Routing requests to containers based on path? - traefik

When a request comes through to my domain I want all /snap requests to be forwarded to my thumbor container along with the path. I can't seem to get this working I've tried many different modifiers.
So for example any request to https://addmysnap.local/snap/image/3234234234/profile.jpg gets routed to the thumbor container as /image/some-other-stuff/3234234234/profile.jpg.
The some-other-stuff part will be string that allows me to watermark the image.
Here's what I've got so far ...
thumbor:
image: minimalcompact/thumbor:latest
restart: always
networks:
- web
- default
volumes:
- ./data:/data
labels:
- "traefik.enable=true"
- - "traefik.basic.frontend.rule=Host:addmysnap.local,ReplacePathRegex: ^/snap/(.*) /$${1}"
- "traefik.basic.port=80"
environment:
UPLOAD_ENABLED: 1
This doesn't work though and I the following error:
thumbor_1 | 2018-09-29 18:16:44 thumbor:WARNING Malformed URL: /snap/image/051a30f09fe340cbac13e9d58d09bee4/image.jpg
Not sure why it's malformed, or why /snap is being passed through.
Any ideas how to do this?

Related

Dapr Service Invocation Connection Refused issue

I have a ASP.Net core Razor app that calls an api called TokenAPI, as well as another API called DevOps that calls the Token API, using the Service Invocation block. All of these are hosted in DAPR.
The web app and 2 APIs are hosted locally with Docker Compose. The web app can sucessfully call the Token API using the service invocation block, but the DevOps API fails with
"Exception":"System.Net.Http.HttpRequestException: Connection refused (127.0.0.1:3500)"
I am at a loss as to why this is not working and have been comparing the configuration in my docker-compose file, but cannot figure out why the web-to-api works, whilst the api-to-api fails. Both the Web App and DevOps api uses the same code and config used to call the Token API when creating calling CreateInvokeHttpClient during app startup. So, with code being te same, the only place I can think of, must be the docker-compose:
cas.tokens.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://+:80;https://+:443
ports:
- "5105:80"
- "5115:443"
- "50005:50001"
volumes:
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
networks:
- mynetwork
cas.devops.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://+:80;https://+:443
ports:
- "5106:80"
- "5116:443"
- "50006:50001"
volumes:
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
networks:
- mynetwork
cas.web:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
ports:
- "5111:443"
volumes:
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
networks:
- mynetwork
castokensapi-dapr:
command: ["./daprd",
"-app-id", "tokensapi",
"-app-port", "80", --enable-api-logging,
"-dapr-http-port", "3605",
"-placement-host-address", "dapr-placement:50000",
"-components-path", "/components",
"-config", "/configuration/config.yaml"
]
volumes:
- "./dapr/components/:/components"
- "./dapr/configuration/:/configuration"
casdevopsapi-dapr:
command: ["./daprd",
"-app-id", "devopsapi",
"-app-port", "80", --enable-api-logging,
"-dapr-http-port", "3606",
"-placement-host-address", "dapr-placement:50000",
"-components-path", "/components",
"-config", "/configuration/config.yaml"
]
volumes:
- "./dapr/components/:/components"
- "./dapr/configuration/:/configuration"
casweb-dapr:
command: [
"./daprd",
"-app-id", "casweb", --enable-api-logging,
"-placement-host-address", "dapr-placement:50000",
"-components-path", "/components",
"-config", "/configuration/config.yaml"
]
volumes:
- "./dapr/components/:/components"
- "./dapr/configuration/:/configuration"
I am confused as to why DAPR resolves the endpoint to be 127.0.0.1:3500 instead of 127.0.0.1:3605, as per the config?
Below is a screenshot of what the app-id resolves for both service invocations from web-to-api to api-to-api.
The issue seems to be that the service location is either not working or, there is something more fundamental that I misunderstand.
Any help is much appreciated
[UPDATE]
I managed to get this to work, but not entirely sure why yet lol. Removing the "-dapr-http-port" fixes this issue, but I would still like to know why.
Will post here when I know more.
-Mike

