What am I doing wrong? (Portainer/Traefik./Macvlan)

Traefik Traefik v2 (latest)
1

Having waited for Lego 3.7.0 in 2.2.4, I dived in yesterday to have a play, and (possibly due to the late hour!) got stuck.

I'm running Portainer as my main GUI, under Debian Stretch (OpenMediaVault) with Docker 19.03.12. Portainer has access to /var/run/docker.dock via a bind mount and is quite happy with 16 containers running (one of which is Traefik 2.2.4)

I've run the Traefik image "as is" and the only ENV it has is PATH. It has 3 bind mounts, one for traefik.yml (see below) as config, one for traefik.log and one for /var/run/docker.sock

When I fire up traefik (via Portainer) the stdout/portainer log shows:

time="2020-07-10T23:21:16Z" level=info msg="Configuration loaded from file: /traefik.yml",

I can see the dashboard, and the web/websecure/traefik entrypoints defined in my yml, but nothing in providers from docker.

I have then used Portainer to add the following labels to my emoncms container

traefik.enable = true
traefik.http.routers.emoncms.entrypoints = web
traefik.http.routers.emoncms.rule = Host(`emoncms.myFQDNhere`)

I've restarted Portainer, EmonCMS and Docker - and traefik shows nothing - no new http/web router or anything.

traefik.yml below.

What blindingly stupid thing am I overlooking please?

################################################################
#
# Configuration sample for Traefik v2.
#
################################################################

################################################################
# Global configuration
################################################################
global:
  checkNewVersion: true
  sendAnonymousUsage: false

  # Enabling domain fronting
  # insecureSNI = true

################################################################
# Entrypoints configuration
################################################################

# Entrypoints definition
#
# Optional
# Default:

entryPoints:
  entryPoints.web:
    address: ":80"

  entryPoints.websecure:
    address: ":443"

################################################################
# Traefik logs configuration
################################################################

# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
log:

  # Log level
  #
  # Optional
  # Default: "ERROR"
  #
  level: DEBUG

  # Sets the filepath for the traefik log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
  #
  # Optional
  # Default: os.Stdout
  #
  filePath: /traefik.log

  # Format is either "json" or "common".
  #
  # Optional
  # Default: "common"
  #
  format: common

################################################################
# Access logs configuration
################################################################

# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
# [accessLog]

  # Sets the file path for the access log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
  #
  # Optional
  # Default: os.Stdout
  #
  # filePath = "/path/to/log/log.txt"
  #
  # Format is either "json" or "common".
  #
  # Optional
  # Default: "common"
  #
  # format = "json"

################################################################
# API and dashboard configuration
################################################################

# Enable API and dashboard
api:

  # Enable the API in insecure mode
  #
  # Optional
  # Default: false
  #
  insecure: true

  # Enabled Dashboard
  #
  # Optional
  # Default: true
  #
  dashboard: true

################################################################
# Ping configuration
################################################################

# Enable ping
ping:

  # Name of the related entry point
  #
  # Optional
  # Default: "traefik"
  #
  entryPoint: traefik

################################################################
# Docker configuration backend
################################################################

# Enable Docker configuration backend
providers.docker:

  # Docker server endpoint. Can be a tcp or a unix socket endpoint.
  #
  # Required
  # Default: "unix:///var/run/docker.sock"
  #
  # endpoint = "tcp://10.10.10.10:2375"
  endpoint: "unix:///var/run/docker.sock"

  # Default host rule.
  #
  # Optional
  # Default: "Host(`{{ normalize .Name }}`)"
  #
  # defaultRule: "Host(`{{ normalize .Name }}.docker.localhost`)"

  defaultRule: "Host(`{{ normalize .Name }}`).myFQDNhere`)"

  # Expose containers by default in traefik
  #
  # Optional
  # Default: true
  #
  exposedByDefault: true
  network: DockerLAN

"DockerLAN" is the name of my Docker macvlan network

2

This does not look like a proper traefik configuration file to me, where did you get it from? See example here.

3

Via the GitHub site :

The example you link looks to be static - I was aiming/hoping for the thing to autodiscover at least the container I'd set with traefik enable?

4

But this is toml. Yours is yaml. I think you converted incorrectly.

5

Quite possible - although I can't see the a yaml version
I've used the toml (as is) and rebound the volume and now I have port errors, so that's progress :slight_smile:

6

So now it's picked up my one exposed container, with web and websecure entrypoints (after I defined the loadBalancer URL) but any access to the defined Host SNI (secure or not) drops to a 404 not found - although it seems to have the router/service and private URL working (And I can access the private URL from the host direct).

7

Yeah, you have to post your configs, and tell what urls are you trying to access while getting 404.

8

So, the 404 relates to a very simple (but, from what I can see) not documented for my setup, issue :slight_smile:

As noted, I'm using Portainer, which sticks generated containers on a SINGLE network, which (as noted) was my macvlan network.

When I took target containers off macvlan and moved them to "bridge", my traefik instance remained on my macvlan

Traefik was building the routers fine, but no connections were happening.
Within Portainer, I have added Traefix to the bridge network as well as it's default macvlan network, and lo, "it works".

For anyone reading this using Portainer, when you setup a container, you assign it to a network, and the network tab within your container settings will only allow you to select ONE network.

However, if you click on the container name from within the "Containers" tab, at the bottom, you can select a target network (i.e. bridge) and "Join Network" - this will add a second network, and allow traefik to see both.

I've also got LEGO wired up today (having waited for 2.2.4 with LEGO 3.7.0) and apart from punching a specific hole in my firewall for my resolvers (as pihole was caching stuff) it's working :slight_smile: