Reputation: 3221
Traefik/Docker: Using ports as a frontend rule (rather than paths or subdomains)
I'm using docker-compose to setup Traefik as a reverse proxy for a couple services running in Docker containers. I've got it working, but what I'd like to do & am unsure how, is configure it so that each backend is accessed via a different frontend https port (rather than a different subdomain or path prefix).
Here's my docker-compose file for Traefik & the first service:
version: '3.2'
services:
traefik:
image: traefik:1.6-alpine
container_name: traefik
command:
- --logLevel=INFO
- --defaultentrypoints=http,https
- --entryPoints=Name:http Address::5099 Redirect.EntryPoint:https
- --entryPoints=Name:https Address::5098 TLS:/cert/certificate.crt,/cert/private.key
- --docker
- --docker.exposedbydefault=false
- --docker.domain=example.com
ports:
- target: 5099
published: 5099
protocol: tcp
mode: host
- target: 5098
published: 5098
protocol: tcp
mode: host
volumes:
- ./cert:/cert
- /var/run/docker.sock:/var/run/docker.sock
restart: always
firefox-syncserver:
image: crazymax/firefox-syncserver:latest
container_name: traefik-firefoxsync
volumes:
- ./firefoxsync:/data
labels:
- traefik.enable=true
- traefik.backend=firefox-syncserver
- traefik.port=5000
- traefik.frontend.rule=Host:example.com
environment:
- <...config for firefoxsync...>
restart: always
With this, I can access the service via https://example.com:5098, & all is good. Now let's try to add a second service:
traefik-manictime:
image: manictime/manictimeserver:latest
container_name: traefik-manictime
volumes:
- ./manictime:/app/Data
labels:
- traefik.enable=true
- traefik.backend=manictime
- traefik.port=8080
- traefik.frontend.rule=PathPrefix:/manictime
restart: always
This is accessible via https://example.com:5098/manictime. However, the problem is that the service itself cannot run in a virtual dir (aka it needs to be in the top level of its domain - no /manictime subdir). While I know I could use subdomains rather than path prefixes to differentiate the services, I would much prefer to use ports instead (one reason among several is that I'm hosting this on a NAS at home, which is not a static IP, so I’m using DDNS to keep the top-level domain pointed in the right place; it's a hassle to have to do this for each & every subdomain).
So the question is: can I somehow configure Traefik so that i.e.
https://example.com:5098 -> https frontend to service 1
https://example.com:6000 -> https frontend to service 2
?
Upvotes: 1
Views: 2856
Answers (1)
Reputation: 234
You need to create a new TLS entrypoint on the new port, and either add the new entrypoint to the default list (if you want all TLS services available on the new port), or manually add the new entrypoint to service 2 using the traefik.frontend.entryPoints label.
Upvotes: 1
Related Questions
- Traefik configuration inside docker-compose with subdomains
- traefik - expose secondary internal port via new subdomain
- Apache2 reverse proxy to Traefik with Docker
- Traefik v2 reverse proxy to a local server outside Docker
- Simple reverse-proxy configuration with Traefik and docker-compose
- How to map specific port inside docker container when using traefik?
- Getting a Dockerised site to run behind Traefik reverse proxy
- traefik not respecting frontend rule
- Reverse-proxy microservices with Docker and Traefik
- traefik reverse-proxy with docker backend - configure frontend rules in traefik's config file and not via container label