I'm trying to install gitea and traefik in an Alibaba Cloud instance but I can't get any page or response from traefik. How can I debug this? docker logs traefik has no errors
Here is my docker-compose.yml
version: "3"
networks:
gitea_net:
external: true
internal:
external: false
services:
db:
image: postgres:9.6
restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
labels:
- "traefik.enable=false"
networks:
- internal
volumes:
- ./postgres:/var/lib/postgresql/data
traefik:
image: traefik:latest
command: --docker
ports:
- 80:80
- 443:443
labels:
- "traefik.enable=true"
- "traefik.backend=dashboard"
- "traefik.frontend.rule=Host:traefik.mydomain.com"
- "traefik.port=8080"
networks:
- gitea_net
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
container_name: traefik
restart: always
server:
image: gitea/gitea:latest
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
networks:
- internal
volumes:
- ./gitea:/data
ports:
- "3000"
- "22"
labels:
- "traefik.enabled=true"
- "traefik.backend=gitea"
- "traefik.frontend.rule=Host:gitea.mydomain.com"
- "traefik.docker.network=gitea_net"
- "traefik.port=3000"
networks:
- internal
- gitea_net
depends_on:
- db
- traefik
Here is my traefik.toml
#Traefik Global Configuration
debug = true
checkNewVersion = true
logLevel = "ERROR"
#Define the EntryPoint for HTTP and HTTPS
defaultEntryPoints = ["https","http"]
#Define the HTTP port 80 and
#HTTPS port 443 EntryPoint
#Enable automatically redirect HTTP to HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
#Enable Traefik Dashboard on port 8080
#with basic authentication method
[entryPoints.dash]
address=":8080"
[entryPoints.dash.auth]
[entryPoints.dash.auth.basic]
users = [
"admin:$apr1$nw$PAVvqQK30eAdrY0l9KCnK1",
]
[api]
entrypoint="dash"
dashboard = true
#Enable retry sending a request if the network error
[retry]
#Define Docker Backend Configuration
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "mydomain.com"
watch = true
exposedbydefault = false
#Letsencrypt Registration
#Define the Letsencrypt ACME HTTP challenge
[acme]
email = "mark@gmail.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
I may be wrong but your setup may be only valid for Traefik before 2.0.
You can check it quickly by changing the docker image tag from traefik:latest to traefik:1.7.
If you are still not able to make it work, then please try my setup that I know is working, because is being used. If my setup works for you then you can compare it with yours and see how you make yours to work. The main difference from mine to yours is that I use Treafik 1.7 and that I deploy Traefik as a separated docker stack in the server, because I believe this is the proper way of doing, at least if you want to take advange of using it to tun as many services as you can in the same server.
Another thing to watch out for is that the acme.json file to store the Letsencrypt certificates must have 600 permissions. But if I recall well this permissions issues will not cause traefik to keep restarting, but not sure, and I have not detailed in my bash script to setup Traefik:
# Traefik will not create the certificates if we don't fix the permissions
# for the file where it stores the LetsEncrypt certificates.
chmod 600 acme.json
version: '2.3'
services:
traefik:
image: traefik:1.7
restart: always
ports:
- 80:80
- 443:443
networks:
- traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
container_name: traefik
labels:
- "traefik.acme.email=${TRAEFIK_ACME_EMAIL:? Missing TRAEFIK_ACME_EMAIL env var.}"
- "traefik.docker.domain=${TRAEFIK_DOCKER_DOMAIN:? Missing TRAEFIK_DOCKER_DOMAIN env var.}"
networks:
traefik:
external: true
The network is external, therefore you need to run docker network create traefik.
The variables in the docker-compose.yml file come from a .env file:
TRAEFIK_DOCKER_DOMAIN=dev.example.com
TRAEFIK_ACME_EMAIL=YOUR@EMAIL.COM
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[web]
address = ":8080"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
[acme]
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
An example of attaching a docker compose service from another docker-compose.yml file can be found here:
service-name:
....
networks:
- shipfast
- traefik
labels:
- "traefik.enable=true"
- "traefik.backend=${ENVIRONMENT:-dev}.shipfast-api"
- "traefik.docker.network=traefik"
- "traefik.port=${SHIPFAST_HTTP_PORT}"
- "traefik.frontend.rule=Host:${SHIPFAST_PUBLIC_DOMAIN:-localhost}"
.....
networks:
shipfast:
driver: "bridge"
traefik:
external: true