containous / traefik-library-image Goto Github PK
View Code? Open in Web Editor NEWARCHIVED
Home Page: https://github.com/traefik/traefik-library-image
License: Apache License 2.0
ARCHIVED
Home Page: https://github.com/traefik/traefik-library-image
License: Apache License 2.0
I am getting flagged for an open CVE when using Traefik Docker images. Anchore is reporting an open CVE with Alpine:3.11 - CVE-2021-36159. It goes away when you update to Alpine:3.14
Hi there,
the Dockerfile requests a volume to be mounted at /tmp. In case no volume is explicitly mounted when the container is started, Docker creates a new volume every time the container is created. Since the documentation does not advice to mount a volume to /tmp, it seems that this volume is not needed. It would be great if someone could confirm that there is no need for the /tmp volume and drop the VOLUME clauses from the Dockerfiles.
Regards,
Fabian
The amd64
image is missing on docker hub for all 1.7.15 version tags.
https://hub.docker.com/_/traefik?tab=tags&page=1&name=1.7.15
looks like #20
When I manually restart the container with docker restart traefik-cont-name
and go to my webpage again it is now served with Traefik's default certificate. How can I prevent this?
I made sure everything is correctly placed in the container through docker exec -it src-api-traefik /bin/ash
and looked into every file. All seems fine.
/etc/traefik/traefik.yaml
:
#
# Providers
#
providers:
docker:
exposedByDefault: false
network: public
watch: true
file:
filename: "/etc/traefik/dynamic-conf.yaml"
watch: true
#
# Entrypoints
#
entryPoints:
web:
address: ":80"
web-secure:
address: ":443"
#
# Traefik API
#
api:
insecure: true
dashboard: true
#
# Logs
#
log:
filePath: "/var/log/traefik/traefik.log"
accessLog:
filePath: "/var/log/traefik/access.log"
Modified version of /etc/traefik/dynamic_conf.yaml
:
http:
routers:
srv-router-http:
entryPoints:
- web
middlewares:
- redirect_https
rule: "Host(`hostname.lcl`)"
service: src-chat
srv-router-https:
entryPoints:
- web-secure
middlewares:
- srv_headers
rule: "Host(`hostname.lcl`)"
service: srv-chat
tls: {}
middlewares:
redirect_https:
redirectScheme:
scheme: https
srv_headers:
headers:
accessControlAllowOrigin:
- https://localhost:8100
services:
srv-chat:
loadBalancer:
servers:
- url: http://docker-network-alias:port
healthCheck:
path: /health
interval: "10s"
timeout: "3s"
tls:
options:
default:
sniStrict: true
minVersion: VersionTLS12
stores:
default:
defaultCertificate:
certFile: /etc/certs/server.crt
keyFile: /etc/certs/server.key
certificates:
- certFile: /etc/certs/server.crt
keyFile: /etc/certs/server.key
Dockerfile
:
FROM traefik:latest
COPY ./config/ /etc/traefik/
COPY ./certs/ /etc/certs/
Modified version of docker-compose.yml
:
version: "3.7"
#
# [ services ]
#
services:
traefik:
image: "srv-api:traefik"
build:
context: ./docker/traefik
container_name: srv-api-traefik
volumes:
- type: bind
source: ./docker/traefik/config
target: /etc/traefik/
- type: bind
source: ./docker/traefik/certs
target: /etc/certs
- type: bind
read_only: true
source: /var/run/docker.sock
target: /var/run/docker.sock
- type: bind
consistency: consistent
source: ./logs/traefik
target: /var/log/traefik
ports:
- "80:80"
- "443:443"
- "8080:8080"
networks:
private:
public:
aliases:
- traefik
#
# [ networks ]
#
networks:
public:
driver: bridge
private:
driver: bridge
I switched Traefik Docker Image version v2.0
à Traefik v2.2
, and suddenly I experienced major anomalies :
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: simpleingressroute
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`saint-nectaire.mycompany.io`) && PathPrefix(`/notls`)
kind: Rule
services:
