Traefik v2 router Path rule not working

Traefik Traefik v2 (latest)
1

Hi there,

I am relatively new to Docker, trying to set up Traefik v2 as a reverse proxy locally for a bunch of services on a home server before tying it to my public domain and configuring certificates, etc. Keeping it simple to start. I was having better luck with commands and labels than a config file, so trying to do everything within Docker Compose. When I set a router up to use the Host rule, like for the Traefik dashboard, I have no problem accessing the service (and even got the middleware to check that the connection is local, great.) When I try to use Path, however, I can't access it. I have confirmed that all containers are on the same Docker network, and when I open a shell inside the traefik container I can successfully curl for the connected container and port. But when I visit the path on the host, I get a 404. I went back a few versions just to make sure I wasn't stumbling into a recent breaking change that might not be well-documented. Didn't help. Been working on this for days. Docker Compose file below:

	version: "3.8"

	services:
	  traefik:
	    container_name: traefik
	    image: traefik:v2.1.2
	    restart: always
	    command:
	      - "--api.dashboard=true"
	      - "--log.level=INFO"
	      - "--providers.docker=true"
	      - "--providers.docker.exposedbydefault=false"
	      - "--entrypoints.web.address=:80"
	      - "--log.filePath=/logs/traefik.log"
	      - "--log.format=json"
	    environment:
	      - TZ=${TZ}
	    ports:
	      - "80:80"
	      - "443:443"
	      # - "8080:8080"
	    volumes:
	      - /var/run/docker.sock:/var/run/docker.sock:ro
	      # - ${CONFIGDIR}/traefik/acme.json:/acme.json
	      - ${CONFIGDIR}/traefik/logs:/logs
	    networks:
	      - proxy
	    labels:
	      - traefik.enable=true
	      - docker.domain=doghouse.lan
	      - traefik.http.routers.api.service=api@internal
	      - traefik.http.routers.api.entrypoints=web
	      - traefik.http.routers.api.rule=Host(`machine.lan`)
	      - traefik.http.routers.api.middlewares=lan
	      - traefik.http.middlewares.lan.ipwhitelist.sourcerange=192.168.1.0/24

	  portainer:
	    container_name: portainer
	    image: portainer/portainer-ce
	    restart: always
	    # ports:
	    #   - "8000:8000"
	    #   - "9000:9000"
	    networks:
	      - proxy
	    volumes:
	      - /var/run/docker.sock:/var/run/docker.sock
	      - portainer_data:/data
	      - /srv/docker/shared:/shared
	    environment:
	      - TZ=${TZ}
	    labels:
	      - traefik.enable=true
	      - traefik.http.services.portainer.loadbalancer.server.port=9000
	      - traefik.http.routers.portainer.service=portainer
	      - traefik.http.routers.portainer.rule=Path(`/portainer`)
	      - traefik.http.routers.portainer.entrypoints=web
		     

	#  VOLUMES
	volumes:
	  portainer_data:
		
	# NETWORKS
	networks: 
	  proxy:
	    driver: bridge

For the portainer container, I've tried both:

	- traefik.http.routers.portainer.rule=Path(`/portainer`)
	- traefik.http.routers.portainer.rule=Host(`machine.lan`) && Path(`/portainer`)

...and neither get me to the service via http://machine.lan/portainer via the basic web entrypoint. I would honestly prefer subdomains, but I haven't dug into how I could resolve them with the local domain provided by my router.

Dashboard screenshots attached for reference.

Screen Shot 2020-10-15 at 10.06.23 PM
Screen Shot 2020-10-15 at 10.06.23 PM1898×1408 169 KB
Screen Shot 2020-10-15 at 10.06.36 PM
Screen Shot 2020-10-15 at 10.06.36 PM2856×1638 227 KB

Any help or guidance would be hugely appreciated... Thank you!

1 Like
2

Try this simple test. Expose the portainer port 9000 with docker (to eliminate traefik form the equation) and go to http://your_host:9000/portainer. You will get 404. This is because portainer application does not serve anything at /portainer url. So naturally, you will get exactly the same result when using traefik.

I'm personally not a fan of hosting random apps behind url prefixes they do not expect, but with portainer I think a couple of people had success.

I though, recommend using a sub domain if you can at all, that's what I do.

3

Amazing, thank you! I should have realized that but stared at it and so many google searches for so many hours words lost most meaning.

The regex is working great, will note that there might be some applications that don't like it so much.

Once I move from the local domain to my public one I'll definitely be updating to use subdomains.

...is there an easy way to configure a local network to recognize subdomains? My router (Firewalla Gold... seriously love it, highly recommend) has a Local Domain feature that gives me machine.lan but there's no way to configure subdomains to my knowledge. Was running AdGuard Home as a local DNS server with a custom filter that equated to a Host entry for machine.lan as well, for when the router was leaning on that for DNS. But don't think there's any way to do subdomains there either.

Anyway, thank you so so much! Was tempted to quit but now I'm ready to keep building the stack!

4

You can always change the hosts file on the machines that need access your traefik instance with the correct host records.

A better solution will be to do this on your router if it supports, or run and set up a custom dns server. In the latter case all the computers that access the traefik instance need to be configured to use that dns server, which is usually done via DHCP. Again a router can support that or you can use an external one. I've heard some people used pfsense with some success for DNS/DHCP.

5

I spun up AdGuard Home again, using that for DNS and entered the subdomains in custom filtering rules like a hosts fileentry. Can't wildcard so I'll have to keep it manually updated, but my list isn't going to grow infinitely so shouldn't be too much of a hassle. Thanks again for the help!

6

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.