Traefik under docker with macvlan

Hello. Since I am running synology and the 80 and 443 ports are already taken I created a macvlan network.

Docker file

version: '3'
services:
  traefik:
    container_name: traefik
    image: traefik:latest
    ports:
      - 80:80
      - 443:443
#      - 8383:8080 # Dashboard port
    volumes:
#      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /volume1/docker/security/traefik/:/etc/traefik/
#    networks:
#      - proxy # rename this to your custom docker network
    networks: 
       macvlan_nas:
        ipv4_address: 192.168.1.6
       lan-traefik:
    labels:
      traefik.http.routers.api.rule: Host(`traefik.xx.duckdns.org`)    # Define the subdomain for the traefik dashboard.
      traefik.http.routers.api.entryPoints: https    # Set the Traefik entry point.
      traefik.http.routers.api.service: api@internal    # Enable Traefik API.
      traefik.http.services.dummy.loadBalancer.server.port: 65535
      traefik.enable: true   # Enable Traefik reverse proxy for the Traefik dashboard.
    environment:
      DOCKER_HOST: dockersocket
      DUCKDNS_TOKEN: a3f9907c-043b-4850-b8b2-5af701f52ab6
    restart: unless-stopped
    depends_on:
      - dockersocket

  dockersocket:
    container_name: dockersocket
    image: tecnativa/docker-socket-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      macvlan_nas:
        ipv4_address: 192.168.1.8
      lan-traefik:
    ports:
      - "2375:2375"
    environment:
      CONTAINERS: 1
      POST: 0
    privileged: true
    restart: unless-stopped


networks:
  macvlan_nas:
    external: true
  lan-traefik:
    driver: bridge
    external: true

I added another container to be able to communicate to traefik:

version: '3.8'
services:
  pingvin-share:
    image: stonith404/pingvin-share
    restart: unless-stopped
    ports:
      - 3001:3000
    networks:
      - lan-traefik
    volumes:
      - "/volume1/docker/pingvin:/opt/app/backend/data"
      - "/volume1/docker/pingvin/images:/opt/app/frontend/public/img"
    labels:
      traefik.enable: true
      traefik.http.routers.files.entryPoints: https
      traefik.http.routers.app.rule: Host(`xx.xx.duckdns.org`)
# Optional: If you add ClamAV, uncomment the following to have ClamAV start first.
    depends_on:
      clamav:
        condition: service_healthy
# Optional: Add ClamAV (see README.md)  
# ClamAV is currently only available for AMD64 see https://github.com/Cisco-Talos/clamav/issues/482
  clamav:
    restart: unless-stopped
    image: clamav/clamav
    networks:
      - lan-traefik

networks:
  lan-traefik:
    driver: bridge
    external: true

Now my issues:

SSL appears as xx.duckdns instead of xx.xx.duckdns org, or ex traefik.xx.duckdns.org

I think this is why my kuma monitoring is failing:

write EPROTO C01724A5DC7F0000:error:0A000458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 112

traefik dashboard is available over internet...this should not be the case... << this one is now solved

Any ideas?

Thanks!

Share your static and dynamic Traefik config.

Did you create x.y.example.com domain with correct IP?

Does you home router forward ports to Traefik?

How do you create the TLS cert?

Note that LetsEncrypt needs external port 80 or 443 to be available, or more complicated dnsValidation.