I am having trouble with configuring Traefik - I have a feeling this is probably a small configuration error. Below is the docker-compose file. I am trying to make WordPress use port 443, and have the Traefik dashboard on port 8080. However, the dashboard is appearing on both 443 and 8080. What could I be doing wrong here?
version: "3.3"
services:
################################################
#### Traefik Proxy Setup #####
###############################################
traefik:
image: traefik:v2.0
restart: always
container_name: traefik
ports:
- "80:80" # <== http
- "8080:8080" # <== :8080 is where the dashboard runs on
- "443:443" # <== https
command:
#### These are the CLI commands that will configure Traefik and tell it how to work! ####
## API Settings - https://docs.traefik.io/operations/api/, endpoints - https://docs.traefik.io/operations/api/#endpoints ##
- --api.insecure=true # <== Enabling insecure api, NOT RECOMMENDED FOR PRODUCTION
- --api.dashboard=true # <== Enabling the dashboard to view services, middlewares, routers, etc...
- --api.debug=true # <== Enabling additional endpoints for debugging and profiling
## Log Settings (options: ERROR, DEBUG, PANIC, FATAL, WARN, INFO) - https://docs.traefik.io/observability/logs/ ##
- --log.level=DEBUG # <== Setting the level of the logs from traefik
## Provider Settings - https://docs.traefik.io/providers/docker/#provider-configuration ##
- --providers.docker=true # <== Enabling docker as the provider for traefik
- --providers.docker.exposedbydefault=false # <== Don't expose every container to traefik, only expose enabled ones
- --providers.file.filename=/dynamic.yaml # <== Referring to a dynamic configuration file
- --providers.docker.network=web # <== Operate on the docker network named web
## Entrypoints Settings - https://docs.traefik.io/routing/entrypoints/#configuration ##
- --entrypoints.web.address=:80 # <== Defining an entrypoint for port :80 named web
- --entrypoints.web-secured.address=:443 # <== Defining an entrypoint for https on port :443 named web-secured
## Certificate Settings (Let's Encrypt) - https://docs.traefik.io/https/acme/#configuration-examples ##
- --certificatesresolvers.mytlschallenge.acme.tlschallenge=true # <== Enable TLS-ALPN-01 to generate and renew ACME certs
- --certificatesresolvers.mytlschallenge.acme.email=localhost@localhost.edu # <== Setting email for certs
- --certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json # <== Defining acme file to store cert information
volumes:
- ./letsencrypt:/letsencrypt # <== Volume for certs (TLS)
- /var/run/docker.sock:/var/run/docker.sock # <== Volume for docker admin
- ./dynamic.yaml:/dynamic.yaml # <== Volume for dynamic conf file, **ref: line 27
networks:
- web # <== Placing traefik on the network named web, to access containers on this network
labels:
#### Labels define the behavior and rules of the traefik proxy for this container ####
- "traefik.enable=true" # <== Enable traefik on itself to view dashboard and assign subdomain to view it
- "traefik.http.routers.api.rule=Host(`portal.localhost.org`)" # <== Setting the domain for the dashboard
- "traefik.http.routers.api.service=api@internal" # <== Enabling the api to be a service to access
################################################
#### WordPress Setup Container #####
##############################################
wordpress: # <== we aren't going to open :80 here because traefik is going to serve this on entrypoint 'web'
## :80 is already exposed from within the container ##
image: wordpress
restart: always
container_name: wp
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: ${MYSQL_WP_USER}
WORDPRESS_DB_PASSWORD: ${MYSQL_WP_PASSWORD}
WORDPRESS_DB_NAME: ${MYSQL_WP_DATABASE}
volumes:
- wordpress:/var/www/html
networks:
- web
- backend
labels:
#### Labels define the behavior and rules of the traefik proxy for this container ####
- "traefik.enable=true" # <== Enable traefik to proxy this container
- "traefik.http.routers.wordpress-web.rule=Host(`portal.localhost.org`)" # <== Your Domain Name goes here for the http rule
- "traefik.http.routers.wordpress-web.entrypoints=web" # <== Defining the entrypoint for http, **ref: line 30
- "traefik.http.routers.wordpress-web.middlewares=redirect@file" # <== This is a middleware to redirect to https
- "traefik.http.routers.wordpress-secured.rule=Host(`portal.localhost.org`)" # <== Your Domain Name for the https rule
- "traefik.http.routers.wordpress-secured.entrypoints=web-secured" # <== Defining entrypoint for https, **ref: line 31
- "traefik.http.routers.wordpress-secured.tls.certresolver=mytlschallenge" # <== Defining certsresolvers for https
You don't have defined entrypoint for port 8080 and you are not using this entrypoint in traefik dashboard configuration.
For working config, please see my previous answer here: Traefik dashboard only on the http port
If you are just counting on insecure=true to create traefik entrypoint, then I think the problem is, you have same domain for both services.