Homepage is a (Docker) containerised web UI that provide links to all my other self-hosted services. It can optionally access the API from various services (including Traefik) to display stats about the service.
I have successfully used Homepage's Automatic Service Discovery mechanism with several Docker containers. However, I am having a problem getting it to work with Traefik. (I am running Traefik v3.0.4 in a Docker container - compose file below)
Screenshot of what I see in Homepage here.
As you can see, I get an API error for Traefik, specifically. I can load the URL ( https://traefik-dashboard.mydomain.com/api/overview ) in my browser and see the JSON from the Traefik API just fine, so I'm guessing this might be an issue where the Homepage container can't access the Traefik container... but they're both definitely on the same network in their respective docker-compose.yml files.
docker-compose-homepage.yml:
services:
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
restart: unless-stopped
volumes:
- ./config:/app/config # Make sure your local config directory exists
- /var/run/docker.sock:/var/run/docker.sock # (optional) For docker integrations
- /home/david/docker/homepage/images:/app/public/images # Path to background image stored on computer.
networks:
proxy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.homepage.entrypoints=http"
- "traefik.http.routers.homepage.rule=Host(`homepage.mydomain.com`)"
- "traefik.http.routers.homepage.middlewares=default-whitelist@file"
- "traefik.http.middlewares.homepage-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.homepage.middlewares=homepage-https-redirect"
- "traefik.http.routers.homepage-secure.entrypoints=https"
- "traefik.http.routers.homepage-secure.rule=Host(`homepage.mydomain.com`)"
- "traefik.http.routers.homepage-secure.tls=true"
- "traefik.http.routers.homepage-secure.service=homepage"
- "traefik.http.services.homepage.loadbalancer.server.port=3000"
security_opt:
- no-new-privileges:true
networks:
proxy:
external: true
docker-compose-traefik.yml:
services:
traefik:
image: traefik:v3.0.4
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80 #For internal services
- 81:81 #For external services
- 443:443 #For internal services
- 444:444 #For external services
environment:
CF_DNS_API_TOKEN_FILE: /run/secrets/cf_api_token # note using _FILE for docker secrets
TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
secrets:
- cf_api_token
env_file: .env # use .env
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./data/config.yml:/config.yml:ro
- ./logs:/var/log/traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.mydomain.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.mydomain.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=mydomain.com"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.mydomain.com"
- "traefik.http.routers.traefik-secure.service=api@internal"
- homepage.group=Network admin
- homepage.name=Traefik
- homepage.icon=traefik
- homepage.href=https://traefik-dashboard.mydomain.com
- homepage.description=HTTP reverse proxy and load balancer.
- homepage.statusStyle=dot
- homepage.widget.type=traefik
- homepage.widget.url=https://traefik-dashboard.mydomain.com
- homepage.widget.username:dave
- homepage.widget.password:passwordhere
- homepage.showStats=true
secrets:
cf_api_token:
file: ./cf_api_token.txt
networks:
proxy:
external: true
I noticed these errors in the Homepage log (as seen in Portainer):
"Listening on port 3000
[2024-07-16T01:59:00.284Z] error: <service-helpers> Error getting services from Docker server 'docker1': Error: connect EACCES /var/run/docker.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1555:16) {
errno: -13,
code: 'EACCES',
syscall: 'connect',
address: '/var/run/docker.sock'
}
[2024-07-16T01:59:00.494Z] error: <service-helpers> Error getting services from Docker server 'docker1': Error: connect EACCES /var/run/docker.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1555:16) {
errno: -13,
code: 'EACCES',
syscall: 'connect',
address: '/var/run/docker.sock'
}
[2024-07-16T01:59:00.871Z] error: <dockerStatusService> Error: connect EACCES /var/run/docker.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1555:16)
[2024-07-16T01:59:01.087Z] error: <service-helpers> Error getting services from Docker server 'docker1': Error: connect EACCES /var/run/docker.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1555:16) {
errno: -13,
code: 'EACCES',
syscall: 'connect',
address: '/var/run/docker.sock'
}
[2024-07-16T01:59:01.109Z] error: <httpProxy> Error calling https://traefik-dashboard.mydomain.com/api/overview...
[2024-07-16T01:59:01.110Z] error: <httpProxy> [
500,
Error: getaddrinfo ENOTFOUND traefik-dashboard.mydomain.com
at GetAddrInfoReqWrap.onlookupall [as oncomplete] (node:dns:118:26) {
errno: -3008,
code: 'ENOTFOUND',
syscall: 'getaddrinfo',
hostname: 'traefik-dashboard.mydomain.com'
}"
I noted specifically "Error: connect EACCES /var/run/docker.sock". I thought it may be because /var/run/docker.sock didn't exist on my system. I found this and followed the instructions in the accepted answer (indeed, I was running Docker via systemctl and it was set to containerd.sock instead within /lib/systemd/system/docker.service (as shown in that answer), and so I changed it (again, as per the answer), so now I have /var/run/docker.sock (I also then rebooted, just in case).
Despite this change, and despite restarting the Docker host entirely, I still see the same error in the Homepage log (as seen in Portainer) and also the API error in the Homepage web UI (as seen in the screenshot provided).
Any ideas what I might've stuffed up, please?