I'm trying out traefik and developing a dummy plugin right now. After countless of errors, I finally get rid all of the errors and don't get any error anymore.
But, the plugin doesn't work as intended. It doesn't throw errors, but it doesn't seem to work either. Is there any way to confirm that the Plugin actually runs? By "running", I mean that I configure it properly, but the function just doesn't return what I want.
This is the output after running the docker compose.
echo-server | Echo server listening on port 8080.
traefik-proxy | time="2022-03-21T07:58:28Z" level=info msg="Configuration loaded from flags."
That's just it. No errors, no exit. And it throws a GET log after refreshing the web page, so I assume there are no errors blocking the code. But I'm still not what's wrong. Is it the plugin code or the configuration?
If this is necessary, this is some of my codes:
# docker-compose.yml
version: "3.3"
networks:
traefik-proxy:
volumes:
traefik-proxy:
services:
traefik-proxy:
image: "traefik:latest"
container_name: "traefik-proxy"
networks:
- traefik-proxy
command:
# - "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--experimental.localPlugins.traefik-denyuseragent.modulename=github.com/xxx/denyuseragent"
ports:
- "80:80"
- "8080:8080"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./plugins-local/:/plugins-local/
echo-server:
image: "xxx/echo-server"
container_name: "echo-server"
networks:
- traefik-proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.echoserver.rule=Host(`echoserver.localhost`)"
- "traefik.http.routers.echoserver.entrypoints=web"
- "traefik.http.routers.echoserver.middlewares=traefik-denyuseragent"
# .traefik.yml
displayName: Plugin
type: middleware
import: github.com/xxx/denyuseragent
summary: 'Example'
testData:
userAgent:
- Firefox
- Mozilla/5.0
# traefik.yml
experimental:
localPlugins:
traefik-denyuseragent:
modulename: "github.com/xxx/denyuseragent"
# config.yml
http:
routers:
my-router:
rule: host(`echoserver.localhost`)
service: service-echoserver
entryPoints:
- web
middlewares:
- traefik-denyuseragent
services:
service-echoserver:
loadBalancer:
servers:
- url: http://127.0.0.1:5000
middlewares:
traefik-denyuseragent:
plugin:
traefik-denyuseragent:
userAgent:
- Mozilla/5.0
Anyone can confirm if it could work properly or not? Is there some kinds of code I can run to make sure if the Plugin is configured properly or not? Because it'd be great if it is so I can move on to another task, I've spent days just try to configure it.
I just wanna know if the problem is on the plugin or the configuration.
Related
I have a ASP.Net core Razor app that calls an api called TokenAPI, as well as another API called DevOps that calls the Token API, using the Service Invocation block. All of these are hosted in DAPR.
The web app and 2 APIs are hosted locally with Docker Compose. The web app can sucessfully call the Token API using the service invocation block, but the DevOps API fails with
"Exception":"System.Net.Http.HttpRequestException: Connection refused (127.0.0.1:3500)"
I am at a loss as to why this is not working and have been comparing the configuration in my docker-compose file, but cannot figure out why the web-to-api works, whilst the api-to-api fails. Both the Web App and DevOps api uses the same code and config used to call the Token API when creating calling CreateInvokeHttpClient during app startup. So, with code being te same, the only place I can think of, must be the docker-compose:
cas.tokens.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://+:80;https://+:443
ports:
- "5105:80"
- "5115:443"
- "50005:50001"
volumes:
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
networks:
- mynetwork
cas.devops.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://+:80;https://+:443
ports:
- "5106:80"
- "5116:443"
- "50006:50001"
volumes:
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
networks:
- mynetwork
cas.web:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
ports:
- "5111:443"
volumes:
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
networks:
- mynetwork
castokensapi-dapr:
command: ["./daprd",
"-app-id", "tokensapi",
"-app-port", "80", --enable-api-logging,
"-dapr-http-port", "3605",
"-placement-host-address", "dapr-placement:50000",
"-components-path", "/components",
"-config", "/configuration/config.yaml"
]
volumes:
- "./dapr/components/:/components"
- "./dapr/configuration/:/configuration"
casdevopsapi-dapr:
command: ["./daprd",
"-app-id", "devopsapi",
"-app-port", "80", --enable-api-logging,
"-dapr-http-port", "3606",
"-placement-host-address", "dapr-placement:50000",
"-components-path", "/components",
"-config", "/configuration/config.yaml"
]
volumes:
- "./dapr/components/:/components"
- "./dapr/configuration/:/configuration"
casweb-dapr:
command: [
"./daprd",
"-app-id", "casweb", --enable-api-logging,
"-placement-host-address", "dapr-placement:50000",
"-components-path", "/components",
"-config", "/configuration/config.yaml"
]
volumes:
- "./dapr/components/:/components"
- "./dapr/configuration/:/configuration"
I am confused as to why DAPR resolves the endpoint to be 127.0.0.1:3500 instead of 127.0.0.1:3605, as per the config?
