Hi
I'm running Grafana behind Traefik on a docker setup. So far everything is working well.
Due to internal "issues" with the "main"-domain (internal.com) we created a second one (internal.de).
This (internal.de)-domain is being served with the .com-certificate.
I don't find any errors or mistakes. Hope you will ..
docker-compose:
version: '3'
services:
traefik:
# The official v2 Traefik docker image
image: traefik:v2.9
container_name: "traefik"
restart: always
# Enables the web UI and tells Traefik to listen to docker
command:
--api.insecure=true
--providers.docker=true
--providers.docker.watch=true
--entryPoints.port443.address=:443
--entryPoints.port80.address=:80
--entryPoints.influxDB.address=:8086
--entryPoints.prometheus.address=:9090
--providers.file.directory=/configuration/
--providers.file.watch=true
--log.filePath=/etc/traefik/traefik.log
--log.format=json
--accesslog.filepath=/etc/traefik/access.log
--tracing=true
--tracing.serviceName=traefik
ports:
# The HTTP port
- "80:80"
- "443:443"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
# InfluxDB
- "8086:8086"
# Prometheus
- "9090:9090"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
- /D/docker/iotstack/traefik/etc/:/etc/traefik/
- /D/docker/iotstack/traefik/configuration/:/configuration/
- /D/docker/iotstack/traefik/configuration/certs/:/etc/certs/:ro
networks:
- iotstack
grafana:
container_name: "grafana"
restart: always
labels:
# SSL redirect requires a separate router (https://github.com/containous/traefik/issues/4688#issuecomment-477800500)
- "traefik.http.routers.grafana.entryPoints=port80"
- "traefik.http.routers.grafana.rule=host(`internal.com`,`internal.de`)"
- "traefik.http.middlewares.grafana-redirect.redirectScheme.scheme=https"
- "traefik.http.middlewares.grafana-redirect.redirectScheme.permanent=false"
# SSL endpoint
- "traefik.http.routers.grafana-ssl.entryPoints=port443"
- "traefik.http.routers.grafana-ssl.rule=host(`internal.com`,`internal.de`)"
- "traefik.http.routers.grafana-ssl.tls=true"
- "traefik.http.routers.grafana-ssl.service=grafana-ssl"
- "traefik.http.services.grafana-ssl.loadBalancer.server.port=3000"
image: grafana/grafana:latest
volumes:
- /D/docker/iotstack/grafana/data:/var/lib/grafana
- /D/docker/iotstack/grafana/conf:/etc/grafana
environment:
- GF_AUTH_ANONYMOUS_ENABLED=false
- GF_SERVER_ROOT_URL=https://internal.com
- GF_SERVER_DOMAIN=internal.com
- GF_USERS_ALLOW_SIGN_UP=false
- GF_SECURITY_ADMIN_USER=xxx
- GF_SECURITY_ADMIN_PASSWORD=***
- GF_INSTALL_PLUGINS=grafana-piechart-panel,yesoreyeram-infinity-datasource
networks:
- iotstack
.....
networks:
iotstack:
external: true
certificates.yml in
tls:
certificates:
- certFile: /etc/certs/internal.com.cer
keyFile: /etc/certs/internal.com.key
stores:
- default
- certFile: /etc/certs/internal.de.cer
keyFile: /etc/certs/internal.de.key
stores:
- default
# options:
# default:
# sniStrict: true
stores:
default:
defaultCertificate:
certFile: /etc/certs/internal.com.cer
keyFile: /etc/certs/internal.com.key