Web Management Router

flatteryj · February 28, 2022, 4:42pm

I am having difficulty in splitting my traffic between routers. I ultimately want to have applications reachable at ports 80 & 443 while management interfaces are reachable at 8080 & 8443.

Currently I am able to reach http:\\whoami01.mydomain.com but i am not able to reach http:\\whoami02.mydomain.com:8080

What am I missing?

version: "3.7"

services:

  traefik:
    image: traefik:v2.6
    container_name: traefik
    restart: always
    command:
      - "--log.level=info"
      - "--log.format=common"
      - "--log.filePath=/var/log/traefik.log"
      - "--accesslog=true"
      - "--accesslog.format=common"
      - "--accesslog.filepath=/var/log/access.log"
      - "--accesslog.filters.statuscodes=400-599"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"

      # Configure entrypoint
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.webman.address=:8080"
      - "--entrypoints.webmansec.address=:8443"

      # SSL configuration
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=${DNS_PROVIDER}"
      - "--certificatesresolvers.myresolver.acme.caserver=${CA_SERVER}"
      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"

      # Enable dashboard
      # - "--api.insecure=true"
      - "--api.dashboard=true"

    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host

      - target: 443
        published: 443
        protocol: tcp
        mode: host

      - target: 8080
        published: 8080
        protocol: tcp
        mode: host

      - target: 8443
        published: 8443
        protocol: tcp
        mode: host

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`${FQDN}`)"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.rule=Host(`traefik-ui.${FQDN}`)"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver"
      - "traefik.http.routers.traefik.tls.domains[0].main=${FQDN}"
      - "traefik.http.routers.traefik.tls.domains[0].sans=*.${FQDN}"
      - "traefik.http.routers.traefik.service=api@internal"

    environment:
      - ${DNS_API_USER}
      - ${DNS_API_KEY}

    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/var/log/traefik:/var/log"
      #- "./config:/etc/traefik"

  whoami01:
    image: traefik/whoami
    container_name: whoami01
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami01.entrypoints=web"
      - "traefik.http.routers.whoami01.rule=Host(`whoami01.${FQDN}`)"

  whoami02:
    image: traefik/whoami
    container_name: whoami02
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami02.entrypoints=webman"
      - "traefik.http.routers.whoami02.rule=Host(`whoami02.${FQDN}`)"
      - "traefik.http.routers.whoami02.service=whoami02"
      - "traefik.http.services.whoami02.loadbalancer.server.port=80"

networks:
  default:
    external: true
    name: traefik

flatteryj · February 28, 2022, 4:59pm

Resolved! It was an infrastructure issue. Had to adjust my firewall rules unblock the traffic

ldez · February 28, 2022, 5:13pm

Happy that you resolve your issue.

I would like to give you an "optimized" version of your docker-compose file:

version: "3.7"

services:

  traefik:
    image: traefik:v2.6
    container_name: traefik
    restart: always
    command:
      - --log.level=info
      - --log.format=common
      - --log.filePath=/var/log/traefik.log
      - --accesslog=true
      - --accesslog.format=common
      - --accesslog.filepath=/var/log/access.log
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false

      # Configure entrypoints
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https

      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
      - --entrypoints.websecure.http.tls.certResolver=myresolver
      - --entrypoints.websecure.http.tls.domains[0].main=${FQDN}
      - --entrypoints.websecure.http.tls.domains[0].sans=*.${FQDN}

      - --entrypoints.webman.address=:8080
      - --entrypoints.webman.http.redirections.entrypoint.to=webmansec
      - --entrypoints.webman.http.redirections.entrypoint.scheme=https

      - --entrypoints.webmansec.address=:8443
      - --entrypoints.webmansec.http.tls=true
      - --entrypoints.webmansec.http.tls.certResolver=myresolver

      # ACME configuration
      - --certificatesresolvers.myresolver.acme.dnschallenge=true
      - --certificatesresolvers.myresolver.acme.dnschallenge.provider=${DNS_PROVIDER}
      - --certificatesresolvers.myresolver.acme.caserver=${CA_SERVER}
      - --certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}
      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json