Below is a screenshot of what the app-id resolves for both service invocations from web-to-api to api-to-api.
The issue seems to be that the service location is either not working or, there is something more fundamental that I misunderstand.
Any help is much appreciated
[UPDATE]
I managed to get this to work, but not entirely sure why yet lol. Removing the "-dapr-http-port" fixes this issue, but I would still like to know why.
Will post here when I know more.
-Mike
I try to proxy a dockware container through traefik.
The error is an internal server error (500).
Is it necessary to change the domainname at all? If so, how can I change the domain name?
Docker compose for shopware
version: "3"
services:
shopwaretest:
image: dockware/play:latest
container_name: shopwaretest
restart: always
volumes:
- "db_shopwaretest:/var/lib/mysql"
- "shopwaretest:/var/www/html"
- ./hosts:/etc/hosts
networks:
- proxy
environment:
- XDEBUG_ENABLED=0
- PHP_VERSION=8.0
labels:
- "traefik.enable=true"
- "traefik.http.routers.shopwaretest-http.rule=Host(`example.com`)"
- "traefik.http.routers.shopwaretest-http.entrypoints=http"
- "traefik.http.routers.shopwaretest-http.service=shopwaretest-http-service"
- "traefik.http.services.shopwaretest-http-service.loadbalancer.server.port=80"
- "traefik.http.routers.shopwaretest-https.rule=Host(`example.com`)"
- "traefik.http.routers.shopwaretest-https.entrypoints=https"
- "traefik.http.routers.shopwaretest-https.service=shopwaretest-https-service"
- "traefik.http.services.shopwaretest-https-service.loadbalancer.server.port=80"
- "traefik.http.routers.shopwaretest-https.tls=true"
- "traefik.http.routers.shopwaretest-http.middlewares=redirect#file"
- "traefik.http.routers.shopwaretest-https.tls.certresolver=http"
volumes:
db_shopwaretest:
driver: local
shopwaretest:
driver: local
networks:
proxy:
external: true
If you get an internal server error, please check the server logs.
You can manually change the domain name in the sales_channel_domain table.
The problem might be, that SSL is terminated on traefik and Shopware does not detect this - if this is the problem, you might need to set the TRUESTED_PROXIES variable to the IP of your traefik server/container.
Since upgrading to Portainer v2, the icons would suddenly not load anymore. I can still access Portainer (which is proxied by Traefik), but after a bit of testing, I noticed, only / would be forwarded. If a path was given, Traefik would throw a 404 error. This is a problem because Portainer loads the fonts from eg. /b15db15f746f29ffa02638cb455b8ec0.woff2.
