Hi,
I am facing some challenges using Traefik and I wanted to see if anyone in the community ever faced the same type of issue. Thanks in advance to whoever can help me on that. Here is my setup for testing:
docker-compose file for Traefik:
version: "3.9"
services:
traefik:
container_name: "traefik"
hostname: "traefik"
image: "traefik:v2.6.1"
labels:
- "traefik.enable=true"
# Routers
- "traefik.http.routers.traefik.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik.tls.domains[0].main=traefik.example.com"
- "traefik.http.routers.traefik.middlewares=auth"
# Middlewares
- "traefik.http.middlewares.auth.basicauth.usersfile=/opt/dashboard/users.txt"
# Services
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
networks:
app-net:
ipv4_address: "192.168.10.10"
ports:
- "80:80"
- "443:443"
# Traefik dashboard
- "8080:8080"
restart: "always"
volumes:
- "./traefik-persistence/traefik.toml:/etc/traefik/traefik.toml"
- "./traefik-persistence/traefik.log:/var/log/traefik.log"
- "./traefik-persistence/letsencrypt/acme.json:/letsencrypt/acme.json"
- "./traefik-persistence/users.txt:/opt/dashboard/users.txt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
app-net:
name: "traefik-net"
driver: "bridge"
ipam:
driver: "default"
config:
- subnet: "192.168.10.0/24"
traefik.toml
################################################################
# Global configuration
################################################################
[global]
checkNewVersion = true
sendAnonymousUsage = false
################################################################
# Docker configuration backend
################################################################
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
exposedByDefault = false
# Additional options
httpClientTimeout = 300
network = "traefik-net"
swarmMode = false
# swarmModeRefreshSeconds = 30
useBindPortIP = false
watch = false
################################################################
# Entrypoints configuration
################################################################
[serversTransport]
insecureSkipVerify = false
[entryPoints.web]
address = ":80"
[entryPoints.web.transport]
[entryPoints.web.transport.lifeCycle]
requestAcceptGraceTimeout = 0
graceTimeOut = 30
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
permanent = true
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.transport]
[entryPoints.websecure.transport.lifeCycle]
requestAcceptGraceTimeout = 0
graceTimeOut = 30
[entryPoints.websecure.http.tls]
certResolver = "letsencrypt"
################################################################
# Traefik logs configuration
################################################################
[log]
level = "DEBUG"
filePath = "/var/log/traefik.log"
format = "common"
################################################################
# API and dashboard configuration
################################################################
[api]
insecure = false
dashboard = true
debug = true
################################################################
# Ping configuration
################################################################
[ping]
################################################################
# Certificates configuration
################################################################
# Enable ACME (Let's Encrypt): automatic SSL.
[certificatesResolvers.letsencrypt.acme]
email = "email@example.com"
storage = "/letsencrypt/acme.json"
#caServer = "https://acme-v02.api.letsencrypt.org/directory"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
keyType = "RSA4096"
# Use a HTTP-01 ACME challenge.
[certificatesResolvers.letsencrypt.acme.httpChallenge]
# EntryPoint to use for the HTTP-01 challenges.
# Required
#
entryPoint = "web"
docker-compose file for whoami:
version: "3.9"
services:
whoami:
container_name: "simple-service"
image: "traefik/whoami"
labels:
- "traefik.enable=true"
# Routers
- "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
- "traefik.http.routers.whoami.tls.domains[0].main=whoami.example.com"
# Services
- "traefik.http.services.whoami.loadbalancer.server.port=80"
ports:
- "80"
networks:
traefik-net:
ipv4_address: "192.168.10.11"
networks:
traefik-net:
external: true
name: "traefik-net"
And then I am doing docker-compose up -d for the traefik, it launches just fine, creates the route for the dashboard, ask for the credentials to access it since I created a middleware for it, etc. I mean everything works fine.
Then, I am trying to boot whoami a few minutes after, and it is not automatically added to Traefik. Traefik does not automatically start the certificates request.
I have the option exposedByDefault = false in the traefik.toml configuration file, but I have the label - "traefik.enable=true" in the whoami docker-compose, so it should be automatically added since the docker socket is mounted into the traefik container (- "/var/run/docker.sock:/var/run/docker.sock:ro"), and also specified in the providers section (endpoint = "unix:///var/run/docker.sock") of the traefik.toml file.
To force Traefik to detect this container and create the appropriate route, I have to do a restart with the command docker-compose restart on the traefik container. I basically would like to avoid doing that every single time I add a new service.
Am I missing something?