Route Traefik UI with Traefik
Question
I'm new to Docker and Traefik, so I decided to play with them a little. I tried to follow this Digital Ocean tutorial : https://www.digitalocean.com/community/tutorials/how-to-use-traefik-as-a-reverse-proxy-for-docker-containers-on-ubuntu-16-04
I'm trying to run a simple traefik docker container, and access the web UI on port 8080 through traefik redirection, IE, I want to access traefik UI at https://myhost/traefik
I don't have domain name so I don't want to use Host rules to redirect with Traefik. Instead I wanted to use the PathPrefixStrip rule.
Here is my file run_traefik.sh :
#!/bin/bash
docker run \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $PWD/traefik.toml:/traefik.toml \
-v $PWD/acme.json:/acme.json \
-p 80:80 \
-p 443:443 \
-l traefik.port=8080 \
-l traefik.backend=traefik_dashboard \
-l "traefik.frontend.rule=PathPrefixStrip:/traefik/" \
--network proxy_network \
--name traefik \
traefik:1.3.6-alpine --web --docker --docker.domain=docker.localhost --logLevel=DEBUG
And here is my traefik.toml file :
defaultEntryPoints = ["http", "https"]
[web]
adress = ":8080"
[web.auth.basic]
users = ["admin:$apr1$lVhuCVSI$JrCUdpV0PmduJ1b7FzhrX1"]
[entryPoints]
[entryPoints.http]
adress = ":80"
[entryPoints.https]
adress = ":443"
[entryPoints.https.tls]
[acme]
email = "myemail@provider.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
onDemand = false
[acme.httpChallenge]
entryPoint = "http"
[docker]
domain = "docker"
endpoint = "unix:///var/run/docker.sock"
watch = true
And Ijust touch acme.json and chmod 600 acme.json in order for LE to work.
Here is my problem :
When I try to access https://myhost/traefik I'm redirected to https://myhost/dashboard/ so I get a 404 NOT FOUND error.
Curiously when I try to access https://myhost/traefik/dashboard/#/ it redirects me to https://myhost/dashboard/#/ so it works well
But I don't want to specify full path ! And when I expose port 8080 in the docker run and I try to access http://myhost:8080 I'm redirected without problem to http://myhost:8080/dashboard/#/
I don't know how to configure Traefik so that going to https://myhost/traefik redirects me to https://myhost:8080/dashboard/#/ without failure....
I'm using Traefik v1.5.1/cancoillotte and Docker version 17.12.0-ce, build c97c6d6
UPDATE :
I'm now using this run_traefik.sh :
#!/bin/bash
docker run \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $PWD/traefik.toml:/traefik.toml \
-v $PWD/acme.json:/acme.json \
-p 80:80 \
-p 443:443 \
--network proxy_network \
--name traefik \
traefik:1.5.1-alpine --web --docker --docker.domain=docker.localhost --logLevel=DEBUG
And this traefik.toml :
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
adress = ":80"
[entryPoints.https]
adress = ":443"
[entryPoints.https.tls]
[entrypoints.api]
address=":8081"
[entryPoints.api.auth]
[entryPoints.api.auth.basic]
users = ["admin:$apr1$2Z7qoaOC$lCGDDfRCWWJrkJUrdJotW1"]
[entrypoints.dashboard]
address=":8080"
#Activate API and Dashboard
[api]
entrypoint="api"
[file]
[backends]
[backends.backend1]
[backends.backend1.servers.server1]
url = "http://127.0.0.1:8081"
[backends.backend2]
[backends.backend2.servers.server1]
url = "http://127.0.0.1:8080"
[frontends]
[frontends.frontend1]
entrypoints=["dashboard"]
backend = "backend2"
[frontends.frontend1.routes.test_1]
rule = "PathPrefixStrip:/traefik;PathPrefix:/traefik"
[acme]
email = "myemail@provider.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
onDemand = false
[acme.httpChallenge]
entryPoint = "http"
[docker]
domain = "docker"
endpoint = "unix:///var/run/docker.sock"
watch = true
Trying to access http://myhost/traefik/ nows redirect me to http://myhost/traefik/#/ . I can see the dasboard UI but not the content.
I mean that the page is empty except for the navigation menu. I can access the health section and see some graphs though, but I can't see any frontend or backend. Of course when exposing port 8081 in docker run I can access the dashboard at http://myhost:8081/dashboard/#/ and see all the frontends and backends.
Any insight ?
1 answers
solution1
0 2018-07-19 18:01:19
This problem is, at least to me, surprisingly hard to wrap my head around. My colleague always says there's nothing you can't fix with one more level of indirection, but I'm afraid the extra indirection here at least led to a lot of confusion for me.
To solve the problem of routing to the traefik ui with traefik, and have basic authentication, we have to use two indirections.
First, we want a user to just go to server.domain/traefik - so we need the prefix rule you mentioned (at this point, I would just use PathPrefix without Strip ).
We don't want the user to have to specify any particular port, so this rule should be defined for a frontend that is bound to the default http / https entrypoints.
And the backend for this rule, well, that should not be the address where the ui lives - because then we'd just access the ui, and missed the authentication.
Instead, we direct to a dummy backend, which is our authentication entrypoint. That one the authentication information defined.
Then we need another frontend backend pair - the frontend can use the same prefix matcher, but should strip; and it should be bound to our authentication entrypoint. The backend to this frontend can now point to the actual ui.
To make this whole story short, here's a minimal working example, based on the most recent image.
the run script (or you can just run it as a command, it's quite short):
#!/bin/bash
docker run --rm \
-v $PWD/traefik.toml:/traefik.toml \
-p 80:80 \
--name traefik \
traefik:1.6.5 --logLevel=INFO
and the config file config.toml can look like this:
defaultEntryPoints = ["http"]
[api]
dashboard = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.authenticate]
address = ":8081"
[entryPoints.authenticate.auth.basic]
users = ["admin:$apr1$HfCMaXX3$CRNkKZHTHkQEhoTMIXadD/"]
[file]
[backends]
[backends.backend1]
[backends.backend1.servers.server1]
url = "http://127.0.0.1:8081"
[backends.backend2]
[backends.backend2.servers.server1]
url = "http://127.0.0.1:8080"
[frontends]
[frontends.frontend1]
backend = "backend1"
[frontends.frontend1.routes.test_1]
rule = "PathPrefix:/traefik"
[frontends.frontend2]
backend = "backend2"
entrypoints=["authenticate"]
[frontends.frontend2.routes.test_1]
rule = "PathPrefixStrip:/traefik"
Also, this might be quite painful to hear, but both code examples have a typo that doesn't throw any obvious error messages, even in debug mode: address is spelled with two d's in English : / I make that mistake myself quite frequently....
The lines that hinted at that in the log were
time="2018-07-19T17:52:29Z" level=info msg="Server configuration reloaded on "
time="2018-07-19T17:52:29Z" level=info msg="Server configuration reloaded on "
time="2018-07-19T17:52:29Z" level=info msg="Server configuration reloaded on :8081"
time="2018-07-19T17:52:29Z" level=info msg="Server configuration reloaded on :8080"
from a run where I had both http and https entrypoints - those two were copypasted from your example with adress, and poor traefik doesn't know what to do with it... EDIT: Also, entrypoints is sometimes written all lower case, and sometimes entryPoints - and there you have a typo in the definition of the api entrypoint.
Hope this helps!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.