Hi,
I have been banging my head off trying to get SSL working with traefik 2 on docker swarm. This is the docker stack file I'm using:
version: '3.7'
services:
traefik:
hostname: traefik
image: traefik:v2.2.0
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --providers.docker.swarmmode=true
- --providers.docker.domain=example.com
- --providers.docker.watch
- --providers.docker.network=traefik_proxy
- --api.dashboard=true
- --providers.docker.endpoint=/var/run/docker.sock
- --log.filePath=/dev/stdout
- --log.level=DEBUG
- --serversTransport.insecureSkipVerify=true
deploy:
replicas: 1
labels:
# Dashboard
- "traefik.http.routers.traefik.rule=Host(`traefik.localhost`)"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls=true"
# Redirect a https global
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# Redirect del middleware
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
placement:
constraints:
- node.role == manager
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
networks:
- traefik_proxy
- zbx_net
ports:
- "80:80"
- "443:443"
- "8000:8000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
traefik_proxy:
external:
name: traefik_proxy
zbx_net:
external:
name: zbx_net
# default:
# driver: bridge
The container should not even start as port 8000 is aldeady in use by another service, nonetheless traefik starts without complaining. Even the debug flag seems to not work either as I don't get any kind of output on stdout. Thei ssue is only with traefik 2 in swarm mode, the following compose file for traefik 2 works fine:
version: '3.7'
services:
traefik:
image: "traefik:v2.2.0"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --api.dashboard=true
# Para depurar:
# - --log.filePath=/dev/stdout
# - --log.level=DEBUG
- --serversTransport.insecureSkipVerify=true
ports:
- "80:80"
- "443:443"
- "8001:8000"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
# Dashboard
- "traefik.http.routers.traefik.rule=Host(`traefik.localhost`)"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls=true"
# Redirect a https global
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# Redirect del middleware
docker inspect output:
"PortBindings": {
"443/tcp": [
{
"HostIp": "",
"HostPort": "443"
}
],
"80/tcp": [
{
"HostIp": "",
"HostPort": "80"
}
],
"8000/tcp": [
{
"HostIp": "",
"HostPort": "8001"
}
]
}
docker ps output:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1266bd045458 traefik:v2.2.0 "/entrypoint.sh --en…" 30 seconds ago Up 17 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:8001->8000/tcp traefik_traefik_1
On the other hand, this traefik 1.7 stack file works fine on docker swarm:
version: '3.7'
services:
traefik:
hostname: traefik
image: traefik:1.7
container_name: traefik
command:
- --web
- --entrypoints=Name:http Address::80 Redirect.EntryPoint:https
- --entryPoints=Name:https Address::443 TLS
- --defaultentrypoints=http,https
- --docker
- --docker.swarmmode
- --docker.domain=corona.co
- --docker.watch
- --docker.network=traefik_proxy
deploy:
# mode: global
replicas: 1
placement:
constraints:
- node.role == manager
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
networks:
- traefik_proxy
- zbx_net
ports:
- "80:80"
- "443:443"
- "8001:8000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
What I'm doing wrong ?
Thanks in advance