Traefik v2.6 - dynamic configuration

Hello,

I am struggling with traeffik, trying to keep everything in my docker-compose file and trying to allow the discovery of my other running containers

  • traefik dashboard works and shows some containers routers beeing ok, but besides the whoami service nothing else is routed correctly (nothing works besides whoami).

  • this is my current configuration of traefik :

version: '3'

networks:
  web:
    external: true
  internal:
    external: false

volumes:
   netdataconfig:
   netdatalib:
   netdatacache:
   # Volume to store traefik certificates
   traefik-letsencrypt:

services:
  traefik:
    image: "traefik:v2.6"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      # http://ud2.mydomain.com:8080/dashboard/#/
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.network=internal"
        # Redirect http to https
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
        # Https : port 443, with letsencrypt certificates
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
        # staging letsencrypt, to move to
      - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=postmaster@${DOMAIN}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
        # Expose prometheus metrics : KO - not working
        # logs :
        # level=error msg="entryPoint \"metrics\" doesn't exist" routerName=prometheus@internal entryPointName=metrics
        # level=error msg="no valid entryPoint for this router" routerName=prometheus@internal
        #- "--metrics.prometheus=true"
        #- '--metrics.prometheus.buckets=0.1,0.3,1.2,5.0'
        #- "--metrics.prometheus.entrypoint=metrics"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - traefik-letsencrypt:/letsencrypt
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
  • This service works correctly both https (http rerouted to https)
  whoami:
    image: "traefik/whoami"
    container_name: "whoami"
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)
      - traefik.http.routers.whoami.entrypoints=websecure
      - traefik.http.routers.whoami.tls.certresolver=myresolver
      - traefik.http.services.whoami.loadbalancer.server.port=80
  • netdata : Gateway Timeout
  netdata:
    container_name: netdata
    image: netdata/netdata
    #ports:
    #  - 19999:19999
    networks:
      - internal
    cap_add:
      - SYS_PTRACE
    security_opt:
      - apparmor:unconfined
    volumes:
      - /etc/passwd:/host/etc/passwd:ro
      - /etc/os-release:/host/etc/os-release:ro
      - /etc/group:/host/etc/group:ro
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
    labels:
      - traefik.enable=true
      - traefik.http.routers.netdata.rule=Host(`netdata.${DOMAIN}`)
      - traefik.http.routers.netdata.entrypoints=websecure
      - traefik.http.routers.netdata.tls.certresolver=myresolver
      - traefik.http.services.netdata.loadbalancer.server.port=19999
  • cadvisor 404 page not found
        # Container Advisor : mesures of docker containers
  cadvisor:
    image: gcr.io/cadvisor/cadvisor:v0.43.0
    container_name: cadvisor
    privileged: true
    devices:
      - /dev/kmsg:/dev/kmsg
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:rw
      - /sys:/sys:ro
      #- /var/snap/docker/common/var-lib-docker:/var/lib/docker:ro # for ubuntu snap installation of docker
      - /var/lib/docker:/var/lib/docker:ro # does not exist for ubuntu snap installation of docker
      #- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
      - /sys/fs/cgroup/:/cgroup:ro # where I found it on ubuntu 18.04
      - /etc/machine-id:/etc/machine-id:ro
      - /var/lib/dbus/machine-id:/var/lib/dbus/machine-id:ro
        #network_mode: host
    command:
      - '--docker_only=true'
      - '--housekeeping_interval=10s'
    restart: always
    environment:
      - CADVISOR_HEALTHCHECK_URL=http://localhost:8080/cadvisor/healthz
    labels:
            #- org.label-schema.group="monitoring"
      - traefik.enable=true
      - traefik.http.routers.cadvisor.rule=Host(`cadvisor.${DOMAIN}`)
      - traefik.http.routers.cadvisor.entrypoints=websecure
      - traefik.http.routers.cadvisor.tls.certresolver=myresolver
      - traefik.http.services.cadvisor.loadbalancer.server.port=8080
        #ports:
        #    - 9090:8080
    networks:
      - internal

I actually don't even understand why netdata and cadvisor result in different error messages.

Thanks in advance for any clue that might help !

Traefik and whoami share the same network, none is defined so they have ${PROJECT_NAME}_default.

Netdata is only on the internal network. Traefik and Netdata need a common network. Add netdata to default or vice versa. If netdata uses two network you will need to add another label traefik.docker.network.

Cadvisor would have the same issue with networking, but as a guess the container isn't starting correctly, thus the labels are not detected.

2 Likes

Thanks a lot !

