Background: I have Traefik3 running in front of 12+/- containers all accessible correctly. DNS is provided by Adguard home for internal apps and cloudflared tunnel for external. All that works fine. Server is Ubuntu 22.04.4 LTS, docker version 27.2.1.
I am setting up some new machines and decided I wanted to run syncthing to push config from my dev server to my live server etc., followed the documentation, and got syncthing running fine. However the GUI is only accessible from 127.0.0.1 and all of my machines are headless ubuntu servers. So I need a reverse proxy, easy.
Synthing is not running in a container, I don't like the idea of giving a container read/write access for source code for all my containers. Using a file provider and ip router traefik should be able to access services outside of docker, I have used it to point at other machines, but in this case we need to point at the host machine. And based on syncthing's setup, it has to be accessed via 127.0.0.1:8384, the standard 192.168.0.x:8384 will not work.
Based on my other traefik rules I put the following router together (I know the formatting is off, copy paste made a mess):
http: routers: sync: entryPoints: - "web" rule: "Host(`sync.my-domain.tld`)" service: "sync" services: sync: loadbalancer: servers: - url: http://127.0.0.1:8384
This creates a router that shows up as healthy in the traefik dashboard and points to 127.0.0.1, however navigating to sync.my-domain.tld results in a bad gateway. On the host machine curl http://127.0.0.1:8384 returns the expected wall of html, however docker exec -it traefik wget 127.0.0.1:8384 returns wget: can't connect to remote host (127.0.0.1): Connection refused
I have also tried using host.docker.local:8384 which also shows healthy, but results in an internal server error 500.
Conclusion: my traefik config cannot access the host network directly. Even though I can access it by bouncing off the network router using 192.168.0.x.
I do have insecureSkipVerify: true set just incase, and I have even disabled my firewall to test that possibility, but I am unsure what to try next.
Does anyone have a working config for running syncthing behind traefik3? Or more generally just to access a host machine service?
Thanks!
Treafik.yml is below, again, please excuse the formatting.
traefik.yml
#API Settings api: dashboard: true insecure: true #Logging log: level: ERROR # filePath: '/traefik/logs/traefik.log' accessLog: filePath: '/traefik/logs/access.log' bufferingSize: 100 filters: statuscodes: - "300-399" #Redirection - "400-499" # Client Error - "500-599" #Server Error #Providers providers: docker: exposedByDefault: false endpoint: 'tcp://dockerproxy:2375' #Wollomatic Socket Proxy network: 'socket-proxy' #Network for socket proxy file: directory: '/etc/traefik/dynamic' watch: true #Allow insecure backend connections. serverTransport: insecureSkipVerify: true #Entrypoints entryPoints: web: address: ':80' #LAN Insecure web-secure: address: ':443' #LAN Secure tunnel: address: ':81' #Cloudflared Tunnel Entrypoint
