Thanks a lot !
Full working example if anyone passes by here later 
docker-compose.yml with:
| service | version |
|---|---|
docker-compose |
3 |
traefik |
v2.6 |
cadvisor |
v0.43.0 |
whoami |
n/a |
version: '3'
networks:
web:
external: true
internal:
external: false
volumes:
# Volume to store traefik certificates
traefik-letsencrypt:
traefik:
image: "traefik:v2.6"
container_name: "traefik"
command:
- "--log.level=DEBUG"
# http://HOSTNAME:8080/dashboard/#/
- "--api.dashboard=true"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.network=internal"
# Redirect http to https
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
# Https : port 443, with letsencrypt certificates
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
# staging letsencrypt, to move to
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=postmaster@${DOMAIN}"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
# Expose prometheus metrics : KO - not working
# logs :
# level=error msg="entryPoint \"metrics\" doesn't exist" routerName=prometheus@internal entryPointName=metrics
# level=error msg="no valid entryPoint for this router" routerName=prometheus@internal
- "--metrics.prometheus=true"
- '--metrics.prometheus.buckets=0.1,0.3,1.2,5.0'
#- "--metrics.prometheus.entrypoint=metrics"
#- "--accesslog=true"
#- "--tracing=true"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- traefik-letsencrypt:/letsencrypt
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- web
- internal
whoami:
image: "traefik/whoami"
container_name: "whoami"
networks:
- internal
labels:
- traefik.enable=true
- traefik.docker.network=internal
- traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)
- traefik.http.routers.whoami.entrypoints=websecure
- traefik.http.routers.whoami.tls.certresolver=myresolver
- traefik.http.services.whoami.loadbalancer.server.port=80
# Container Advisor : mesures of docker containers
cadvisor:
image: gcr.io/cadvisor/cadvisor:v0.43.0
container_name: cadvisor
privileged: true
devices:
- /dev/kmsg:/dev/kmsg
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
#- /var/snap/docker/common/var-lib-docker:/var/lib/docker:ro # for ubuntu snap installation of docker
- /var/lib/docker:/var/lib/docker:ro # does not exist for ubuntu snap installation of docker
#- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
- /sys/fs/cgroup/:/cgroup:ro # where I found it on ubuntu 18.04
- /etc/machine-id:/etc/machine-id:ro
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id:ro
#network_mode: host
command:
- '--docker_only=true'
- '--housekeeping_interval=10s'
restart: always
expose:
- 8080
networks:
- internal
healthcheck:
test: ["CMD", "wget", "--tries=1", "--spider", "http://localhost:8080/healthz"]
interval: 10s
timeout: 5s
environment:
- CADVISOR_HEALTHCHECK_URL=http://localhost:8080/cadvisor/healthz
labels:
- org.label-schema.group="monitoring"
- traefik.enable=true
- traefik.docker.network=internal
- traefik.http.services.cadvisor.loadbalancer.server.port=8080
#- traefik.http.routers.cadvisor.rule=PathPrefix(`/cadvisor`)
- traefik.http.routers.cadvisor.rule=Host(`cadvisor.${DOMAIN}`)
- traefik.http.routers.cadvisor.entrypoints=websecure
- traefik.http.routers.cadvisor.tls.certresolver=myresolver
# https://stackoverflow.com/questions/65020158/google-cadvisor-with-traefik