Portainer doesn't show icons anymore since upgrading to v2 (Traefik Proxy)

Since upgrading to Portainer v2, the icons would suddenly not load anymore. I can still access Portainer (which is proxied by Traefik), but after a bit of testing, I noticed, only / would be forwarded. If a path was given, Traefik would throw a 404 error. This is a problem because Portainer loads the fonts from eg. /b15db15f746f29ffa02638cb455b8ec0.woff2.
There is one issue about this on Github, but I don't really know what to do with that information: https://github.com/portainer/portainer/issues/3706
My Traefik configuration
version: "2"
# Manage domain access to services
services:
traefik:
container_name: traefik
image: traefik
command:
- --api.dashboard=true
- --certificatesresolvers.le.acme.email=${ACME_EMAIL}
- --certificatesresolvers.le.acme.storage=acme.json
# Enable/Disable staging by commenting/uncommenting the next line
# - --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.le.acme.dnschallenge=true
- --certificatesresolvers.le.acme.dnschallenge.provider=cloudflare
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --global.sendAnonymousUsage
- --log.level=INFO
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=traefik_proxy
restart: always
networks:
- traefik_proxy
ports:
- "80:80"
- "443:443"
dns:
- 1.1.1.1
- 1.0.0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./acme.json:/acme.json
# - ./acme-staging.json:/acme.json
environment:
CF_API_EMAIL: ${CLOUDFLARE_EMAIL}
CF_API_KEY: ${CLOUDFLARE_API_KEY}
labels:
- traefik.enable=true
- traefik.http.routers.traefik0.entrypoints=http
- traefik.http.routers.traefik0.rule=Host(`${TRAEFIK_URL}`)
- traefik.http.routers.traefik0.middlewares=to_https
- traefik.http.routers.traefik.entrypoints=https
- traefik.http.routers.traefik.rule=Host(`${TRAEFIK_URL}`)
- traefik.http.routers.traefik.middlewares=traefik_auth
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=le
- traefik.http.routers.traefik.service=api#internal
# Declaring the user list
#
# Note: all dollar signs in the hash need to be doubled for escaping.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
- traefik.http.middlewares.traefik_auth.basicauth.users=${TRAEFIK_USERS}
# Standard middleware for other containers to use
- traefik.http.middlewares.to_https.redirectscheme.scheme=https
- traefik.http.middlewares.to_https_perm.redirectscheme.scheme=https
- traefik.http.middlewares.to_https_perm.redirectscheme.permanent=true
networks:
traefik_proxy:
external: true
And my Portainer configuration
version: "2"
# Manage docker containers
services:
portainer:
container_name: portainer
image: portainer/portainer-ce
restart: always
networks:
- traefik_proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data/:/data/
labels:
- traefik.enable=true
- traefik.http.services.portainer.loadbalancer.server.port=9000
- traefik.http.routers.portainer0.entrypoints=http
- traefik.http.routers.portainer0.rule=Host(`${PORTAINER_URL}`)
- traefik.http.routers.portainer0.middlewares=to_https
- traefik.http.routers.portainer.entrypoints=https
- traefik.http.routers.portainer.rule=Host(`${PORTAINER_URL}`)
- traefik.http.routers.portainer.tls=true
- traefik.http.routers.portainer.tls.certresolver=le
networks:
traefik_proxy:
external: true
What do I have to change to make Traefik be able to forward the paths so that Portainer can load the icons?
Could you try flush your DNS Cache?
In Chrome 'chrome://net-internals/#dns' into URL bar and pressed enter.
Then click on 'Clear host cache'
Then refresh your portainer page
I noticed that there is also an Alpine version of Portainer.
After switching to that (image: portainer/portainer-ce:alpine), the icons seem to be working again. I don't know what the issue is with the regular image, but this solves it for now.
PS: I had tried to use the Access-Control header on Traefik, but that didn't help. I guess it's a problem with Portainer's code itself.
If someone else is facing this issue, I resolved this by deleting my Browser Cache or just do a full Refresh with CTRL+Shift+R