Full working example if anyone passes by here later :slight_smile:

version: '3'

networks:
  web:
    external: true
  internal:
    external: false

volumes:
   netdataconfig:
   netdatalib:
   netdatacache:
   # Volume to store traefik certificates
   traefik-letsencrypt:

  traefik:
    image: "traefik:v2.6"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
	  # http://HOSTNAME:8080/dashboard/#/ 
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.network=internal"
        # Redirect http to https
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
        # Https : port 443, with letsencrypt certificates
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
        # staging letsencrypt, to move to
        #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=postmaster@${DOMAIN}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
        # Expose prometheus metrics : KO - not working
        # logs :
        # level=error msg="entryPoint \"metrics\" doesn't exist" routerName=prometheus@internal entryPointName=metrics
        # level=error msg="no valid entryPoint for this router" routerName=prometheus@internal
      - "--metrics.prometheus=true"
      - '--metrics.prometheus.buckets=0.1,0.3,1.2,5.0'
      #- "--metrics.prometheus.entrypoint=metrics"
      #- "--accesslog=true"
        #- "--tracing=true"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - traefik-letsencrypt:/letsencrypt
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    networks:
      - web
      - internal

  whoami:
    image: "traefik/whoami"
    container_name: "whoami"
    networks:
      - internal
    labels:
      - traefik.enable=true
      - traefik.docker.network=internal
      - traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)
      - traefik.http.routers.whoami.entrypoints=websecure
      - traefik.http.routers.whoami.tls.certresolver=myresolver
      - traefik.http.services.whoami.loadbalancer.server.port=80

  # Container Advisor : mesures of docker containers
  cadvisor:
    image: gcr.io/cadvisor/cadvisor:v0.43.0
    container_name: cadvisor
    privileged: true
    devices:
      - /dev/kmsg:/dev/kmsg
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:rw
      - /sys:/sys:ro
      #- /var/snap/docker/common/var-lib-docker:/var/lib/docker:ro # for ubuntu snap installation of docker
      - /var/lib/docker:/var/lib/docker:ro # does not exist for ubuntu snap installation of docker
      #- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
      - /sys/fs/cgroup/:/cgroup:ro # where I found it on ubuntu 18.04
      - /etc/machine-id:/etc/machine-id:ro
      - /var/lib/dbus/machine-id:/var/lib/dbus/machine-id:ro
        #network_mode: host
    command:
      - '--docker_only=true'
      - '--housekeeping_interval=10s'
    restart: always
    expose:
      - 8080
    networks:
      - internal
    healthcheck:
      test: ["CMD", "wget", "--tries=1", "--spider", "http://localhost:8080/healthz"]
      interval: 10s
      timeout: 5s
    environment:
      - CADVISOR_HEALTHCHECK_URL=http://localhost:8080/cadvisor/healthz
    labels:
      - org.label-schema.group="monitoring"
      - traefik.enable=true
      - traefik.docker.network=internal
      - traefik.http.services.cadvisor.loadbalancer.server.port=8080
        #- traefik.http.routers.cadvisor.rule=PathPrefix(`/cadvisor`)
      - traefik.http.routers.cadvisor.rule=Host(`cadvisor.${DOMAIN}`)
      - traefik.http.routers.cadvisor.entrypoints=websecure
      - traefik.http.routers.cadvisor.tls.certresolver=myresolver

        # https://stackoverflow.com/questions/65020158/google-cadvisor-with-traefik


  # https://hub.docker.com/r/gregyankovoy/goaccess
  goaccess:
    image: gregyankovoy/goaccess
    container_name: goaccess
    #ports:
            #        - 7889:7889
    networks:
            - internal
    volumes:
            - /var/log/nginx/:/opt/log
            - ./goaccess:/config
            - goaccess-html:/config/html
            - goaccess-data:/tmp
            - ./goaccess-test/goaccess.sh:/usr/local/bin/goaccess.sh
    restart: unless-stopped
    labels:
      - org.label-schema.group="monitoring"
      - traefik.enable=true
      - traefik.docker.network=internal
      - traefik.http.routers.goaccess.rule=Host(`goaccess.${DOMAIN}`)
      - traefik.http.routers.goaccess.entrypoints=websecure
      - traefik.http.routers.goaccess.tls.certresolver=myresolver
      - traefik.http.services.goaccess.loadbalancer.server.port=7889
1 Like

also saved here : Traefik v2 + monitoring (cadvisor, node-exporter, netdata, whoami) dynamic routing · GitHub

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.