Generic selectors

Exact matches only

Search in title

Search in content

Post Type Selectors
Filter by Categories

ACI

AI

Business

Edu

health

homelab

kids

Python

spon

Tech Blogs

Uncategorized

voip

VXLAN

Work Notes

traefik providers

by

jyoung
in

file provider type is for local and remote apps, even VMs that are not related to containers.

docker provider type is for local apps ONLY, as it will read through API everything on the right side of the mappings, e.g. port 80:10000, i.e. only the container side. So for example when the external apps are hosted on 10.0.0.10:10000 and mapped to container internal ip:port 172.16.7.2:80, while traefik is hosted on 192.168.0.17, traefik docker provider can only get the internal part, i.e. 172.16.7.2:80 and reverse proxy this to the client. Obviously this internal IP is inaccessible to any clients, therefore it won’t work. (edit: not only so, the app and trafick has to be on the same bridge network. If they are not, e.g. trafick on trafick_default bridge – 172.16.8.2, and the app on another bridge – 172.16.7.2, then it won’t work still <—I’m trying to figure out how to make this work, the browser would “gateway timeout”)

File and docker provider types are configured under traefik.yml, example from 192.168.0.17:

providers:
  file:
    directory: /etc/traefik/
    filename: config.yml
#  docker:
#    endpoint: "tcp://10.0.0.10:2375"
#    exposedByDefault: false

Note: by default docker is not exposing socket via IP(tcp). To have this work, install a docker-socket-proxy app as a container on the docker host, and configure the permissions. For example, the following compose was installed on vnas server. Be careful, the permission here is wide open, very risky

services:
  dockerproxy:
    image: tecnativa/docker-socket-proxy
    container_name: dockerproxy
    privileged: true
    environment:
      - ALLOW_START=1 #optional
      - ALLOW_STOP=1 #optional
      - ALLOW_RESTARTS=1 #optional
      - AUTH=1 #optional
      - BUILD=1 #optional
      - COMMIT=1 #optional
      - CONFIGS=1 #optional
      - CONTAINERS=1 #optional
      - DISABLE_IPV6=0 #optional
      - DISTRIBUTION=1 #optional
      - EVENTS=1 #optional
      - EXEC=1 #optional
      - IMAGES=1 #optional
      - INFO=1 #optional
      - NETWORKS=1 #optional
      - NODES=1 #optional
      - PING=1 #optional
      - POST=1 #optional
      - PLUGINS=1 #optional
      - SECRETS=1 #optional
      - SERVICES=1 #optional
      - SESSION=1 #optional
      - SWARM=1 #optional
      - SYSTEM=1 #optional
      - TASKS=1 #optional
      - VERSION=1 #optional
      - VOLUMES=1 #optional
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /mnt/pool2/Apps/docker-socket-proxy/config:/config
    ports:
      - 10.0.0.10:2375:2375
    restart: unless-stopped

After this, the socket is accessible via 10.0.0.10:2375. But again, the docker provider type won’t work if traefik is on a different host than the docker host.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *