I am using traefik as a reverse proxy for my infra. I want to deploy with docker compose, a stack like that :
Traefik : Reverse proxy
Nextcloud
Redis : Nextcloud cache
Postgres : Nnextcloud Db
Gogs : VCS
Postgres : Gogs Db
My compose is the following :
version: "3.3"
volumes:
nextcloud-www:
driver: local
nextcloud-db:
driver: local
nextcloud-redis:
driver: local
letsencrypt:
driver: local
gogs-data:
driver: local
gogs-db:
driver: local
services:
#Traefik
traefik:
image: traefik
container_name: traefik
restart: unless-stopped
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=myemail#email.email"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- nextcloud
- gogs
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- letsencrypt:/letsencrypt
labels:
traefik.enable: true
# Nextcloud
nextcloud:
image: nextcloud
container_name: nextcloud
restart: unless-stopped
networks:
- nextcloud
depends_on:
- nextcloud_redis
- nextcloud_db
labels:
traefik.enable: true
traefik.http.routers.nextcloud.middlewares: nextcloud,nextcloud_redirect
traefik.http.routers.nextcloud.tls.certresolver: myresolver
traefik.http.routers.nextcloud.rule: Host(`cloud.mydomain.fr`)
traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue: ALLOW-FROM https://mydomain.fr
traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy: frame-ancestors 'self' mydomain.fr *.mydomain.fr
traefik.http.middlewares.nextcloud.headers.stsSeconds: 155520011
traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains: true
traefik.http.middlewares.nextcloud.headers.stsPreload: true
traefik.http.middlewares.nextcloud_redirect.redirectregex.regex: /.well-known/(card|cal)dav
traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement: /remote.php/dav/
environment:
POSTGRES_HOST: nextcloud_db
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: password
NEXTCLOUD_ADMIN_USER: dimitri_admin
NEXTCLOUD_ADMIN_PASSWORD: password
REDIS_HOST: nextcloud_redis
NEXTCLOUD_TRUSTED_DOMAINS: cloud.mydomain.fr
TRUSTED_PROXIES: 172.18.0.0/16
volumes:
- nextcloud-www:/var/www/html
# Nextcloud Db
nextcloud_db:
image: postgres
container_name: nextcloud_db
restart: unless-stopped
networks:
- nextcloud
environment:
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: password
volumes:
- nextcloud-db:/var/lib/postgresql/data
# Nextcloud Redis
nextcloud_redis:
image: redis
container_name: nextcloud_redis
restart: unless-stopped
networks:
- nextcloud
volumes:
- nextcloud-redis:/var/lib/redis
# Gogs
gogs:
image: gogs/gogs-rpi
container_name: gogs
restart: unless-stopped
networks:
- gogs
depends_on:
- gogs_db
labels:
traefik.enable: true
traefik.http.services.gogs.loadbalancer.server.port: 3000
traefik.http.routers.gogs.tls.certresolver: myresolver
traefik.http.routers.gogs.rule: Host(`git.mydomain.fr`)
environment:
# Postgres config
POSTGRES_HOST: gogs_db
POSTGRES_DB: gogs
POSTGRES_USER: gogs
POSTGRES_PASSWORD: password
volumes:
- gogs-data:/data
# Gogs database
gogs_db:
image: postgres
container_name: gogs_db
restart: unless-stopped
networks:
- gogs
environment:
POSTGRES_DB: gogs
POSTGRES_USER: gogs
POSTGRES_PASSWORD: password
volumes:
- gogs-db:/var/lib/postgresql/data
# Networks
networks:
nextcloud:
external: true
gogs:
external: true
The problem is the following :
The certificates are not generated for my websites.
How can i do it ?
Thanks !
Option 1: Use a wildcard...
https://docs.traefik.io/https/acme/#wildcard-domains
Option 2: Multiple certs...
Make multiple certresolvers and cert files (1 per domain) and use those in the services.
services:
traefik:
command:
- "--certificatesresolvers.myresolver1.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver1.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver1.acme.email=myemail#email.email"
- "--certificatesresolvers.myresolver1.acme.storage=/letsencrypt/domain1.json"
- "--certificatesresolvers.myresolver2.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver2.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver2.acme.email=myemail#email.email"
- "--certificatesresolvers.myresolver2.acme.storage=/letsencrypt/domain2.json"
nextcloud:
labels:
traefik.http.routers.nextcloud.tls.certresolver: myresolver1
gogs:
labels:
traefik.http.routers.gogs.tls.certresolver: myresolver2
Related
The whoami container deployed on 8082 port isn't redirecting
request: localhost:8082/rrt --> redirect: localhost:8082/ppka
but it isn't redirecting localhost:8082/ppka address. How can i solve this problem.
version: "3.7"
services:
traefik:
image: "traefik:v2.9"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "traefik/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.http.routers.whoami.rule=Host(`localhost`) && PathPrefix(`/rrt`)"
- "traefik.http.routers.whoami.middlewares=redirect-regex"
- "traefik.http.middlewares.redirect-regex.redirectregex.regex=/rrt"
- "traefik.http.middlewares.redirect-regex.redirectregex.replacement=/ppka"
- "traefik.http.middlewares.redirect-regex.redirectregex.permanent=false"
ports:
- "8082:80"
request: localhost:8082/rrt --> redirect: localhost:8082/ppka
I'm running a dotnet GRPC API (recipients-api) and I want to use grpcui to test it. Both services are been declared on a docker-compose file. I'm declaring grpcui as a dependant service of recipients-api, and as I need it to be fully available before grpcui can run, I'm also using a health probe to ensure it's alive. The problem is that it seems like recipients-api entry point is not been run, it's like the process were stuck waiting for the health check to be sucessfull before hiting the container entrypoint, so it alsways throws a timeout. Any clues?
Here is my docker-compose file:
version: '3.4'
services:
recipientservice-api:
image: ${DOCKER_REGISTRY-}dataintegrationrecipientserviceapi
container_name: recipientservice-api
build:
context: ..
dockerfile: ../src/DataIntegration.RecipientService.Api/Dockerfile
environment:
ASPNETCORE_ENVIRONMENT: "Development"
ASPNETCORE_URLS: "http://+:5000"
MongoDb__ConnectionString: mongodb://wfuser:MyPassw0rd_#mongodb:27017/RecipientService?tls=false
MongoDb__"Database": "RecipientService"
expose:
- "5000"
ports:
- "5000:5000"
depends_on:
- mongodb
networks:
- recipients-network
healthcheck:
test: ["CMD", "bin/grpc_health_probe", "-connect-timeout 10s", "-rpc-timeout 4s", "-addr=localhost:5000"]
interval: 2s
retries: 5
start_period: 15s
timeout: 10s
grpcui:
image: fullstorydev/grpcui
container_name: grpcui
depends_on:
recipientservice-api:
condition: service_healthy
command:
- -plaintext
- -vvv
- recipientservice-api:5000
networks:
- recipients-network
ports:
- "8080:8080"
mongodb:
image: mongo:5.0
container_name: "mongodb"
hostname: mongodb
environment:
MONGO_INITDB_ROOT_USERNAME: admin
MONGO_INITDB_ROOT_PASSWORD: MyPassw0rd_123
MONGO_INITDB_DATABASE: RecipientService
volumes:
- mongo-recipients:/var/opt/mongodb
- ./init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
ports:
- "27017:27017"
expose:
- 27017
networks:
- recipients-network
networks:
recipients-network:
name: recipients-network
driver: bridge
volumes:
mongo-recipients:
I am trying to install This docker image
which runs on port 3000 for http and 3001 for https.
I need to run just HTTP version on a LocalNetwork.
I am getting network error in browser console when upload test is running.
version: "3.3"
services:
traefik:
image: "traefik:v2.8"
container_name: "traefik"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "5000:80"
- "5001:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
openspeedtest:
image: "openspeedtest/latest"
container_name: "speedtest-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.openspeedtest.rule=Host(`unraid.vishnu.pro`)"
- "traefik.http.routers.openspeedtest.entrypoints=web"
I don't know why i need to add
"traefik.http.middlewares.limit.buffering.maxRequestBodyBytes
now it is working for me.
mytraefik yml
version: "3.9"
services:
traefik:
image: traefik:v2.8.0
container_name: traefik
command:
- --log.level=INFO
- --api.insecure=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
ports:
- 5000:80
- 5001:443
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
openspeedtest:
image: openspeedtest/latest
container_name: speedtest-service
labels:
- "traefik.enable=true"
- "traefik.http.routers.openspeedtest.rule=Host(`192.168.1.15`)"
- "traefik.http.routers.openspeedtest.entrypoints=web"
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=10000000000"
- "traefik.http.routers.openspeedtest.middlewares=limit"
- "traefik.http.routers.openspeedtest-https.rule=Host(`192.168.1.15`)"
- "traefik.http.routers.openspeedtest-https.entrypoints=websecure"
# - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=10000000000"
- "traefik.http.routers.openspeedtest-https.middlewares=limit"
- "traefik.http.routers.openspeedtest-https.tls=true"
- "traefik.http.routers.openspeedtest-https.tls.certresolver=leresolver"
I am new to Traefik but trying to migrate from jwilder/nginx-proxy and letsencrypt-companion to Traefik.
