Traefik - Funky Penguin's Geek Cookbook

kruecab · November 6, 2018, 6:03am

Sure, no problem, it’s below:

version: "3.2"

services:
  traefik:
    image: traefik
    command: --web --docker --docker.swarmmode --docker.watch --docker.domain=example.com -- logLevel=DEBUG
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8080
        published: 8080
        protocol: tcp
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /var/data/config/traefik/traefik.toml:/traefik.toml:ro
      - /var/data/config/traefik/acme.json:/acme.json
    labels:
      - "traefik.enable=false"
    networks:
      - public
    deploy:
      mode: global
      placement:
        constraints: [node.role == manager]
      restart_policy:
        condition: on-failure

networks:
  public:
    driver: overlay
    ipam:
      driver: default
      config:
      - subnet: 192.168.0.0/24

192.168.0.0/24 is the network segment the physical docker node is on. Not sure if that’s supposed to be my external, internet routable IP… but that is dynamic.

From where I sit, the “dial tcp” errors not able to connect to 127.0.0.1:53 seem to be the hurdle I’m facing now. FWIW, I setup the registry mirror service too and it also seems to be having trouble connecting to the “docker dns”. This shows up in its logs as well:

panic: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on 127.0.0.11:53: read udp 127.0.0.1:45493->127.0.0.11:53: i/o timeout

kruecab · November 8, 2018, 12:06am

Okay, yeah, my subnet definition was the problem… I switched the subnet directive to be “10.1.0.0/24” and it looks like traefik was able to start up.

Now I just need to troubleshoot why the let’s encrypt http challenge is not working.

xl666 · December 28, 2018, 1:15am

I believe there is a typo on the yml, it should be --docker.swarmMode instead of --docker.swarmmode this, is true at least for the traefik version I’m using.

Thanks for the recipe.

virtualSharif · March 15, 2019, 1:49pm

Ports mapping didn’t work on mac. Here are my changes which could be helpful to run it locally.
Thanks!

services:
  traefik:
    image: traefik
    command: --web --docker --docker.swarmmode --docker.watch --docker.domain=your-domain.com --logLevel=DEBUG
    ports:
      - "80:80/tcp"
      - "443:443/tcp"
      - "8080:8080/tcp"

daze · March 21, 2019, 10:58pm

I keep seeing this message in my docker swarm for traefik. Only using wallabag to test at the moment. And I’ve already been rate limited.

[email protected] | time=“2019-03-21T22:56:45Z” level=debug msg=“Filtering container without port, traefik_traefik.1im380tylloon8orfxq5jl7cc: port label is missing, please use traefik.port as default value or define port label for all segments (‘traefik.<segment_name>.port’)”

I had to manually add a DNS name. Which provider is recommended? I can switch to something that works with Traefik. Time to look at docs again.

funkypenguin · March 21, 2019, 11:10pm

I like CloudFlare, it works well with Traefik. Can’t speak about the others

daze · March 21, 2019, 11:11pm

Thanks funkypenguin! Love your work.

daze · March 22, 2019, 12:23am

Running into a wall. https://wallabag.mydomain.com just displays a 404. I have not setup oauth in anyway, hopefully it isn’t causing an issue. Any ideas on how to troubleshoot this?

funkypenguin · March 22, 2019, 12:40am

The 404 means you’re talking to Traefik, but Traefik doesn’t know how to route your request. Did you set traefik.port ? (I think it should be 8080)

daze · March 22, 2019, 12:59am

I just did, and I can see the dashboard but no frontends/backends. Hmm…

Bencey · March 22, 2019, 1:11am

If possible is there any chance you are able to join our discord so we can help troubleshoot

gkoerk · March 23, 2019, 5:01pm

I can confirm NAMECHEAP works fine with Traefik too – even the wildcard DNS challenge – BUT – they don’t unlock the API key for that until you’ve spent like $50 with them. Woth it if you like their domain hosting prices and are comfortable locking in a longer purchase.

Jerry

stetho · July 20, 2019, 12:49pm

Just wanted to mention that the instructions say

Create /var/data/config/traefik/traefik.yml as follows:

And then tell you to

create an overlay network by running
docker stack deploy traefik -c /var/data/traefik/traefik.yml

Is that an extra ‘config’ or a missing ‘config’? It’s arbitrary because you just adjust the paths accordingly but I thought I’d mention it.

Steve

VinistoisR · January 18, 2020, 7:24pm

Also the scratch stack sets up a network named “public” with a specific subnet, but then it is never used by the examples that follow. The traefik network is named traefik_public, which of course would not exist yet, so it is created anyways.

belroth · February 15, 2020, 4:36am

I keep receiving the following in an email when utilizing github and traefik:

On February 15th, 2020 at 04:23 (UTC) your application (Radarr) used an access token (with the User-Agent Go-http-client/1.1) as part of a query parameter to access an endpoint through the GitHub API:

https://api.github.com/user/emails

Please use the Authorization HTTP header instead as using the access_token query parameter is deprecated

What should I be looking to do to resolve this?

Thanks!

Matthew_Lancey · April 30, 2020, 10:02am

I’m getting an error nobody has flagged so far, from what I can tell.

I reach this point:

$ docker stack deploy traefik-app -c /var/data/config/traefik/traefik-app.yml
Creating service traefik-app_traefik

So far, so good.

But then $ docker stack ps traefik-app returns lots of failed containers (well, the same failed container, starting over and over), with the error message "task: non-zero exit (1)" against each one.

So then $ docker services logs {id of one of the failed containers} tells me:

command traefik error: field not found, node: redirect

I little Googling of “field not found, node: redirect” brings up a few examples of where this is happening because of a mismatch of traefik v1 and v2 configs, ie. trying to use a traefik v1 config with traefik >v2.0

Is that what’s happening here?

I should also point out that I’m running this on a one-node swarm, but if adding more nodes would be worth trying, I’ll give that go.

Thanks!

funkypenguin · April 30, 2020, 7:55pm

Welcome @Matthew_Lancey! Yes, I’d be inclined to agree with you on that. A quick test would be trying to run Traefik v1, and seeing whether that solves the problem. There are several geeks in our Discord server, who’ve successfully migrated to Traefik v2, and a v2 recipe is in the works - you could pop in there and get some pointers? (Specifically @HexF is using it, I’m aware…)

Matthew_Lancey · May 1, 2020, 2:32am

Cool - so for those following along at home, I changed traefik-app.yml as follows and the issue went away:

services:
traefik:
image: traefik:1.7

TNTechnoHermit · May 1, 2020, 1:45pm

Thanks @Matthew_Lancey, that tip fixed the errors I was having trying to deploy Traefik as well. Cheers!

Markos · July 25, 2021, 11:34am

Hi!

A few things on the v2 revision:

At the ingredients you list: “Traefik configured per design” and even provide a link to this very page. Nitpicking, but the recursion triggered my OCD.
You create /var/data/config/traefikv2/traefikv2.yml twice!
You refer to docker stack deploy traefikv2 -c /var/data/config/traefikv2/traefikv2.yml on the text (which is correct), then run docker stack deploy traefik-app -c traefikv2.yml in the code block right after that. And the output doesn’t match.
Can we get a sample/example file of /var/data/config/traefikv2/traefikv2.env. I assume it has DNS provider credentials for CloudFlare, but is there something else?

I love the cookbook btw, was waiting for the traefik v2 update since I first discovered it. Thank you for your efforts!