      # Enable dashboard
      - --api.dashboard=true
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
      - "8443:8443"

    labels:
      traefik.enable: true
      traefik.http.routers.traefik.rule: Host(`traefik-ui.${FQDN}`)
      traefik.http.routers.traefik.entrypoints: web,websecure
      traefik.http.routers.traefik.service: api@internal

    environment:
      - ${DNS_API_USER}
      - ${DNS_API_KEY}

    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./letsencrypt:/letsencrypt"
      - "/var/log/traefik:/var/log"

  whoami01:
    image: traefik/whoami
    container_name: whoami01
    labels:
      traefik.enable: true
      traefik.http.routers.whoami01.rule: Host(`whoami01.${FQDN}`)
      traefik.http.routers.whoami01.entrypoints: web,websecure

  whoami02:
    image: traefik/whoami
    container_name: whoami02
    labels:
      traefik.enable: true
      traefik.http.routers.whoami02.rule: Host(`whoami02.${FQDN}`)
      traefik.http.routers.whoami02.entrypoints: webman,webmansec

networks:
  default:
    external: true
    name: traefik

Also, I recommend using a dedicated domain (or subdomain) for the admin routes instead of playing with ports.

A version just to locally try it quickly

version: "3.7"

services:

  traefik:
    image: traefik:v2.6
    container_name: traefik
    restart: always
    command:
      - --log.level=debug

      - --providers.docker=true
      - --providers.docker.exposedbydefault=false

      # Configure entrypoints
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https

      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true

      - --entrypoints.webman.address=:8080
      - --entrypoints.webman.http.redirections.entrypoint.to=webmansec
      - --entrypoints.webman.http.redirections.entrypoint.scheme=https

      - --entrypoints.webmansec.address=:8443
      - --entrypoints.webmansec.http.tls=true

      # Enable dashboard
      - --api.dashboard=true
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
      - "8443:8443"

    labels:
      traefik.enable: true
      traefik.http.routers.traefik.rule: Host(`traefik-ui.localhost`)
      traefik.http.routers.traefik.entrypoints: web,websecure
      traefik.http.routers.traefik.tls: true
      traefik.http.routers.traefik.service: api@internal


    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  whoami01:
    image: traefik/whoami
    container_name: whoami01
    labels:
      traefik.enable: true
      traefik.http.routers.whoami01.rule: Host(`whoami01.localhost`)
      traefik.http.routers.whoami01.entrypoints: web,websecure

  whoami02:
    image: traefik/whoami
    container_name: whoami02
    labels:
      traefik.enable: true
      traefik.http.routers.whoami02.rule: Host(`whoami02.localhost`)
      traefik.http.routers.whoami02.entrypoints: webman,webmansec

$ curl -k https://whoami01.localhost
Hostname: f9e69363d297
IP: 127.0.0.1
IP: 172.18.0.2
RemoteAddr: 172.18.0.3:36632
GET / HTTP/1.1
Host: whoami01.localhost
User-Agent: curl/7.81.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 172.18.0.1
X-Forwarded-Host: whoami01.localhost
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: c1dc21278a9a
X-Real-Ip: 172.18.0.1

$ curl -k https://whoami02.localhost:8443
Hostname: a27602523f38
IP: 127.0.0.1
IP: 172.18.0.4
RemoteAddr: 172.18.0.3:58070
GET / HTTP/1.1
Host: whoami02.localhost:8443
User-Agent: curl/7.81.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 172.18.0.1
X-Forwarded-Host: whoami02.localhost:8443
X-Forwarded-Port: 8443
X-Forwarded-Proto: https
X-Forwarded-Server: c1dc21278a9a
X-Real-Ip: 172.18.0.1

system · March 3, 2022, 5:13pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do I route to http://host.docker.internal:3000? Traefik v2 (latest) docker	1	14	April 18, 2024
Traefik does not route correctly to apps Traefik v2 (latest) docker	0	368	April 21, 2022
How to direct traefik 2 api site to a subdomain? Traefik v2 (latest) docker	4	4044	October 1, 2019
Traefik wont route subdomain except .localhost, can access dashboard and docker applications through domain:port Traefik v2 (latest) docker , letsencrypt-acme	5	2871	May 1, 2023
Routing Websockets on different port with Traefik 2.4 Traefik v2 (latest) docker , file	2	1288	September 18, 2022

Web Management Router

Related Topics