Traefik routing to other LAN IP

Traefik Traefik v2
1

Hello,
I'm was using Traefik for ~1year in a single instance configuration using docker running all the services.
Lately i moved to Proxmox and want to separate my 0-24 used services like Traefik,SearXNG,UptimeKuma,ddclient etc in 1 LXC aka 1 "computer" and all my other.
Traefik works here absolutely fine all services accessible from WAN so far.
HOWEVER; i have several other services like 3-4 web servers, experimental or temporary services to run and i want to have those separated from the 1 LXC in other containers, acting like other servers with different LAN IP addresses.
I read the documentation over and over but didnt managed to get it to work.
My setup is lets say:
192.168.0.204 - VM running dockerised Traefik with the following configuration .yml files:

  • traefik.yml
api:
  insecure: true
providers:
  docker:
    exposedbydefault: false
    network: proxy
entryPoints:
  web:
    address: :80
    http:
      redirections:
        entrypoint:
          to: websecure
          scheme: https
  websecure:
    address: :443
    http:
      tls:
        # Generate a wildcard domain certificate
        certResolver: letsencrypt
        domains:
          - main: false.webredirect.org
            sans:
              - '*.false.webredirect.org'

ping: true

certificatesResolvers:
  letsencrypt:
    acme:
      email: ionized@protonmail.com
      storage: /letsencrypt/acme.json
      dnsChallenge:
        provider: dynu
        resolvers:
          - '1.1.1.1'
          - '1.0.0.1'

http:
  routers:
    my-router:
      rule: "Host(`example.false.webredirect.org`)"
      service: my-service

  services:
    my-service:
      loadBalancer:
        servers:
          - url: "http://192.168.0.180:80"

Traefik docker-compose.yml

version: '3'

services:
  reverse-proxy:
    container_name: traefik
    image: traefik:latest
    command: --api.insecure=true --providers.docker
    restart: unless-stopped
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    environment:
      - DYNU_API_KEY=5eY4g564W4WERYFALSEb36bf344Wf4f
    volumes:
      - ./config/traefik.yml:/etc/traefik/traefik.yml:ro
      - ./config/letsencrypt:/letsencrypt:cached
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.rule=Host(`false.webredirect.org`)
      - traefik.http.services.traefik.loadbalancer.server.port=8080
networks:
  proxy:
    external: true

Output of wget 192.168.0.180 from the Traefik VM

mato@proxy-services:~/util/traefik/config$ wget http://192.168.0.180:80
--2023-11-28 18:29:07--  http://192.168.0.180/
Connecting to 192.168.0.180:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://192.168.0.180/wp-admin/install.php [following]
--2023-11-28 18:29:07--  http://192.168.0.180/wp-admin/install.php
Reusing existing connection to 192.168.0.180:80.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
index.html: Permission denied
Cannot write to 'index.html' (Permission denied).

So my problem is how to "teach" Traefik to route traffic to another local ip when it gets the request?
Traefik host is located on 192.168.0.204
Other VM with the required service is at 192.168.0.180:80
Host domain is: "false.webredirect.org" = 192.168.0.204
Other service: "example.false.webredirect.org" = 192.168.0.180

I'am gratefull you spent time to read the struggle of a beginner and i hope one of you can provide me with crucial guidance! TY

2

Traefik http routers and services are dynamic config, they should go into a separate config file and should be loaded with providers.file in static config (traefik.yml).

Also note that you can’t mix static config in traefik.yml and in command, decide for one.

3

Ty for your answer!
So traefik.yml is the "static" configuration.
and lets say a file called "other.yml" is the dynamic what placed lets say next to the traefik.yml contains only:

http:
  routers:
    my-router:
      rule: "Host(`example.false.webredirect.org`)"
      service: my-service

  services:
    my-service:
      loadBalancer:
        servers:
          - url: "http://192.168.0.180:80"

and the traefik.yml looks something like:

api:
  insecure: true
providers:
  docker:
    exposedbydefault: false
    network: proxy
entryPoints:
  web:
    address: :80
    http:
      redirections:
        entrypoint:
          to: websecure
          scheme: https
  websecure:
    address: :443
    http:
      tls:
        # Generate a wildcard domain certificate
        certResolver: letsencrypt
        domains:
          - main: false.webredirect.org
            sans:
              - '*.false.webredirect.org'

ping: true

certificatesResolvers:
  letsencrypt:
    acme:
      email: ionized@protonmail.com
      storage: /letsencrypt/acme.json
      dnsChallenge:
        provider: dynu
        resolvers:
          - '1.1.1.1'
          - '1.0.0.1'

providers:
  file:
    filename: ./other.yml

Or i messed it up :sweat_smile:

4

Not sure if you need to place providers.docker and providers.file together.

5

According to documentation is not necessary because it is shown there with a full path.
But for simplicity sake :smiley:
I go and test it right now :heart_eyes:

6

Nope
Now both Traefik and my test Wordpress services are kaput.
I suspect a port conflict over port 80.
I try to change that brb.

7

No, sadly my traefik.yml does not like the added:

providers:
  file:
    filename: ./other.yml

EDIT Seems managed to get traefik up and running with the following static config:

api:
  insecure: true

providers:

  docker:
    exposedbydefault: false
    network: proxy

  file:
    filename: /home/mato/util/traefik/config/dynamic_conf.yml

entryPoints:

  web:
    address: :80
    http:
      redirections:
        entrypoint:
          to: websecure
          scheme: https

  websecure:
    address: :443
    http:
      tls:
        # Generate a wildcard domain certificate
        certResolver: letsencrypt
        domains:
          - main: false.webredirect.org
            sans:
              - '*.false.webredirect.org'

ping: true

certificatesResolvers:
  letsencrypt:
    acme:
      email: ionizn@protonmail.com
      storage: /letsencrypt/acme.json
      dnsChallenge:
        provider: dynu
        resolvers:
          - '1.1.1.1'
          - '1.0.0.1'

However the webserver is still 404 unreachable

8

Now it’s time to enable and check Traefik dashboard and debug log :smiley:

1 Like
9

Oook. Let's see:

Traefik dashboard show at the bottom in the category of Providers:

  • Docker
  • file

Concerning log message:
traefik | time="2023-11-28T22:16:21Z" level=error msg="Cannot start the provider *file.Provider: error adding file watcher: no such file or directory"

traefik | time="2023-11-28T22:27:19Z" level=error msg="Error while building configuration (for the first time): error reading configuration file: ./dynamic_conf.yml - open ./dynamic_conf.yml: no such file or directory" providerName=file

Impossible, i tryed everything.
the full path for the dynamic configuration is:
/home/mato/util/traefik/config/dynamic_conf.yml
I tryed everything:
./dynamic_conf.yml
/home/mato/util/traefik/config/dynamic_conf.yml
dynamic_conf.yml
By directory:

providers:
  file:
    directory: /home/mato/util/traefik/config

What else could it be? :thinking:

Finaly i figured it out:

  • I didnt had the dynamic_config.yml mounted as a volume in the docker-compose.yml file.
    - ./dynamic/dynamic_conf.yml:/etc/traefik/dynamic_conf.yml
  • Creating the necessary directory path and my dynamic_conf.yml file
  • Finaly find out what was the right path to use in the traefik.yaml
  file:
    filename: /etc/traefik/dynamic_conf.yml

It works!
I cant really tell you how happy i am.
This is a tremendous leap forward!
Thank you!

10

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.