There is one issue about this on Github, but I don't really know what to do with that information: https://github.com/portainer/portainer/issues/3706
My Traefik configuration
version: "2"
# Manage domain access to services
services:
traefik:
container_name: traefik
image: traefik
command:
- --api.dashboard=true
- --certificatesresolvers.le.acme.email=${ACME_EMAIL}
- --certificatesresolvers.le.acme.storage=acme.json
# Enable/Disable staging by commenting/uncommenting the next line
# - --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.le.acme.dnschallenge=true
- --certificatesresolvers.le.acme.dnschallenge.provider=cloudflare
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --global.sendAnonymousUsage
- --log.level=INFO
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=traefik_proxy
restart: always
networks:
- traefik_proxy
ports:
- "80:80"
- "443:443"
dns:
- 1.1.1.1
- 1.0.0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./acme.json:/acme.json
# - ./acme-staging.json:/acme.json
environment:
CF_API_EMAIL: ${CLOUDFLARE_EMAIL}
CF_API_KEY: ${CLOUDFLARE_API_KEY}
labels:
- traefik.enable=true
- traefik.http.routers.traefik0.entrypoints=http
- traefik.http.routers.traefik0.rule=Host(`${TRAEFIK_URL}`)
- traefik.http.routers.traefik0.middlewares=to_https
- traefik.http.routers.traefik.entrypoints=https
- traefik.http.routers.traefik.rule=Host(`${TRAEFIK_URL}`)
- traefik.http.routers.traefik.middlewares=traefik_auth
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=le
- traefik.http.routers.traefik.service=api#internal
# Declaring the user list
#
# Note: all dollar signs in the hash need to be doubled for escaping.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
- traefik.http.middlewares.traefik_auth.basicauth.users=${TRAEFIK_USERS}
# Standard middleware for other containers to use
- traefik.http.middlewares.to_https.redirectscheme.scheme=https
- traefik.http.middlewares.to_https_perm.redirectscheme.scheme=https
- traefik.http.middlewares.to_https_perm.redirectscheme.permanent=true
networks:
traefik_proxy:
external: true
And my Portainer configuration
version: "2"
# Manage docker containers
services:
portainer:
container_name: portainer
image: portainer/portainer-ce
restart: always
networks:
- traefik_proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data/:/data/
labels:
- traefik.enable=true
- traefik.http.services.portainer.loadbalancer.server.port=9000
- traefik.http.routers.portainer0.entrypoints=http
- traefik.http.routers.portainer0.rule=Host(`${PORTAINER_URL}`)
- traefik.http.routers.portainer0.middlewares=to_https
- traefik.http.routers.portainer.entrypoints=https
- traefik.http.routers.portainer.rule=Host(`${PORTAINER_URL}`)
- traefik.http.routers.portainer.tls=true
- traefik.http.routers.portainer.tls.certresolver=le
networks:
traefik_proxy:
external: true
What do I have to change to make Traefik be able to forward the paths so that Portainer can load the icons?
Could you try flush your DNS Cache?
In Chrome 'chrome://net-internals/#dns' into URL bar and pressed enter.
Then click on 'Clear host cache'
Then refresh your portainer page
I noticed that there is also an Alpine version of Portainer.
After switching to that (image: portainer/portainer-ce:alpine), the icons seem to be working again. I don't know what the issue is with the regular image, but this solves it for now.
PS: I had tried to use the Access-Control header on Traefik, but that didn't help. I guess it's a problem with Portainer's code itself.
If someone else is facing this issue, I resolved this by deleting my Browser Cache or just do a full Refresh with CTRL+Shift+R
I have been using Traefik as a reverse proxy for several containers managed through docker compose. It has been working well but I'm having some difficulty getting graylog running properly behind it.
