yon
September 14, 2024, 4:47pm
1
Greetings,
I am trying to deploy Traefik on a docker swarm cluster with self signed certificates. When I try to go to the dashboard, I am given a 404 error. I have tried just about everything i could think of. This is my first time configuring Traefik. I've spent quite some time trying to deploy the container, I have had no success.
Below are the configurations.
docker-compose.yaml
version: '3'
services:traefik.example.com)"
networks:
traefik.yml
entryPoints:
providers:
api:
tls:
stores:
log:
Use 3 backticks before and after code/config to preserve spacing, which is important for yaml.
Note that you can not use traefik.yml and command: at the same time, decide for one (doc ).
yon
September 25, 2024, 6:01pm
3
Hello,
Thank you for your reply. After testing various things. I managed to get the configuration working. I am using Cloudflare DNS challenge. I also have an ipallowlist set up so it can only be accessed locally and through a VPN.
Below is my working configuration. I'm using a staging environment because I wasn't able to request any new certificates due improperly referencing the acme file previously.
version: '3'
services:
traefik:
image: traefik:v3.1
hostname: '{{.Node.Hostname}}'
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/pi/traefik/letsencrypt/acme.json:/letsencrypt/acme.json
environment:
# Cloudflare API credentials
- CF_API_EMAIL=
- CF_DNS_API_TOKEN=
command:
# API and logs
- --api.dashboard=true
- --log.level=INFO
- --accesslog=true
# Providers
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.exposedByDefault=false
- --providers.swarm.network=proxy
# Entry points and redirection
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls.certresolver=myresolver
# Certificates resolver with Cloudflare DNS challenge
- --certificatesresolvers.myresolver.acme.email=
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.myresolver.acme.dnsChallenge.provider=cloudflare
- --certificatesresolvers.myresolver.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
#staging environment
- --certificatesresolvers.myresolver.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
deploy:
mode: global
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.routers.mydashboard.rule=Host(`traefik.yourdomain.com`)
- traefik.http.routers.mydashboard.service=api@internal
- traefik.http.routers.mydashboard.middlewares=myauth,ipallowlist
- traefik.http.services.mydashboard.loadbalancer.server.port=1337
- traefik.http.middlewares.myauth.basicauth.users=
- traefik.http.middlewares.ipallowlist.ipallowlist.sourceRange=192.168.1.0/24,10.0.0.1/24
#whoami container
whoami:
image: traefik/whoami:v1.10
hostname: '{{.Node.Hostname}}'
networks:
- proxy
deploy:
mode: global
labels:
- traefik.enable=true
- traefik.http.routers.whoami.rule=Host(`whoami.yourdomain.com`)
- traefik.http.services.whoami.loadbalancer.server.port=80
- traefik.http.middlewares.ipallowlist.ipallowlist.sourceRange=192.168.1.0/24,10.0.0.1/24
networks:
proxy:
external: true
volumes:
letsencrypt:
name: letsencrypt