I have setup Traefik with this config file:
traefik.yml
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
api:
dashboard: true
insecure: true
certificatesResolvers:
le:
acme:
email: username#gmail.com
storage: acme.json
httpChallenge:
# used during the challenge
entryPoint: web
providers:
docker:
endpoint: unix:///var/run/docker.sock
exposedByDefault: false
docker-compose.yml
version: '3'
services:
traefik:
image: traefik:v2.2
restart: always
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /data/disk1/traefik/traefik.yml:/traefik.yml
- /data/disk1/traefik/acme.json:/acme.json
container_name: traefik
When starting one container on domain #1
docker-compose.yml
version: "3"
services:
confluence:
container_name: confluence
image: atlassian/confluence-server:7.6.2
volumes:
- /data/disk1/atlassian/application-data/confluence:/var/atlassian/application-data/confluence
ports:
- "8090:8090"
external_links:
- postgres:postgres
environment:
- CATALINA_CONNECTOR_PROXYNAME=confluence.tld
- CATALINA_CONNECTOR_PROXYPORT=443
- CATALINA_CONNECTOR_SCHEME=https
- CATALINA_CONNECTOR_SECURE=true
- VIRTUAL_HOST=confluence.tld
- VIRTUAL_NETWORK=web
- VIRTUAL_PORT=8090
- LETSENCRYPT_EMAIL=user#tld
- LETSENCRYPT_HOST=confluence.tld
labels:
- traefik.enable=true
- traefik.http.routers.confluence.rule=Host(`confluence.tld`)
- traefik.http.routers.confluence.tls=true
- traefik.http.routers.confluence.tls.certresolver=le
- traefik.http.routers.confluence.service=confluence
- traefik.http.services.confluence.loadbalancer.server.port=8090
networks:
- web
restart: always
networks:
web:
external:
name: web
It works perfect.
NOTE: I have kept the environment variables for jwilder/nginx-proxy for the time being
When launching another container with different tld I can't get that working.
E.g.
docker-compose.yml
version: "3"
services:
confluence:
container_name: myapp
image: nginx:latest
volumes:
- /data/disk1/myapp/www/:/usr/share/nginx/html:ro
- /data/disk1/myapp/conf/nginx.conf:/etc/nginx/nginx.conf:ro
ports:
- "9999:80"
environment:
- VIRTUAL_HOST=www.tld2,tld2
- VIRTUAL_NETWORK=web
- VIRTUAL_PORT=9999
- LETSENCRYPT_EMAIL=user#tld2
- LETSENCRYPT_HOST=www.tld2,tld2
labels:
- traefik.enable=true
- traefik.http.routers.myapp.rule=Host(`tld2`) || Host(`www.tld2`)
- traefik.http.routers.myapp.tls=true
- traefik.http.routers.myapp.tls.certresolver=le
- traefik.http.routers.myapp.service=tld2
- traefik.http.services.myapp.loadbalancer.server.port=9999
networks:
- web
restart: always
networks:
web:
external:
name: web
It doesn't work but everything looks OK in Traefik dashboard.
Any ideas?
There is an error in the second docker-compose.yml:
You define the router named mypp to use a service named tld2:
traefik.http.routers.myapp.service=tld2
but your service is named myapp:
traefik.http.services.myapp.loadbalancer.server.port=9999
This should have generated an error in Traefik's log regarding an unresolvable service.
To fix this, configure your router myapp to use the service myapp:
traefik.http.routers.myapp.service=myapp
I am using https://github.com/chop-dbhi/prometheus-sql for prometheus to execute sql queries. The containers are all up and running.
The value of query_result_example is always -1 (query-value-on-error = -1 as configured in prometheus-sql.yml)provided the actual value is 3.
I have executed the same query on Azure Data studio with same connection and credentials which returns 3.
I am unable to figure out where i am going wrong. Any help is appreciated.
docker-compose file:
prometheus:
image: prom/prometheus:v2.19.2
container_name: prometheus
volumes:
- ./prometheus:/etc/prometheus
- prometheus_data:/prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.retention.time=200h'
- '--web.enable-lifecycle'
restart: unless-stopped
ports:
- "9090:9090"
expose:
- 9090
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
sql-server-db:
container_name: sql-server-db
image: microsoft/mssql-server-linux:2017-latest
ports:
- "1433:1433"
expose:
- 1433
environment:
SA_PASSWORD: "Password"
ACCEPT_EULA: "Y"
sqlagent:
image: dbhi/sql-agent
container_name: sqlagent
ports:
- "5000:5000"
expose:
- 5000
prometheussql:
image: dbhi/prometheus-sql
container_name: prometheussql
volumes:
- ${PWD}/prometheus-sql.yml:/prometheus-sql.yml
- ${PWD}/test/queries.yml:/queries.yml
links:
- sqlagent:sqlagent
command: >
-service http://sqlagent:5000
-config /prometheus-sql.yml
ports:
- "8080:8080"
expose:
- 8080
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
queries.yml: (the below query has to return 3)
- example:
sql: >
select count(*) from MSreplication_options
interval: 5m
prometheus-sql.yml
defaults:
data-source: my-ds
query-interval: 10s
query-timeout: 5s
query-value-on-error: -1
# Defined data sources
data-sources:
my-ds:
driver: mssql
properties:
host: localhost
port: 1433
user: sa
password: Password
database: master