Traefik v2 with host mode doesn't work after reboot

Traefik Traefik v2
,
1

Hello,
I have a Traefik (docker swarm) with this configuration for ports:

    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host

It works fine but after a reboot, it seem traefik doesn't listen on these ports. To fix that I need to put ports like this:

    ports:
      - 443:443
      - 80:80

Deploy it then put again the first config and deploy it and it works as before reboot.
It look like host mode is bad setup after the reboot.

OS version: Ubuntu 20.04
Docker version: 20.10.11
Traefik version: 2.3 (I will try with last version)

Any idea or someone with the same bug ?

2

Strange behaviour. Never seen before.
Could you ping here full docker-compose please?

3 
version: '3.8'

services:
  reverse-proxy:
    image: traefik:v2.3
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./traefik.toml:/etc/traefik/traefik.toml
      - ./traefik-dynamic.toml:/etc/traefik/dynamic.toml
      - ./acme.json:/acme.json
      - /var/run/docker.sock:/var/run/docker.sock
    env_file:
      - ".env"
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.traefik-secure.loadbalancer.server.port=443"
        - "traefik.http.routers.traefik-secure.entrypoints=websecure"
        - "traefik.http.routers.traefik-secure.rule=Host(`site.com`)"
        - "traefik.http.routers.traefik-secure.tls=true"
        - "traefik.http.routers.traefik-secure.tls.certresolver=letsencrypt"
        - "traefik.http.routers.traefik-secure.tls.domains[0].main=site.com"
        - 'traefik.http.routers.traefik-secure.tls.domains[0].sans=*.site.com'
        - "traefik.http.routers.traefik-secure.middlewares=auth"
        - "traefik.http.middlewares.auth.basicauth.users=<somepassword>"
        - "traefik.http.routers.traefik-secure.service=api@internal"
        # Metrics traefik only
        - "traefik.http.services.traefik-metrics.loadbalancer.server.port=443"
        - "traefik.http.routers.traefik-metrics.entrypoints=websecure"
        - "traefik.http.routers.traefik-metrics.rule=Host(`traefik-metrics.site.com`)"
        - "traefik.http.routers.traefik-metrics.tls=true"
        - "traefik.http.routers.traefik-metrics.tls.certresolver=letsencrypt"
        - "traefik.http.routers.traefik-metrics.middlewares=auth"
        - "traefik.http.routers.traefik-metrics.service=prometheus@internal"

    restart: always
    networks:
      - some networks

networks:
  <some external networks>

I'm trying to setup an other host to see if I can reproduce this.

4

Try to add placement for the managers for traefik service:

placement:
  constraints: 
    - node.role==manager

if It doesn't work try to change publish port to ingress;

ports:
  - target: 80
    published: 80
    protocol: tcp
    mode: ingress
  - target: 443
    published: 443
    protocol: tcp
    mode: ingress
5

It's a swarm with single node.

I use mode host to get the IP of clients to be able to create whitelist on it.

I have tried on another server (Ubuntu 18.04) it seems to work. Furthermore, I'm reinstalling the server in 20.04 to try again.

6

It works with ingress mode. I just tried to be sure, but it's same as:

ports:
  - 443:433
  - 80:80

right ?

7

It should work fine with ingress mode.

8

It works fine in ingress mode.
I'm trying on another server to reproduce:

  • Same docker version
  • Same traefik version/compose
  • Same kernel
    But can't actually reproduce. I will update this topic when I have more informations
9

I have tried with a nginx and port mode host and same problem.
The issue seems to come for the port 80 at least because on port 8000 for example, I don't have an issue.