This is a misconfiguration because I am moving from Caddy and have all my containers automatically configured by default, including the ones that do not serve HTTPS*. This is fine, I was browsing through the dashboard to explicitly disable them via a traefik.enable=false label.
What made me wonder, however, is that the state of this service is reported as OK.
This would suggest that the endpoint 192.168.48.19:1883 responds with a correct HTTP message. It does not - 192.168.48.19:1883 is a MQTT bus with a binary protocol (not HTTP).
In that case, what does the successful checkmark mean? That 192.168.48.19 is simply reachable? Is this something I can configure to actually assess whether the service responds correctly?
*I know I can also serve TCP which is very interesting but I will look at that later
This is what I use for now (but this will get neater with time, as I clean up after the move from Caddy - among others, since I am unfortunately forced to use a static file I will move the command part there)
The docker compose configuration
traefik:
image: traefik:latest
command:
# general
- --providers.file.filename=/config/config.yml
- --log.level=DEBUG
- --api.insecure=true
- --providers.docker.exposedByDefault=true
# Tell Traefik to discover containers using the Docker API
- --providers.docker=true
# Enable the Trafik dashboard
- --api.dashboard=true
# Set up LetsEncrypt
- --certificatesresolvers.letsencrypt.acme.dnschallenge=true
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=ovh
- --certificatesresolvers.letsencrypt.acme.email=XXX
- --certificatesresolvers.letsencrypt.acme.storage=/config/acme.json
# Set up an insecure listener that redirects all traffic to TLS
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
# Set up the TLS configuration for our websecure listener and wildcard
- --entryPoints.websecure.address=:443
- --entrypoints.websecure.http.tls=true
- --entryPoints.websecure.asDefault=true
- --entrypoints.websecure.http.tls.certResolver=letsencrypt
- --entrypoints.websecure.http.tls.domains[0].main=swtk.eu
- --entrypoints.websecure.http.tls.domains[0].sans=*.swtk.eu
# force all traffic through authelia
- --entryPoints.websecure.http.middlewares=authelia@docker
# Send anonymous usage data
- --global.sendAnonymousUsage
## Please see the Forwarded Header Trust section of the Authelia Traefik Integration documentation.
- --entryPoints.http.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fc00::/7
- --entryPoints.http.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fc00::/7
- --entryPoints.http.forwardedHeaders.insecure=false
- --entryPoints.http.proxyProtocol.insecure=false
# default rule for the routing
- --providers.docker.defaultRule=Host(`{{ splitList "-" .Name | mustFirst }}.swtk.eu`)
ports:
- 80:80
- 443:443
- 18080:8080
environment:
- OVH_ENDPOINT=https://eu.api.ovh.com/v1
- OVH_APPLICATION_KEY=XXX
- OVH_APPLICATION_SECRET=XXX
- OVH_CONSUMER_KEY=XXX
- TZ=Europe/Paris
volumes:
- traefik:/config
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/localtime:/etc/localtime:ro
