I have installed Docker rootless on a Debian VM in Proxmox. I tried some Docker containers without any problem, and cleaned all (with prune) to install the Traefik Docker container first.
Before installing Traefik, I have exposed the privileged ports.
After the Traefik installation, when trying to access the Traefik dashboard, I get the error message (in both HTTP and HTTPS):
404 page not found
The Docker logs displays:
<DOCKER-USER>@<DEBIAN>:~/.local/share/docker/volumes/traefik$ docker compose logs -f
traefik | time="2022-10-12T22:36:36+04:00" level=info msg="Configuration loaded from file: /traefik.yml"
traefik | time="2022-10-12T22:36:36+04:00" level=error msg="Failed to retrieve information of the docker client and server host: Cannot connect to the Docker daemon at unix:///run/user/<DOCKER-USER-UID>/docker.sock. Is the docker daemon running?" providerName=docker
traefik | time="2022-10-12T22:36:36+04:00" level=error msg="Provider connection error Cannot connect to the Docker daemon at unix:///run/user/<DOCKER-USER-UID>/docker.sock. Is the docker daemon running?, retrying in 258.609218ms" providerName=docker
<CAPS> for edition before posting. Two last lines repeting.
The Traefik Docker container is installed from the non sudoer <DOCKER-USER> account.
Here is the "docker-compose.yml":
version: '3'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
environment:
- CF_API_EMAIL=<CF_API_EMAIL>
- CF_API_KEY=<CF_API_KEY>
volumes:
- /etc/localtime:/etc/localtime:ro
- /run/user/<DOCKER-USER-UID>/docker.sock:/var/run/docker.sock:ro
- /home/<DOCKER-USER>/.local/share/docker/volumes/traefik/data/traefik.yml:/traefik.yml:ro
- /home/<DOCKER-USER>/.local/share/docker/volumes/traefik/data/acme.json:/acme.json
- /home/<DOCKER-USER>/.local/share/docker/volumes/traefik/data/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.<PERSONAL-DOMAIN.COM>`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=<USER>:<HASHED-PASSWORD>"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.<PERSONAL-DOMAIN.COM>`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=<PERSONAL-DOMAIN.COM>"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.<PERSONAL-DOMAIN.COM>"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
proxy:
external: true
Here is the "traefik.yml":
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///run/user/<DOCKER-USER-UID>/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: <CF_API_EMAIL>
storage: acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
The "docker.sock" is in the location typed in these yml files. "docker.sock" is owned by <DOCKER-USER> and the group owner is a non existant numeric group ID.
I am not sure what the "docker daemon" is (docker.service or docker.socket), but the Docker service is running:
<DOCKER-USER>@<DEBIAN>:~/.local/share/docker/volumes/traefik$ systemctl --user status docker.service
● docker.service - Docker Application Container Engine (Rootless)
Loaded: loaded (/home/<DOCKER-USER>/.config/systemd/user/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-10-10 21:40:12 +04; 2 days ago
Docs: https://docs.docker.com/go/rootless/
Main PID: 440 (rootlesskit)
Tasks: 115
Memory: 442.6M
CPU: 5min 29.704s
CGroup: /user.slice/user-<DOCKER-USER-UID>.slice/user@<DOCKER-USER-UID>.service/app.slice/docker.service
├─ 440 rootlesskit --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=built>
├─ 453 /proc/self/exe --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=bu>
├─ 472 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 453 tap0
├─ 480 dockerd
├─ 503 containerd --config /run/user/<DOCKER-USER-UID>/docker/containerd/containerd.toml --log-level info
├─3657 fuse-overlayfs -o lowerdir=/home/<DOCKER-USER>/.local/share/docker/fuse-overlayfs/l/XXXXXXXXXXXXXXXXXXXXXXXX:/home/<DOCKER-USER>/.local/share>
├─3665 /usr/bin/rootlesskit-docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
├─3671 docker-proxy -container-ip 172.18.0.2 -container-port 443 -host-ip 127.0.0.1 -host-port 443 -proto tcp
├─3680 /usr/bin/rootlesskit-docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
├─3687 docker-proxy -container-ip 172.18.0.2 -container-port 443 -host-ip ::1 -host-port 443 -proto tcp
├─3700 /usr/bin/rootlesskit-docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
├─3706 docker-proxy -container-ip 172.18.0.2 -container-port 80 -host-ip 127.0.0.1 -host-port 80 -proto tcp
├─3715 /usr/bin/rootlesskit-docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
├─3721 docker-proxy -container-ip 172.18.0.2 -container-port 80 -host-ip ::1 -host-port 80 -proto tcp
└─3738 /usr/bin/containerd-shim-runc-v2 -namespace moby -id XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -address /run/user/10>
oct. 12 22:35:40 <DEBIAN> dockerd-rootless.sh[480]: time="2022-10-12T22:35:40.516184794+04:00" level=info msg="ignoring event" container=XXXXXXXXXXXXXXXXXXXXXXXX>
oct. 12 22:35:40 <DEBIAN> dockerd-rootless.sh[503]: time="2022-10-12T22:35:40.517352173+04:00" level=warning msg="cleaning up after shim disconnected" id=XXXXXXX>
oct. 12 22:35:40 <DEBIAN> dockerd-rootless.sh[503]: time="2022-10-12T22:35:40.517386322+04:00" level=info msg="cleaning up dead shim"
oct. 12 22:35:40 <DEBIAN> dockerd-rootless.sh[503]: time="2022-10-12T22:35:40.529791839+04:00" level=warning msg="cleanup warnings time=\"2022-10-12T22:35:40+04:>
oct. 12 22:36:36 <DEBIAN> dockerd-rootless.sh[480]: time="2022-10-12T22:36:36.203256215+04:00" level=warning msg="Security options with `:` as a separator are de>
oct. 12 22:36:36 <DEBIAN> dockerd-rootless.sh[503]: time="2022-10-12T22:36:36.346784157+04:00" level=info msg="loading plugin \"io.containerd.event.v1.publisher\>
oct. 12 22:36:36 <DEBIAN> dockerd-rootless.sh[503]: time="2022-10-12T22:36:36.346843512+04:00" level=info msg="loading plugin \"io.containerd.internal.v1.shutdow>
oct. 12 22:36:36 <DEBIAN> dockerd-rootless.sh[503]: time="2022-10-12T22:36:36.346855302+04:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"...">
oct. 12 22:36:36 <DEBIAN> dockerd-rootless.sh[503]: time="2022-10-12T22:36:36.347114150+04:00" level=info msg="starting signal loop" namespace=moby path=/run/.ro>
oct. 12 22:36:36 <DEBIAN> dockerd-rootless.sh[3782]: time="2022-10-12T22:36:36+04:00" level=info msg="skipping firewalld management for rootless mode"
I am stuck here and would gladly accept any help, thanks!
Found the solution!
My "traefik.yml" file is for the configuration inside the traefik container. So the endpoint configured should be:
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
and not :
providers:
docker:
endpoint: "unix:///run/user/<DOCKER-USER-UID>/docker.sock"
because the binding is already fixed in the "docker-compose.yml" file:
services:
traefik:
...
volumes:
- /run/user/<DOCKER-USER-UID>/docker.sock:/var/run/docker.sock:ro