020-04-11T12:51:50Z" level=debug msg="Start TCP Server" entryPointName=web
time="2020-04-11T12:51:50Z" level=debug msg="Start TCP Server" entryPointName=websecure
time="2020-04-11T12:51:50Z" level=debug msg="Start TCP Server" entryPointName=traefik
time="2020-04-11T12:51:50Z" level=info msg="Starting provider *acme.Provider {\"email\":\"xxxxxx23@gmail.com\",\"caServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\"},\"ResolverName\":\"myresolver\",\"store\":{},\"ChallengeStore\":{}}"
time="2020-04-11T12:51:50Z" level=info msg="Testing certificate renew..." providerName=myresolver.acme
time="2020-04-11T12:51:50Z" level=info msg="Starting provider *traefik.Provider {}"
time="2020-04-11T12:51:50Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":15000000000}"
time="2020-04-11T12:51:50Z" level=debug msg="Configuration received from provider myresolver.acme: {\"http\":{},\"tls\":{}}" providerName=myresolver.acme
time="2020-04-11T12:51:50Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"routers\":{\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/[^:\\\\/]+(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}}}},\"tcp\":{},\"tls\":{}}" providerName=internal
time="2020-04-11T12:51:50Z" level=debug msg="Adding certificate for domain(s) ha.xxxxxx23.com"
time="2020-04-11T12:51:50Z" level=debug msg="No default certificate, generating one"
time="2020-04-11T12:51:50Z" level=debug msg="Provider connection established with docker 17.09.1-ce (API 1.32)" providerName=docker
time="2020-04-11T12:51:50Z" level=debug msg="Configuration received from provider docker: {\"http\":{\"routers\":{\"hasss\":{\"entryPoints\":[\"websecure\"],\"service\":\"hasss\",\"rule\":\"Host(`ha.xxxxxx23.com`)\",\"tls\":{\"certResolver\":\"myresolver\"}}},\"services\":{\"hasss\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://127.0.0.1:8123\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2020-04-11T12:51:52Z" level=debug msg="Adding certificate for domain(s) ha.xxxxxx23.com"
time="2020-04-11T12:51:52Z" level=debug msg="No default certificate, generating one"
time="2020-04-11T12:51:54Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-04-11T12:51:54Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
time="2020-04-11T12:51:54Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix
time="2020-04-11T12:51:54Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal
time="2020-04-11T12:51:54Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal
time="2020-04-11T12:51:54Z" level=debug msg="Setting up redirection from ^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$ to ${1}/dashboard/" routerName=dashboard@internal middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal entryPointName=traefik
time="2020-04-11T12:51:54Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2020-04-11T12:51:54Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-04-11T12:51:54Z" level=debug msg="Adding certificate for domain(s) ha.xxxxxx23.com"
time="2020-04-11T12:51:54Z" level=debug msg="No default certificate, generating one"
time="2020-04-11T12:51:57Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-04-11T12:51:57Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-04-11T12:51:57Z" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik
time="2020-04-11T12:51:57Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal entryPointName=traefik
time="2020-04-11T12:51:57Z" level=debug msg="Creating middleware" middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2020-04-11T12:51:57Z" level=debug msg="Setting up redirection from ^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2020-04-11T12:51:57Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2020-04-11T12:51:57Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-04-11T12:51:57Z" level=debug msg="Creating middleware" serviceName=hasss entryPointName=websecure routerName=hasss@docker middlewareName=pipelining middlewareType=Pipelining
time="2020-04-11T12:51:57Z" level=debug msg="Creating load-balancer" routerName=hasss@docker serviceName=hasss entryPointName=websecure
time="2020-04-11T12:51:57Z" level=debug msg="Creating server 0 http://127.0.0.1:8123" serviceName=hasss entryPointName=websecure routerName=hasss@docker serverName=0
time="2020-04-11T12:51:57Z" level=debug msg="Added outgoing tracing middleware hasss" middlewareType=TracingForwarder entryPointName=websecure routerName=hasss@docker middlewareName=tracing
time="2020-04-11T12:51:57Z" level=debug msg="Creating middleware" entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-04-11T12:51:57Z" level=debug msg="Try to challenge certificate for domain [ha.xxxxxx23.com] found in HostSNI rule" rule="Host(`ha.xxxxxx23.com`)" providerName=myresolver.acme routerName=hasss@docker
time="2020-04-11T12:51:57Z" level=debug msg="Looking for provided certificate(s) to validate [\"ha.xxxxxx23.com\"]..." providerName=myresolver.acme routerName=hasss@docker rule="Host(`ha.xxxxxx23.com`)"
time="2020-04-11T12:51:57Z" level=debug msg="No ACME certificate generation required for domains [\"ha.xxxxxx23.com\"]." rule="Host(`ha.xxxxxx23.com`)" providerName=myresolver.acme routerName=hasss@docker
time="2020-04-11T13:00:42Z" level=debug msg="Error while Peeking first byte: read tcp 172.29.24.2:8888->192.168.1.213:44470: read: connection reset by peer"
``