Hey there,
I'm trying to get Traefik running together with a dockerized Jitsi and workadventure.
My workadventure containers work perfectly fine. However, when I try to add Jitsi to the system, I don't get a route to Jitsi. I've already asked around on the Github page for the Jitsi Docker but sadly with no result.
Here's my setup:
I have a traefik 2.5 container as a reverse proxy:
version: "3.5"
services:
reverse-proxy:
image: traefik:latest
command:
- --log.level=DEBUG
- --api.dashboard=true
- --providers.docker
- --providers.docker.exposedbydefault=false
- --providers.docker.network=traefik.net
- --providers.file.directory=/configs/
- --entryPoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entryPoints.websecure.address=:443
- --certificatesresolvers.dnsresolver.acme.email=${ACME_EMAIL}
- --certificatesresolvers.dnsresolver.acme.storage=/acme.json
# Let's Encrypt's staging server
# uncomment during testing to avoid rate limiting
#- --certificatesresolvers.dnsresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
# DNS challenge
- --certificatesresolvers.dnsresolver.acme.dnsChallenge.provider=rfc2136
ports:
- 80:80
- 443:443
# The Web UI (enabled by --api.insecure=true)
#- "8080:8080"
environment:
- LEGO_EXPERIMENTAL_CNAME_SUPPORT
- RFC2136_TSIG_KEY
- RFC2136_TSIG_SECRET
- RFC2136_TSIG_ALGORITHM
- RFC2136_NAMESERVER
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${DATA_DIR}/letsencrypt/acme.json:/acme.json
- ${DATA_DIR}/traefik.yaml:/configs/traefik_tls.yaml
labels:
- "traefik.enable=true"
- "traefik.http.services.traefik.loadbalancer.server.port=888"
- "traefik.http.routers.traefik.rule=Host(`${ADMIN_HOST}`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=dnsresolver"
- "traefik.http.routers.traefik.tls.domains[0].main=${DOMAIN}"
- "traefik.http.routers.traefik.tls.domains[0].sans=*.${DOMAIN}"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=<credentials>."
networks:
traefik.net:
restart: unless-stopped
networks:
traefik.net:
Then I have the Jitsi stack which includes the web container:
version: '3.5'
services:
# Frontend
web:
image: jitsi/web:stable-6173
restart: ${RESTART_POLICY}
# traefik handles the ports?
#ports:
# - '8080:80'
# - '8443:443'
volumes:
- ${CONFIG}/web:/config:Z
- ${CONFIG}/web/letsencrypt:/etc/letsencrypt:Z
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
environment:
# [...(nothing changed here)...]
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik.net"
- "traefik.http.routers.jitsiweb.rule=Host(`${HOSTNAME}`)"
- "traefik.http.routers.jitsiweb.entryPoints=web"
- "traefik.http.services.jitsiweb.loadbalancer.server.port=80"
- "traefik.http.services.jitsiweb.loadbalancer.passhostheader=true"
- "traefik.http.routers.jitsiweb-ssl.service=jitsiweb"
- "traefik.http.routers.jitsiweb-ssl.rule=Host(`${HOSTNAME}`)"
- "traefik.http.routers.jitsiweb-ssl.entryPoints=websecure"
- "treafik.http.routers.jitsiweb-ssl.tls=true"
networks:
traefik.net:
meet.jitsi:
aliases:
- ${XMPP_DOMAIN}
#[...]
# Custom network so all services can communicate using a FQDN
networks:
meet.jitsi:
traefik.net:
external: true
For comparison, I use the following labels for one of my workadventure containers which works absolutely fine:
labels:
- "traefik.enable=true"
- "traefik.http.routers.front.rule=Host(`${FRONT_HOST}`)"
- "traefik.http.routers.front.entryPoints=web"
- "traefik.http.services.front.loadbalancer.server.port=80"
- "traefik.http.routers.front-ssl.rule=Host(`${FRONT_HOST}`)"
- "traefik.http.routers.front-ssl.entryPoints=websecure"
- "traefik.http.routers.front-ssl.service=front"
- "traefik.http.routers.front-ssl.tls=true"
Unfortunately, the logs don't really give a lot of clues as to what's going wrong. The only clue I have is that for my Jitsi domain, Traefik does not add a route:
# Config received from docker:
reverse-proxy_1 | time="2021-08-23T14:38:32Z" level=debug msg="Provider event received {Status:start ID:f22b7005a78f01bf1f0e2d6a057a9793566e18f4c75bdb417e4e8a6817953be7 From:jitsi/web:stable-6173 Type:container Action:start Actor:{ID:f22b7005a78f01bf1f0e2d6a057a9793566e18f4c75bdb417e4e8a6817953be7 Attributes:map[com.docker.compose.config-hash:be4ae0d6ace0211c24b773057dd327a520bd9b8710489503a28f996cce7c1c9e com.docker.compose.container-number:1 com.docker.compose.oneoff:False com.docker.compose.project:docker-jitsi-meet-stable-6173 com.docker.compose.service:web com.docker.compose.version:1.21.0 image:jitsi/web:stable-6173 name:docker-jitsi-meet-stable-6173_web_1 traefik.http.routers.jitsiweb-ssl.entryPoints:websecure traefik.http.routers.jitsiweb-ssl.rule:Host(`meet.my.domain.tld`) traefik.http.routers.jitsiweb-ssl.service:jitsiweb traefik.http.routers.jitsiweb.entryPoints:web traefik.http.routers.jitsiweb.rule:Host(`meet.my.domain.tld`) traefik.http.services.jitsiweb.loadbalancer.server.port:80 treafik.http.routers.jitsiweb-ssl.tls:true]} Scope:local Time:1629729512 TimeNano:1629729512594350361}" providerName=docker
reverse-proxy_1 | time="2021-08-23T14:38:32Z" level=debug msg="Configuration received from provider docker: {\"http\":{\"routers\":{\"jitsiweb\":{\"entryPoints\":[\"web\"],\"service\":\"jitsiweb\",\"rule\":\"Host(`meet.my.domain.tld`)\"},\"jitsiweb-ssl\":{\"entryPoints\":[\"websecure\"],\"service\":\"jitsiweb\",\"rule\":\"Host(`meet.my.domain.tld`)\"},\"traefik\":{\"entryPoints\":[\"websecure\"],\"middlewares\":[\"traefik-auth\"],\"service\":\"api@internal\",\"rule\":\"Host(`admin.my.domain.tld`)\",\"tls\":{\"certResolver\":\"dnsresolver\",\"domains\":[{\"main\":\"my.domain.tld\",\"sans\":[\"*.my.domain.tld\"]}]}}},\"services\":{\"jitsiweb\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.21.0.3:80\"}],\"passHostHeader\":true}},\"traefik\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.21.0.2:888\"}],\"passHostHeader\":true}}},\"middlewares\":{\"traefik-auth\":{\"basicAuth\":{\"users\":[\"<credentials>\"]}}}},\"tcp\":{},\"udp\":{\"routers\":{\"jvb\":{\"entryPoints\":[\"video\"],\"service\":\"jvb\"}},\"services\":{\"jvb\":{\"loadBalancer\":{\"servers\":[{\"address\":\"172.21.0.4:10000\"}]}}}}}" providerName=docker
