I've posted an issue here: https://github.com/containous/traefik/issues/6032#event-2882249668
Unfortunately it was closed by the bot.
To me, it's a bug, as it shows errors that should not be there, or the documentation does not mention clearly enough that this is not possible?
I'd be grateful for someone having a brief look at it.
Hey,
I just had a brief look on your issue and it looks indeed "interesting".
Can you pass a full log, when it also displays that Traefik received configuration from the docker provider? That might help in figuring out whether it's a race condition or not.
Thanks! I don't think there's any additional logs from the Docker provider – that's all there is. You can see that it picked up the services by the other logs after the "default certificate", e.g.:
traefik | time="2019-12-13T18:00:47Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [web traefik]" routerName=test-traefik-test@dockerHello,
traefik | time="2019-12-13T17:55:51Z" level=error msg="the service \"test-traefik-test@docker\" does not exist" entryPointName=web routerName=test@file
the message comes because the loading of the dynamic configuration from the file provider is faster than the docker provider, it's expected because to get the configuration from docker we need to made some calls to the docker API.
So you have to define the dynamic configuration for the file provider after the launch of Traefik.
There are no race condition because only the router with a certResolver set on it will be used to get certificates.
version: "3.7"
services:
traefik:
image: "traefik:v2.1.1"
container_name: "traefik"
command:
- --log.level=INFO
- --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443
- --api.insecure=true
- --providers.docker.exposedbydefault=false
- '--providers.docker.defaultRule=Host(`{{ .Name }}.localhost`)'
- --providers.file.directory=/config
- --providers.file.watch=true
- --certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.leresolver.acme.email=your@email.com
- --certificatesresolvers.leresolver.acme.storage=/acme/acme.json
- --certificatesresolvers.leresolver.acme.tlschallenge=true
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./config/:/config"
- "./acme/:/acme"
test:
image: containous/whoami
labels:
traefik.enable: true
traefik.http.services.myservice.loadbalancer.server.port=80
http:
routers:
test:
rule: Host(`test.localhost`)
service: myservice@docker
tls:
certResolver: le
entryPoints:
- websecure
Thanks for providing a bit of context.
How would I go about "later" loading the dynamic config though? When starting the Docker services, I can't really put a timeout on the mount. During deployment this is probably not possible.
But I guess I'll live with the errors for now; everything is running stable after the initial error messages, and the certificates are resolved.