Issue Abstract
So I'm struggling to understand what in the below configuration to a docker swarm of Traefik, docker-socket-proxy, and Swarmpit. The Træfik panel is routing successfully through itself to the internet however Swarmpit configured roughly the same is failing I'm not sure what I'm doing wrong.
Is there a one size fits all clump of docker labels that can be applied to most https based endpoint web apps? In Træfik 1.7 I could simply slap some variant of this section of labels into a docker stack file (docker-compose) and it would work 99% of the time without hiccup.
deploy:
replicas: 1
placement:
constraints:
- node.labels.web == true
# preferences:
# - spread: node.id
labels:
- traefik.backend=app
- traefik.backend.loadbalancer.swarm=true
- traefik.backend.loadbalancer.stickiness=false
- "traefik.frontend.rule=Host:app.example.com"
- traefik.enable=true
- traefik.port=7777
- traefik.tags=traefik
- traefik.docker.network=traefik
# Traefik service that listens to HTTP
- traefik.redirectorservice.frontend.entryPoints=http
- traefik.redirectorservice.frontend.redirect.entryPoint=https
# Traefik service that listens to HTTPS
- traefik.webservice.frontend.entryPoints=https
- traefik.frontend.auth.basic.users=REDACTED:REDACTED
My test environment.
Traefik 2.X configurations
traefik.yml [docker-compose.yml]
create networks
docker network create --driver=overlay traefik
docker network create --driver=overlay docker-socket
create and deploy dockersocket proxy
docker stack deploy -c dockersocket.yml dockersocket
Deploy Traefik 2.x
docker stack deploy -c traefik.yml traefik
version: "3.7"
services:
traefik:
image: traefik:v2.3.4
command:
# Docker swarm configuration
# - "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.endpoint=http://dockersocket:2375"
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=traefik"
# Configure entrypoint
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
# SSL configuration
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencryptresolver.acme.email=admin@example.com"
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
# Global HTTP -> HTTPS
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
# Enable dashboard
- "--api.dashboard=true"
ports:
- target: 80
published: 80
protocol: tcp
# mode: host
- target: 443
published: 443
protocol: tcp
# mode: host
volumes:
# To persist certificates
- /root/traefik/conf:/letsencrypt
# So that Traefik can listen to the Docker events
# - /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- traefik
# - docker-socket
deploy:
placement:
constraints:
- node.labels.role == web
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.services.traefik.loadbalancer.server.port=888" # required by swarm but not used.
- "traefik.http.routers.traefik.rule=Host(`monitor.example.com`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.traefik.service=api@internal"
# - "traefik.http.routers.traefik.middlewares=traefik-auth"
# - "traefik.http.middlewares.traefik-auth.basicauth.users=REDACTED:REDACTED"
logging:
driver: "gelf"
options:
gelf-address: "udp://log.example.com:12201"
tag: "traefik_traefik"
# docker network create --driver=overlay traefik
networks:
traefik:
external: true
name: traefik
docker-socket:
external: true
traefik.yml [Traefik Config]
entryPoints:
web:
address: ":80"
api:
dashboard: true
providers:
docker:
swarmMode: true
exposedByDefault: false
endpoint: 'http://dockersocket:2375'
log:
level: INFO
filePath: /opt/traefik/logs/traefik.log
accessLog:
filePath: /opt/traefik/logs/access.log
Swarmpit
Deploy swarmpit to docker swarm
docker stack deploy -c swarmpit.yml swarmpit
swarmpit.yml [docker-compose.yml]
version: '3.7'
services:
app:
image: swarmpit/swarmpit:latest
environment:
- SWARMPIT_DB=http://db:5984
- SWARMPIT_INFLUXDB=http://influxdb:8086
- SWAMPIT_DOCKER_SOCK=http://dockersocket:2375
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 888:8080
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080"]
interval: 60s
timeout: 10s
retries: 3
networks:
- net
deploy:
labels:
## Traefik 2.x
- "traefik.enable=true"
- "traefik.http.routers.swarmpit.tls=true"
- "traefik.http.services.swarmpit.loadbalancer.server.port=8080"
- "traefik.http.routers.swarmpit.rule=Host(`swarmpit.example.com`)"
- "traefik.http.routers.swarmpit.entrypoints=websecure"
- "traefik.http.routers.swarmpit.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.swarmpit.service=swarmpit"
# - "traefik.http.routers.swarmpit.middlewares=swarmpit-header"
# - "traefik.http.middlewares.swarmpit-header.headers.customresponseheaders.X-swarmpit-Server-URL=https://swarmpit.example.com/"
- "traefik.docker.network=traefik"
resources:
limits:
cpus: '0.50'
memory: 1024M
reservations:
cpus: '0.25'
memory: 512M
placement:
constraints:
- node.role == manager
db:
image: couchdb:2.3.0
volumes:
- db-data:/opt/couchdb/data
networks:
- net
deploy:
resources:
limits:
cpus: '0.30'
memory: 256M
reservations:
cpus: '0.15'
memory: 128M
influxdb:
image: influxdb:1.7
volumes:
- influx-data:/var/lib/influxdb
networks:
- net
deploy:
resources:
limits:
cpus: '0.60'
memory: 512M
reservations:
cpus: '0.30'
memory: 128M
agent:
image: swarmpit/agent:latest
environment:
- DOCKER_API_VERSION=1.35
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- net
deploy:
mode: global
labels:
swarmpit.agent: 'true'
resources:
limits:
cpus: '0.10'
memory: 64M
reservations:
cpus: '0.05'
memory: 32M
networks:
net:
driver: overlay
traefik:
external: true
docker-socket:
external: true
volumes:
db-data:
driver: local
influx-data:
driver: local
Docker Socket Proxy
dockersocket.yml [docker-socket-proxy]
version: "3.7"
services:
dockersocket:
image: tecnativa/docker-socket-proxy
networks:
- docker-socket
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
- NETWORKS=1
- SERVICES=1
- TASKS=1
deploy:
placement:
constraints:
- node.role == manager
# docker network create --driver=overlay docker-socket
networks:
docker-socket:
driver: overlay
external: true
driver_opts:
encrypted: 'true'