Dear community,
I am trying to expose the port 5432 of my DB container through traefik. That is something we could argue against but I would like to understand where I fail...
I am using the base configuration from https://dockerswarm.rocks (which is great by the way). Traefik works perfectly on 80 and 443 ports. I can access for instance pgadmin container, which can access the DB container.
Now, for the purpose of my use case, I have made the following changes:
-
on traefik's side:
- exposed 5432 on traefik container
ports: ... - 5432:5432
- created a dedicated entrypoint
command: > ... --entrypoints='Name:db Address::5432'
- exposed 5432 on traefik container
-
on the db container's side:
- added traefik labels and network
db: deploy: labels: traefik.docker.network: traefik-public traefik.enable: "true" traefik.frontend.rule: Host:db.mocks.cortexia.io traefik.port: '5432' traefik.tags: traefik-public traefik.webservice.frontend.entryPoints: db
- added traefik labels and network
As a result, I can still access for instance pgadmin container, which can access the DB container (no surprise), I can see in traefik webmin the definitions of the frontend and backend.
But when I try to psql the swarm on the proper host:port... the connection timeouts, and I cannot see anything related to my request in traefik logs
I am kind of lost at this point... any help/idea is welcome.
Here is the detailed description of service for traefik container:
...
traefik:
image: traefik:v1.7.12 #I also tried with 1.7.13 and 1.7.14
ports:
- 80:80
- 443:443
- 5432:5432
deploy:
replicas: ${TRAEFIK_REPLICAS:-3}
placement:
constraints:
- node.role == manager
preferences:
- spread: node.id
labels:
- traefik.frontend.rule=Host:traefik.${DOMAIN}
- traefik.enable=true
- traefik.port=8080
- traefik.tags=traefik-public
- traefik.docker.network=traefik-public
# Traefik service that listens to HTTP
- traefik.redirectorservice.frontend.entryPoints=http
- traefik.redirectorservice.frontend.redirect.entryPoint=https
# Traefik service that listens to HTTPS
- traefik.webservice.frontend.entryPoints=https
- traefik.frontend.auth.basic.users=${USERNAME}:${HASHED_PASSWORD}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: >
--docker
--docker.swarmmode
--docker.watch
--docker.exposedbydefault=false
--constraints=tag==traefik-public
--entrypoints='Name:http Address::80'
--entrypoints='Name:https Address::443 TLS'
--entrypoints='Name:db Address::5432'
--consul
--consul.endpoint="consul-leader:8500"
--acme
--acme.email=${EMAIL}
--acme.storage="traefik/acme/account"
--acme.entryPoint=https
--acme.httpChallenge.entryPoint=http
--acme.onhostrule=true
--acme.acmelogging=true
--logLevel=INFO
--accessLog
--api
networks:
- default
- traefik-public
depends_on:
- consul-leader
Thanks for your advice,
Manu