I’m migrating to a new server and I want to use Traefik 2.0 as a reverse proxy. I’m currently struggling with the new configuration. I added a section at the bottom of the app.yml file. (Source: Discourse behind Traefik 🐭)
I just couldn’t get the labels section working as expected. I’m not sure exactly why it wasn’t working anymore, or whether or not its been fixed since because I’ve just left my configuration as-is because its working.
# https://stackoverflow.com/questions/49718431/docker-compose-yml-file-naming-convention
version: "3.7"
services:
traefik-reverse-proxy:
# The official v2.0 Traefik docker image
#image: traefik:latest
#image: traefik:v2.0
image: traefik:v2.1.1
container_name: traefik
#command:
## to work with custom traefik configuration file you have to declare the local path and mount the location on the host, see volume section
#- --configFile=/etc/traefik/traefik-config.yaml
ports:
# The HTTP port
- 80:80
# The HTTPS port
- 443:443
# The Web UI (enabled by --api.insecure=true)
#- "8080:8080"
volumes:
# syntax --> host-location:path-in-container, see https://docs.docker.com/compose/compose-file/#volumes
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
# mount the location for the log files to the host, so that I can read them on the host
# chosen based on https://unix.stackexchange.com/questions/104936/where-are-all-the-posibilities-of-storing-a-log-file
- /var/log/traefik:/var/log
# mount the location for the certifcates to the host, so that I can read them on the host
#based on https://www.getpagespeed.com/server-setup/ssl-directory and https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux
- /etc/ssl/certs/traefik/letsencrypt:/etc/ssl/certs/letsencrypt
# I use a customized "traefik.toml", so it has to be mounted into the traefik container (or stored there), combine
# https://stackoverflow.com/questions/47382756/why-is-my-traefik-toml-file-not-be-read-by-docker-compose-configuration
# https://stackoverflow.com/questions/57200728/can-the-default-location-of-the-traefik-configuration-file-be-changed-in-the-off
# https://stackoverflow.com/questions/45902133/how-to-use-custom-traefik-toml-file
# https://docs.traefik.io/getting-started/configuration-overview/
- /opt/traefik/traefik-config.yaml:/etc/traefik/traefik.yaml
labels:
- traefik.enable=true
#- "traefik.docker.network=bridge_proxy_traefikv2"
- traefik.http.routers.traefik_dashboard-router.rule=Host(`traefik.fairbnb.community`)
- traefik.http.routers.traefik_dashboard-router.entrypoints=web
#- "traefik.http.services.traefik_dashboard-service.loadBalancer.server.port=8080"
- traefik.http.routers.traefik_dashboard-router.service=api@internal
networks:
- traefik
#- default
#Tiny Go webserver that prints os information and HTTP request to output
# whoami:
# image: "containous/whoami"
# container_name: "whoami"
# labels:
# - "traefik.enable=true"
# - "traefik.docker.network=bridge_proxy_traefikv2"
# - "traefik.http.routers.whoami-router.rule=Host(`fairbnb.community`)"
# - "traefik.http.routers.whoami-router.entrypoints=web"
# - "traefik.http.services.whoami-service.loadBalancer.server.port=80"
# networks:
# - traefik
# #- default
whoami_viaSubdomain:
image: "containous/whoami"
container_name: "whoami_viaSubdomain"
labels:
- traefik.enable=true
- traefik.docker.network=bridge_proxy_traefikv2
- traefik.http.routers.whoami_viaSubdomain-router.rule=Host(`whoami.fairbnb.community`)
- traefik.http.routers.whoami_viaSubdomain-router.entrypoints=web
#- "traefik.http.services.whoami_viaSubdomain-service.loadBalancer.server.port=80"
networks:
- traefik
#- default
networks:
traefik:
external:
name: bridge_proxy_traefikv2
Traefik configuration: traefik-config.yaml
global:
checkNewVersion: true
# sendAnonymousUsage: true
#serversTransport:
# insecureSkipVerify: true
# rootCAs:
# - foobar
# maxIdleConnsPerHost: 42
# forwardingTimeouts:
# dialTimeout: 42
# responseHeaderTimeout: 42
# idleConnTimeout: 42
entryPoints:
web:
address: :80
#transport:
# lifeCycle:
# requestAcceptGraceTimeout: 42
# graceTimeOut: 42
# respondingTimeouts:
# readTimeout: 42
# writeTimeout: 42
# idleTimeout: 42
#proxyProtocol:
# insecure: true
# trustedIPs:
# - foobar
# - foobar
#forwardedHeaders:
# insecure: true
# trustedIPs:
# - foobar
# - foobar
websecure:
address: :443
#traefik_dashboard:
#address: ":8080"
api:
#api: {}
# Activate dashboard.
## Enables the web UI @ port 8080/ Traefik will listen on port 8080 by default for API request. / Activate API directly on the entryPoint named traefik. (Default: false) --> port '8080'v= entryPoint 'traefik', overrides --api
#insecure: true
## Activate dashboard. (Default: true)
# dashboard: true
# Enable additional endpoints for debugging and profiling.
debug: true
providers:
# providersThrottleDuration: 42
docker:
#constraints: foobar
## Watch provider. (Default: true)
#watch: true
## Docker server endpoint. Can be a tcp or a unix socket endpoint. (Default: unix:///var/run/docker.sock)
#endpoint: unix:///var/run/docker.sock
#defaultRule: foobar
#tls:
#ca: foobar
#caOptional: true
#cert: foobar
#key: foobar
#insecureSkipVerify: true
# Expose containers by default. (Default: true) / By default, routes for all detected containers are creates. ITo limit the scope of Traefik's service discovery, i.e. disallow route creation for some containers, you can do so in two different ways: gerneric exposedByDefault (overriden by traefik.enable), or with a finer granularity mechanism based on constraints.
