I am having difficulty in splitting my traffic between routers. I ultimately want to have applications reachable at ports 80 & 443 while management interfaces are reachable at 8080 & 8443.
Currently I am able to reach http:\\whoami01.mydomain.com
but i am not able to reach http:\\whoami02.mydomain.com:8080
What am I missing?
version: "3.7"
services:
traefik:
image: traefik:v2.6
container_name: traefik
restart: always
command:
- "--log.level=info"
- "--log.format=common"
- "--log.filePath=/var/log/traefik.log"
- "--accesslog=true"
- "--accesslog.format=common"
- "--accesslog.filepath=/var/log/access.log"
- "--accesslog.filters.statuscodes=400-599"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
# Configure entrypoint
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.webman.address=:8080"
- "--entrypoints.webmansec.address=:8443"
# SSL configuration
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=${DNS_PROVIDER}"
- "--certificatesresolvers.myresolver.acme.caserver=${CA_SERVER}"
- "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
# Enable dashboard
# - "--api.insecure=true"
- "--api.dashboard=true"
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- target: 8080
published: 8080
protocol: tcp
mode: host
- target: 8443
published: 8443
protocol: tcp
mode: host
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`${FQDN}`)"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.rule=Host(`traefik-ui.${FQDN}`)"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
- "traefik.http.routers.traefik.tls.domains[0].main=${FQDN}"
- "traefik.http.routers.traefik.tls.domains[0].sans=*.${FQDN}"
- "traefik.http.routers.traefik.service=api@internal"
environment:
- ${DNS_API_USER}
- ${DNS_API_KEY}
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/var/log/traefik:/var/log"
#- "./config:/etc/traefik"
whoami01:
image: traefik/whoami
container_name: whoami01
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami01.entrypoints=web"
- "traefik.http.routers.whoami01.rule=Host(`whoami01.${FQDN}`)"
whoami02:
image: traefik/whoami
container_name: whoami02
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami02.entrypoints=webman"
- "traefik.http.routers.whoami02.rule=Host(`whoami02.${FQDN}`)"
- "traefik.http.routers.whoami02.service=whoami02"
- "traefik.http.services.whoami02.loadbalancer.server.port=80"
networks:
default:
external: true
name: traefik
Resolved! It was an infrastructure issue. Had to adjust my firewall rules unblock the traffic
ldez
February 28, 2022, 5:13pm
3
Happy that you resolve your issue.
I would like to give you an "optimized" version of your docker-compose file:
version: "3.7"
services:
traefik:
image: traefik:v2.6
container_name: traefik
restart: always
command:
- --log.level=info
- --log.format=common
- --log.filePath=/var/log/traefik.log
- --accesslog=true
- --accesslog.format=common
- --accesslog.filepath=/var/log/access.log
- --providers.docker=true
- --providers.docker.exposedbydefault=false
# Configure entrypoints
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls=true
- --entrypoints.websecure.http.tls.certResolver=myresolver
- --entrypoints.websecure.http.tls.domains[0].main=${FQDN}
- --entrypoints.websecure.http.tls.domains[0].sans=*.${FQDN}
- --entrypoints.webman.address=:8080
- --entrypoints.webman.http.redirections.entrypoint.to=webmansec
- --entrypoints.webman.http.redirections.entrypoint.scheme=https
- --entrypoints.webmansec.address=:8443
- --entrypoints.webmansec.http.tls=true
- --entrypoints.webmansec.http.tls.certResolver=myresolver
# ACME configuration
- --certificatesresolvers.myresolver.acme.dnschallenge=true
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=${DNS_PROVIDER}
- --certificatesresolvers.myresolver.acme.caserver=${CA_SERVER}
- --certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
# Enable dashboard
- --api.dashboard=true
ports:
- "80:80"
- "443:443"
- "8080:8080"
- "8443:8443"
labels:
traefik.enable: true
traefik.http.routers.traefik.rule: Host(`traefik-ui.${FQDN}`)
traefik.http.routers.traefik.entrypoints: web,websecure
traefik.http.routers.traefik.service: api@internal
environment:
- ${DNS_API_USER}
- ${DNS_API_KEY}
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
- "/var/log/traefik:/var/log"
whoami01:
image: traefik/whoami
container_name: whoami01
labels:
traefik.enable: true
traefik.http.routers.whoami01.rule: Host(`whoami01.${FQDN}`)
traefik.http.routers.whoami01.entrypoints: web,websecure
whoami02:
image: traefik/whoami
container_name: whoami02
labels:
traefik.enable: true
traefik.http.routers.whoami02.rule: Host(`whoami02.${FQDN}`)
traefik.http.routers.whoami02.entrypoints: webman,webmansec
networks:
default:
external: true
name: traefik
Also, I recommend using a dedicated domain (or subdomain) for the admin routes instead of playing with ports.
A version just to locally try it quickly
version: "3.7"
services:
traefik:
image: traefik:v2.6
container_name: traefik
restart: always
command:
- --log.level=debug
- --providers.docker=true
- --providers.docker.exposedbydefault=false
# Configure entrypoints
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls=true
- --entrypoints.webman.address=:8080
- --entrypoints.webman.http.redirections.entrypoint.to=webmansec
- --entrypoints.webman.http.redirections.entrypoint.scheme=https
- --entrypoints.webmansec.address=:8443
- --entrypoints.webmansec.http.tls=true
# Enable dashboard
- --api.dashboard=true
ports:
- "80:80"
- "443:443"
- "8080:8080"
- "8443:8443"
labels:
traefik.enable: true
traefik.http.routers.traefik.rule: Host(`traefik-ui.localhost`)
traefik.http.routers.traefik.entrypoints: web,websecure
traefik.http.routers.traefik.tls: true
traefik.http.routers.traefik.service: api@internal
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami01:
image: traefik/whoami
container_name: whoami01
labels:
traefik.enable: true
traefik.http.routers.whoami01.rule: Host(`whoami01.localhost`)
traefik.http.routers.whoami01.entrypoints: web,websecure
whoami02:
image: traefik/whoami
container_name: whoami02
labels:
traefik.enable: true
traefik.http.routers.whoami02.rule: Host(`whoami02.localhost`)
traefik.http.routers.whoami02.entrypoints: webman,webmansec
$ curl -k https://whoami01.localhost
Hostname: f9e69363d297
IP: 127.0.0.1
IP: 172.18.0.2
RemoteAddr: 172.18.0.3:36632
GET / HTTP/1.1
Host: whoami01.localhost
User-Agent: curl/7.81.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 172.18.0.1
X-Forwarded-Host: whoami01.localhost
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: c1dc21278a9a
X-Real-Ip: 172.18.0.1
$ curl -k https://whoami02.localhost:8443
Hostname: a27602523f38
IP: 127.0.0.1
IP: 172.18.0.4
RemoteAddr: 172.18.0.3:58070
GET / HTTP/1.1
Host: whoami02.localhost:8443
User-Agent: curl/7.81.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 172.18.0.1
X-Forwarded-Host: whoami02.localhost:8443
X-Forwarded-Port: 8443
X-Forwarded-Proto: https
X-Forwarded-Server: c1dc21278a9a
X-Real-Ip: 172.18.0.1
1 Like
system
Closed
March 3, 2022, 5:13pm
4
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.