Valheim - https and udp redirection

Hello there,

I'm new to traefik. My problem is probably obvious but I can't seem to find what I'm doing wrong.
I have a Traefik docker running and working fine with some web ui redirection with letsEncrypt certificates but now I'm trying to setup a server for the game Valheim which works with udp ports for the connection.

My issue is that the routers and service are not detected by Traefik and I have no idea why.

I've setup the labels on the Valheim server as follows in the docker compose :

version: "3.8"
services:
  valheim:
    image: ghcr.io/lloesche/valheim-server
    cap_add:
      - sys_nice
    volumes:
      - ./config:/config
      - ./data:/opt/valheim
    ports:
      - 2456-2457:2456-2457/udp
      - 9001:9001
    environment:
      - SERVER_NAME="valheim"
      - WORLD_NAME="name"
      - SERVER_PASS=pwd
      - SERVER_PUBLIC=yes
      - SUPERVISOR_HTTP=false
      - SUPERVISOR_HTTP_PORT=9001
      - SUPERVISOR_HTTP_USER=usr
      - SUPERVISOR_HTTP_PASS=pwd
      - TZ=CEST
      - BACKUPS_MAX_COUNT=5
      - VALHEIM_PLUS=false
      - BEPINEX=false
    restart: always
    stop_grace_period: 2m
    labels:
      - traefik.enable=true
      - traefik.http.routers.valheim.rule=Host(`valheim-dash.domain.xyz`)
      - traefik.http.routers.valheim.entrypoints=websecure
      - traefik.http.routers.valheim.tls=true
      - traefik.http.routers.valheim.tls.certresolver=production
      - traefik.http.services.valheim.loadbalancer.server.port=9001
      - traefik.udp.routers.valheim.rule=Host(`valheim.domain.xyz`)
      - traefik.udp.routers.valheim.entrypoints=valheimSix,valheimSeven
      - traefik.udp.services.valheim.loadbalancer.server.port=2456,2457
    networks:
      - frontend
networks:
  frontend:
    external: true

My traefik docker compose :

version: "3"
networks:
  frontend:
    external: true
services:
  traefik:
    image: traefik:v3.0.0-rc5
    container_name: traefik
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
      - target: 2456
        published: 2456
        mode: host
      - target: 2457
        published: 2457
        mode: host
    volumes:
      - /etc/traefik:/etc/traefik
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/traefik/logs:/var/log/traefik
    environment:
      - NAMECHEAP_API_USER=usr
      - NAMECHEAP_API_KEY=key
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.rule=Host(`traefik.domain.xyz`)
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.routers.traefik.entrypoints=websecure
      - traefik.http.routers.traefik.tls.certresolver=production
    networks:
      - frontend
    restart: unless-stopped

Traefik static config :

global:
  checkNewVersion: true
  sendAnonymousUsage: false

# (Optional) Log information
# ---
log:
  level: DEBUG
  filePath: log/traefik.log
  format: json

# (Optional) Accesslog
# ---
#accesslog:
#  format: common  # common, json, logfmt
#  filePath: /var/log/traefik/access.log

# (Optional) Enable API and Dashboard
# ---
api:
  dashboard: true  # true by default
#  insecure: true  # Don't do this in production!

# Entry Points configuration
# ---
entryPoints:
  web:
    address: :80
    # (Optional) Redirect to HTTPS
    # ---
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: :443

  valheimSix:
    address: ":2456/udp"

  valheimSeven:
    address: ":2457/udp"

# -- Configure your CertificateResolver here...
certificatesResolvers:
  staging:
    acme:
      email: admin@domain.xyz    
      storage: /etc/traefik/certs/acme.json
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      dnsChallenge:
        provider: namecheap
        disablePropagationCheck: true
        delayBeforeCheck: 60
        resolvers:
          - "9.9.9.9:53"
          - "149.112.112.112:53"
  production:
    acme:
      email: admin@domain.xyz
      storage: /etc/traefik/certs/acme.json
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      dnsChallenge:
        provider: namecheap
        disablePropagationCheck: true
        delayBeforeCheck: 60
        resolvers:
          - "9.9.9.9:53"
          - "149.112.112.112:53"

# -- (Optional) Disable TLS Cert verification check
serversTransport:
  insecureSkipVerify: true

providers:
  docker:
    exposedByDefault: false  # Default is true
  file:
    # watch for dynamic configuration changes
    directory: /etc/traefik
    watch: true

Any tips or direction would be much appreciated.

Why use traefik:v3.0.0-rc?

For 2 UDP ports, you need to declare both in compose as UDP ports, you need to create two entrypoints with UDP port, you need to create two UDP routers, one for each port, and use a single target UDP port in service for each router.

Thanks, I'll check that out tomorrow.
For the version, I just used the latest when I deployed the container.

Okay so I tested like this:

      - traefik.udp.routers.valheimsix.rule=Host(`valheimSix.domain.xyz`)
      - traefik.udp.routers.valheimsix.entrypoints=valheimSix
      - traefik.udp.routers.valheimseven.rule=Host(`valheimSeven.domain.xyz`)
      - traefik.udp.routers.valheimseven.entrypoints=valheimSeven
      - traefik.udp.services.valheimsix.loadbalancer.server.port=2456
      - traefik.udp.services.valheimseven.loadbalancer.server.port=2457

But didn't work either. If I comment the udp part Traefik does pick up the http entries so it clearly is a miss configuration on the udp part.

After some testing here's what I did which seems to work:

      - traefik.udp.routers.valheim.entrypoints=valheimsix,valheimseven
      - traefik.udp.services.valheim.loadbalancer.server.port=2456,2457

Thank you for your help.

I assume you added UDP to Traefik ports in compose file?

Actually I didn't. I assume it "knows" from the static config that it should be udp ?
Edit: I verified and the ports mapped to the Traefik container are all TCP. Interesting because it does work and my firewall doesn't allow 2456-2457 TCP.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.