Search code examples
reverse-proxytraefik

traefik runs but don't uses toml-file

I set up a traefik reverse proxy in a docker enviroment. The goal is to redirect traffic to different servers (not containers) based on URL/Host.

After fiddling around, I got traefik to work. I can now see the backend. But if I try to access a server, I get "404 page not found" from traefik.

Also the tcp.routers and tcp.services don't show up in traefik-backend.

Are there limitations when mixing docker-compose and traefik.toml as configuration? If I start traefik it says, that it uses traefik.toml.

Another problem is, that user authentication for traefik-backend isn't used - there is no question for username/password.

Or does traefik ignore the whole configuration, because it can't get certificates (it's just dev and not in production right now).

docker-compose.yml:

version: "3.3"

services:

  traefik:
    restart: always
    image: "traefik:latest"
    container_name: "traefik"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    networks:
      - traefik_proxy
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - ./17/traefik.toml:/etc/traefik/traefik.toml
      - ./shared:/shared
    command:
      - "--api=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=traefik_proxy"

networks:
  traefik_proxy:
    external: true

traefik.toml:

[global]
  sendAnonymousUsage = false

[log]
  level = "DEBUG"

[api]
  dashboard = true
  insecure = true

[entryPoints]
  [entryPoints.traefik]
    address = ":8080"
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http]
      [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
          to = "websecure"
          scheme = "https"
  [entryPoints.websecure]
    address = ":443"
    [entryPoints.websecure.http.tls]
      certResolver = "myresolver"

[http]
  [http.routers]

    [http.routers.mymiddleware]
      entryPoints = ["websecure"]
      rule = "Host(`cmw.domain.de`) || Host(`sync.domain.de`)"
      certResolver = "myresolver"
      service = "mymiddleware"
    [http.routers.owncloud]
      entryPoints = ["websecure"]
      rule = "Host(`cloud.domain.de`)"
      certResolver = "myresolver"
      service = "owncloud"
    [http.routers.dashboard]
      entryPoints = ["traefik"]
      rule = "PathPrefix(`/dashboard`) || PathPrefix(`/api`)"
      service = "api@internal"
      middlewares = ["auth"]

  [http.middlewares.auth.basicAuth]
    usersFile="shared/.htpasswd"

[tcp.services]
  [tcp.services.mymiddleware]
    [[tcp.services.mymiddleware.loadBalancer.servers]]
      address = "192.168.92.14"
  [tcp.service.owncloud]
    [[tcp.services.owncloud.loadBalancer.servers]]
      address = "192.168.92.10"

[certificatesResolvers.myresolver.acme]
  email = "webmaster@domain.de"
  storage = "acme.json"
  [certificatesResolvers.myresolver.acme.httpChallenge]
    entryPoint = "web"
Solution

  • But there was a nother problem, which is more important:

    It's a "must" to seperate dynamic and static configuration.

    So I ended up with:

    docker-compose.yml

    version: "3.3"

services:

  traefik:
    restart: always
    image: "traefik:latest"
    container_name: "traefik"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    networks:
      - traefik_proxy
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - ./traefik/traefik.toml:/etc/traefik/traefik.toml
      - ./shared:/shared

networks:
  traefik_proxy:
    external: true

    traefik/traefik.toml

    [global]
  sendAnonymousUsage = false

[log]
  level = "DEBUG"

[api]
  dashboard = true
#  insecure = true

[providers.file]
  filename = "shared/config.toml"

[entryPoints]
  [entryPoints.traefik]
    address = ":8080"
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http]
      [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
          to = "websecure"
          scheme = "https"
  [entryPoints.websecure]
    address = ":443"
    [entryPoints.websecure.http.tls]
      certResolver = "myresolver"

[certificatesResolvers.myresolver.acme]
  email = "webmaster@domain.de"
  storage = "shared/acme.json"
  [certificatesResolvers.myresolver.acme.httpChallenge]
    entryPoint = "web"

    shared/config.toml

    [http]
  [http.routers]

    [http.routers.cudgelmiddleware]
      entryPoints = ["websecure"]
      rule = "Host(`cmw.domain.de`) || Host(`sync.domain.de`)"
      certResolver = "myresolver"
      service = "mymiddleware"
    [http.routers.owncloud]
      entryPoints = ["websecure"]
      rule = "Host(`cloud.otherdomain.com`)"
      certResolver = "myresolver"
      service = "owncloud"
    [http.routers.dashboard]
      entryPoints = ["traefik"]
      rule = "PathPrefix(`/dashboard`) || PathPrefix(`/api`)"
      service = "api@internal"
      middlewares = ["auth"]

  [http.middlewares.auth.basicAuth]
    usersFile="shared/.htpasswd"

[http.services]
  [http.services.mymiddleware]
    [[http.services.mymiddleware.loadBalancer.servers]]
      url = "http://192.168.92.14"
  [http.service.owncloud]
    [[http.services.owncloud.loadBalancer.servers]]
      url = "http://192.168.92.10"