This config (excerpt of the complete file, removed irrelevant services) works for me
version: '3'
services:
traefik:
image: traefik
command: --docker
networks:
- web
ports:
- "80:80"
- "8080:8080"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
graylog:
image: graylog/graylog:3.0
environment:
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
- GRAYLOG_ROOT_PASSWORD_SHA2=somestuffhere
- GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
- GRAYLOG_HTTP_EXTERNAL_URI=http://graylog.localhost/
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
networks:
- web
- default
ports:
- 9000:9000
- 1514:1514
- 1514:1514/udp
- 12201:12201
- 12201:12201/udp
labels:
- "traefik.docker.network=web"
- "traefik.web.frontend.rule=Host:graylog.localhost"
- "traefik.protocol=http"
- "traefik.port=9000"
- "traefik.enable=true"
I can then access graylog in my browser at http://graylog.localhost/
The problem occurs because I can't use domains like this in my staging env. What I have had to use is paths rather than domains e.g. the swagger service in my staging env is defined as
swagger:
image: swaggerapi/swagger-ui
environment:
SWAGGER_JSON: /swagger/staging-openapi.yaml
BASE_URL: /swagger
volumes:
- /home/ubuntu/src/carelink_swagger_service:/swagger
networks:
- web
- default
labels:
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:my.staging.domain.org; PathPrefix: /swagger"
- "traefik.protocol=http"
- "traefik.port=8080"
- "traefik.enable=true"
and I access services like this https://my.staging.domain.org/swagger/
Trying to adopt this approach for graylog
graylog:
image: graylog/graylog:3.0
environment:
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
- GRAYLOG_ROOT_PASSWORD_SHA2=somestuffhere
- GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
- GRAYLOG_HTTP_EXTERNAL_URI=http://localhost/graylog/
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
networks:
- web
- default
ports:
- 9000:9000
- 1514:1514
- 1514:1514/udp
- 12201:12201
- 12201:12201/udp
labels:
- "traefik.docker.network=web"
- "traefik.web.frontend.rule=Host:localhost; PathPrefix: /graylog"
- "traefik.protocol=http"
- "traefik.port=9000"
- "traefik.enable=true"
and I get the following errors
I have gone through this Q/A, similar entries on the graylog forums etc. but I feel like I'm chasing my tail.
It's for Traefik 2.x but I think that you'll manage to convert your rules:
labels:
- "traefik.http.routers.graylog.rule=PathPrefix(`/graylog`)"
- "traefik.http.routers.graylog.middlewares=graylog3#docker,graylog2#docker,graylog#docker"
- "traefik.http.middlewares.graylog3.stripprefix.prefixes=/graylog"
- "traefik.http.middlewares.graylog2.redirectregex.regex=^(.*)/graylog$$"
- "traefik.http.middlewares.graylog2.redirectregex.replacement=$$1/graylog/"
- "traefik.http.middlewares.graylog.replacepathregex.regex=^/graylog/(.*)"
- "traefik.http.middlewares.graylog.replacepathregex.replacement=^/$$1"
- "traefik.http.routers.graylog.service=graylog"
- "traefik.http.services.graylog.loadbalancer.server.port=9000"
- "traefik.docker.network=traefik"
I want to modify the endpoints of my URL, while it goes from traefik to one of my containers. What I want is this.
My URL looks like this - http://backend/asd and it should point to one of my containers with different endpoint like this - http://asd/dfg
What I tried -
asd:
image: asd
container_name: "asd"
labels:
- "traefik.backend=asd"
- "traefik.frontend.rule=Host:backend;PathPrefixStrip:/asd,PathPrefix:/dfg"
- "traefik.frontend.entryPoints=http"
- "traefik.enable=true"
- "traefik.port=80"
But this didn't work. Any suggestions are welcome.
Regards,
Ashutosh
Are you including a Traefik-docker-image in your docker-compose, like so?
traefik:
image: traefik
ports:
- 8080:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command:
- "--docker"
For your path-replacement "/asd" -> "/dfg", Traefik's ReplacePath-modifier should do the trick. This following docker-label is the only, you will need:
labels:
- "traefik.frontend.rule=Path: /asd; ReplacePath: /dfg"
Having this setup, doing
curl http://localhost:8080/asd
should return the HTTP-response from your "asd"-container on path "/dfg"