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="No default certificate, generating one" tlsStoreName=default
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Adding certificate for domain(s) my.domain.tld,*.my.domain.tld"
# Creation of jitsi-relevant middleware and routers
# First for jitsiweb-ssl service over websecure
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" serviceName=jitsiweb entryPointName=websecure routerName=jitsiweb-ssl@docker middlewareName=pipelining middlewareType=Pipelining
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating load-balancer" entryPointName=websecure routerName=jitsiweb-ssl@docker serviceName=jitsiweb
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating server 0 http://172.21.0.3:80" serviceName=jitsiweb serverName=0 entryPointName=websecure routerName=jitsiweb-ssl@docker
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="child http://172.21.0.3:80 now UP"
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Propagating new UP status"
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Added outgoing tracing middleware jitsiweb" routerName=jitsiweb-ssl@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=websecure
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=websecure middlewareName=traefik-internal-recovery
# Then for jitsiweb over web
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" entryPointName=web routerName=jitsiweb@docker serviceName=jitsiweb middlewareName=pipelining middlewareType=Pipelining
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating load-balancer" serviceName=jitsiweb entryPointName=web routerName=jitsiweb@docker
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating server 0 http://172.21.0.3:80" routerName=jitsiweb@docker serverName=0 serviceName=jitsiweb entryPointName=web
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="child http://172.21.0.3:80 now UP"
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Propagating new UP status"
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Added outgoing tracing middleware jitsiweb" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=jitsiweb@docker
# Adding middleware for redirects
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Added outgoing tracing middleware noop@internal" routerName=web-to-websecure@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme entryPointName=web
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Setting up redirection to https 443" middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Adding tracing to middleware" middlewareName=redirect-web-to-websecure@internal entryPointName=web routerName=web-to-websecure@internal
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
# Stuff for traefik dashboard
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=websecure routerName=traefik@docker middlewareName=tracing middlewareType=TracingForwarder
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" middlewareName=traefik-auth@docker middlewareType=BasicAuth routerName=traefik@docker entryPointName=websecure
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Adding tracing to middleware" entryPointName=websecure routerName=traefik@docker middlewareName=traefik-auth@docker
# A webhook defined in an extra traefik config file (see comments below)
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" entryPointName=websecure routerName=webhook@file serviceName=webhook-websecure middlewareName=pipelining middlewareType=Pipelining
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating load-balancer" serviceName=webhook-websecure entryPointName=websecure routerName=webhook@file
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating server 0 http://hook.adventure.emergencity.de:1324" serviceName=webhook-websecure entryPointName=websecure serverName=0 routerName=webhook@file
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="child http://hook.some.domain.tld:1324 now UP"
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Propagating new UP status"
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Added outgoing tracing middleware webhook-websecure" entryPointName=websecure routerName=webhook@file middlewareType=TracingForwarder middlewareName=tracing
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Creating middleware" entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
# Routes added for "hook." and "admin.", but not for "meet." (Jitsi's domain):
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Adding route for hook.my.domain.tld with TLS options default" entryPointName=websecure
reverse-proxy_1 | time="2021-08-23T14:38:33Z" level=debug msg="Adding route for admin.my.domain.tld with TLS options default" entryPointName=websecure
When using curl -k https://localhost:8443/config.js from the command line of the docker machine (and when enabling the ports in the docker compose file), I get back the config as expected. However, when using my browser or curl on another machine with meet.my.domain.tld/config.js, it doesn't work. Instead, I get a 404 HTTP error.
I'm not sure where, but it seems I must have made a mistake somewhere when configuring Traefik. Does anyone have an idea what it could be?