exposedByDefault: false
#useBindPortIP: true
#swarmMode: true
# Default Docker network used.
network: bridge_proxy_traefikv2
# swarmModeRefreshSeconds: 42
not used currently-metrics: # this is only hear to fold/unfold the commented region in Notepad++
#metrics:
# prometheus:
# buckets:
# - 42
# - 42
# addEntryPointsLabels: true
# addServicesLabels: true
# entryPoint: foobar
# manualRouting: true
# datadog:
# address: foobar
# pushInterval: 42
# addEntryPointsLabels: true
# addServicesLabels: true
# statsD:
# address: foobar
# pushInterval: 42
# addEntryPointsLabels: true
# addServicesLabels: true
# prefix: traefik
# influxDB:
# address: foobar
# protocol: foobar
# pushInterval: 42
# database: foobar
# retentionPolicy: foobar
# username: foobar
# password: foobar
# addEntryPointsLabels: true
# addServicesLabels: true
#ping:
# entryPoint: foobar
# manualRouting: true
#
log:
#Traefik's log file
# set debug level of the log
level: DEBUG
# defining the storage location inside the container, log file is written inside the container. To make it avaiable on the host it is mounted, see volumes section in docker-compose file
# chosen based on https://unix.stackexchange.com/questions/104936/where-are-all-the-posibilities-of-storing-a-log-file
filePath: /var/log/traefik-log.log
# Traefik log format: json | common (Default: common)
#format: common
accessLog:
# Logging access attempts
# defining the storage location inside the container, log file is written inside the container. To make it avaiable on the host it is mounted, see volumes section in docker-compose file
# chosen based on https://unix.stackexchange.com/questions/104936/where-are-all-the-posibilities-of-storing-a-log-file
filePath: /var/log/traefik-access.log
# Access log format: json | common (Default: common)
#format: common
# filters:
# statusCodes:
# - foobar
# - foobar
# retryAttempts: true
# minDuration: 42
# fields:
# defaultMode: foobar
# names:
# name0: foobar
# name1: foobar
# headers:
# defaultMode: foobar
# names:
# name0: foobar
# name1: foobar
# bufferingSize: 42
#
not used currently-tracing: # this is only hear to fold/unfold the commented region in Notepad++
#tracing:
# serviceName: foobar
# spanNameLimit: 42
# jaeger:
# samplingServerURL: foobar
# samplingType: foobar
# samplingParam: 42
# localAgentHostPort: foobar
# gen128Bit: true
# propagation: foobar
# traceContextHeaderName: foobar
# collector:
# endpoint: foobar
# user: foobar
# password: foobar
# zipkin:
# httpEndpoint: foobar
# sameSpan: true
# id128Bit: true
# sampleRate: 42
# datadog:
# localAgentHostPort: foobar
# globalTag: foobar
# debug: true
# prioritySampling: true
# traceIDHeaderName: foobar
# parentIDHeaderName: foobar
# samplingPriorityHeaderName: foobar
# bagagePrefixHeaderName: foobar
# instana:
# localAgentHost: foobar
# localAgentPort: 42
# logLevel: foobar
# haystack:
# localAgentHost: foobar
# localAgentPort: 42
# globalTag: foobar
# traceIDHeaderName: foobar
# parentIDHeaderName: foobar
# spanIDHeaderName: foobar
# baggagePrefixHeaderName: foobar
#
not used currently-hostResolver: # this is only hear to fold/unfold the commented region in Notepad++
#hostResolver:
# cnameFlattening: true
# resolvConfig: foobar
# resolvDepth: 42
#
certificatesResolvers:
tlsChallenge_letsencrypt:
acme:
email: my.secret@gmail.com
# CA server to use. (Default: https://acme-v02.api.letsencrypt.org/directory)
#caServer:
# location chosen based on on https://www.getpagespeed.com/server-setup/ssl-directory and https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux
storage: /etc/ssl/certs/letsencrypt/acme.json
# KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. (Default: RSA4096)
#keyType: {}
#dnsChallenge:
# provider: foobar
# delayBeforeCheck: 42
# resolvers:
# - foobar
# - foobar
# disablePropagationCheck: true
#httpChallenge:
# entryPoint: foobar
tlsChallenge: {}
#CertificateResolver1:
# acme:
# email: my.secret@gmail.com
# caServer: foobar
# storage: foobar
# keyType: foobar
# dnsChallenge:
# provider: foobar
# delayBeforeCheck: 42
# resolvers:
# - foobar
# - foobar
# disablePropagationCheck: true
# httpChallenge:
# entryPoint: foobar
# tlsChallenge: {}