How to use rancher2 behind traefik2

i'm trying to set up rancher2 behind a proxy traefik2 with docker-compose, but after several tries and days, i've alway a refused connection on https://rancher2.docker.localhost.
I try to setup an nginx container behind traefik2 and there is no problem expect with https.
Someone can show me how to solve this problem (rancher2 behind traefik2)
Thx
Edit :
0
#ZF007 thx for you intention
i have nothing in log rancher2 or traefik2, i've try whith different middleware traefik, redirect https
The last try seems like this : rancher2:
image: rancher/rancher:latest
container_name: rancher2
labels:
- traefik.enable=true
- traefik.http.routers.rancher2.rule=Host(rancher2.docker.localhost)
- traefik.http.routers.web-secure.tls=true
- traefik.http.routers.rancher2.middlewares=rancher2-mw
- traefik.http.middlewares.rancher2-mw.redirectscheme.scheme=https
environment:
- NO_PROXY="localhost,127.0.0.1,0.0.0.0,192.168.10.0/24,172.20.0.0/24,example.com"
expose:
- 80
- 443 and the error is => ERR_CONNECTION_REFUSED

problem configuring traefik's ForwardAuth middleware

I have few containers, brought up with docker-compose and I want to perform authentication on of the containers.
Below the piece that I assume should do that, but it doesn't go to the authentication-backend-nginx-private, directly lands on the mds-backend-nginx-private. I'm out of idea, what could be wrong about the config...
it works if authforward configured globally: in toml file under entrypoint section, but I want it to be per particular container..
mds-backend-nginx-private:
<<: *nginx-common
ports:
- 8186:80
networks:
- cloud_private
- mds-backend
restart: on-failure
environment:
- NGINX_SERVER_NAME=mds-backend-nginx-private
- WEBSITE_PROXY_NAME=mds-backend-web-private
- WEBSITE_PROXY_PORT=8000
labels:
- "traefik.http.middlewares.authf.ForwardAuth.Address=http://authentication-backend-nginx-private/api/v1/gateway/account?with_credentials=true"
- "traefik.docker.network=cloud_private"
- "traefik.http.routers.mds-backend.middlewares=authf"
- "traefik.frontend.rule=PathPrefix: /api/v1/mds/"```
Maybe, you are trying to use "middleware feature" with old traefik version.
Works in the toml file because you are using the "forward feature" present in old versions.
Check traefik tag image is equal or greater than 2.0
https://hub.docker.com/_/traefik

Traefik not working with more than 3 ports exposed

I'm trying to get email service working with traefik. I need to expose 25, 100, 143.. etc.
But traefik only works with <= 3 ports. If I add more than 3, it it stopped working.
This is my sample config:
networks:
- traefik-net
environment:
- HTTPS=OFF
deploy:
placement:
constraints: [node.role == manager]
restart_policy:
condition: on-failure
replicas: 1
labels:
- "traefik.backend=mail"
- "traefik.port=80"
- "traefik.frontend.rule=Host:mail.mydomain.com"
- "traefik.docker.network=traefik-net"
- "traefik.mail.port=80"
- "traefik.mail25.port=25"
- "traefik.mail110.port=110"
- "traefik.mail143.port=143"
- "traefik.mail465.port=465"
- "traefik.mail587.port=587"
- "traefik.mail993.port=993"
- "traefik.mail995.port=995"
I didnt see anything unnormal in mail and traefik service log.
Can anyone help me? Thank in advance and sorry for my bad English.
Many thanks for you interest in the project.
Thanks to the addtional information you gave on Github and after analyzing your problem, it appears you try to expose in HTTP ports which have to be accessed inSMTP(S), POP3(S) and IMAP(S) (which are over TCP).
Currently Træfik is only a HTTP Reverse Proxy and you can't do TCP calls through it, your use case can't work for the moment.