# Who am i ? I am Saint Nectaire.
- name: whoami
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutetls
namespace: default
spec:
entryPoints:
- websecure
routes:
- match: Host(`bleu-de-laqueuille.mycompany.io`) && PathPrefix(`/tls`)
kind: Rule
services:
- name: whoami
port: 80
tls:
certResolver: default
$ kubectl exec -it pod/traefik-755d59454c-bc7bm -- traefik version
Version: 2.2.1
Codename: chevrotin
Go version: go1.14.2
Built: 2020-04-29T18:02:09Z
OS/Arch: linux/amd64
v2.2.1
Kubernetes service :E0514 23:56:17.638098 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.TLSStore: tlsstores.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "tlsstores" in API group "traefik.containo.us" at the cluster scope
E0514 23:56:17.639364 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.IngressRouteUDP: ingressrouteudps.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "ingressrouteudps" in API group "traefik.containo.us" at the cluster scope
E0514 23:56:18.639500 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.TraefikService: traefikservices.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "traefikservices" in API group "traefik.containo.us" at the cluster scope
E0514 23:56:18.640369 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.TLSStore: tlsstores.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "tlsstores" in API group "traefik.containo.us" at the cluster scope
E0514 23:56:18.641299 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.IngressRouteUDP: ingressrouteudps.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "ingressrouteudps" in API group "traefik.containo.us" at the cluster scope
E0514 23:56:19.641553 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.TraefikService: traefikservices.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "traefikservices" in API group "traefik.containo.us" at the cluster scope
E0514 23:56:19.642222 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.TLSStore: tlsstores.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "tlsstores" in API group "traefik.containo.us" at the cluster scope
E0514 23:56:19.643079 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.IngressRouteUDP: ingressrouteudps.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "ingressrouteudps" in API group "traefik.containo.us" at the cluster scope
E0514 23:56:20.643653 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.TraefikService: traefikservices.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "traefikservices" in API group "traefik.containo.us" at the cluster scope
E0514 23:56:20.644730 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.TLSStore: tlsstores.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "tlsstores" in API group "traefik.containo.us" at the cluster scope
E0514 23:56:20.645312 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.IngressRouteUDP: ingressrouteudps.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "ingressrouteudps" in API group "traefik.containo.us" at the cluster scope
127.0.0.1 - - [14/May/2020:23:56:21 +0000] "GET /api/overview HTTP/1.1" 200 442 "-" "-" 721 "api@internal" "-" 0ms
E0514 23:56:21.645713 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.TraefikService: traefikservices.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "traefikservices" in API group "traefik.containo.us" at the cluster scope
E0514 23:56:21.646170 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.TLSStore: tlsstores.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "tlsstores" in API group "traefik.containo.us" at the cluster scope
E0514 23:56:21.647250 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1alpha1.IngressRouteUDP: ingressrouteudps.traefik.containo.us is forbidden: User "system:serviceaccount:default:traefik-ingress-controller" cannot list resource "ingressrouteudps" in API group "traefik.containo.us" at the cluster scope
127.0.0.1 - - [14/May/2020:23:56:22 +0000] "GET /api/overview HTTP/1.1" 200 442 "-" "-" 722 "api@internal" "-" 0ms
traefik
dashboard (K8S API exposed...?) :It really looks like a Traefik
error itself, but I still want to make sure it is not a docker image level issue. Never the elss, traefik trying to expose the cluser K8S API ...?
waiting for you te tell me ...
Oh , I also give you here what the deployment yaml looks like :
---
kind: Deployment
apiVersion: apps/v1
metadata:
namespace: default
name: traefik
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.2
# image: traefik:v2.0
args:
- --api.insecure
- --accesslog
- --entrypoints.web.Address=:8000
- --entrypoints.websecure.Address=:4443
- --providers.kubernetescrd
- --certificatesresolvers.default.acme.tlschallenge
- [email protected]
- --certificatesresolvers.default.acme.storage=acme.json
# Please note that this is the staging Let's Encrypt server.
# Once you get things working, you should remove that whole line altogether.
- --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
ports:
- name: web
containerPort: 8000
- name: websecure
containerPort: 4443
- name: admin
containerPort: 8080
It would be nice to be able to use the latest (non-stable) built of traefik; Therefore I suggest a tag that is always attached to the very latest non-stable build.
Hi,
I setup two network: frontend and backend into docker-compose.yml
version: '2.3'
networks:
backend:
frontend:
volumes:
varlibldap:
driver: local
etcldapslapdd:
driver: local
varwwwphpldapadmin:
driver: local
services:
traefik:
image: traefik:2.2
networks:
frontend:
ports:
- "80:80"
- "8080:8080"
- "443:443"
command:
- "--api.insecure=true"
- "--accesslog=true"
- "--providers.docker.exposedByDefault=false"
- "--entryPoints.http.address=:80"
- "--entryPoints.https.address=:443"
- "--log.level=DEBUG"
- "--providers.docker"
- "--providers.docker.network=frontend"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ldap:
image: osixia/openldap:1.3.0
hostname: ldap.docker.local
networks:
backend:
environment:
LDAP_ORGANISATION: "ACME Inc."
LDAP_DOMAIN: "corp.acme.com"
LDAP_ADMIN_PASSWORD: "JonSn0w"
LDAP_TLS: 'true'
volumes:
- varlibldap:/var/lib/ldap
- etcldapslapdd:/etc/ldap/slapd.d
phpldapadmin:
image: osixia/phpldapadmin:0.9.0
hostname: phpldapadmin.docker.local
networks:
frontend:
aliases:
- phpldapadmin.docker.local
backend:
environment:
PHPLDAPADMIN_LDAP_HOSTS: ldap
PHPLDAPADMIN_HTTPS: 'false'
volumes:
- varwwwphpldapadmin:/var/www/phpldapadmin
labels:
- "traefik.enable=true"
- "traefik.docker.network=frontend"
# http entrypoint
- "traefik.http.middlewares.phpldapadmin-http2https.redirectscheme.permanent=true"
- "traefik.http.middlewares.phpldapadmin-http2https.redirectscheme.scheme=https"
- "traefik.http.routers.phpldapadmin-http.entryPoints=http"
- "traefik.http.routers.phpldapadmin-http.rule=Host(`phpldapadmin.docker.local`)"
- "traefik.http.routers.phpldapadmin-http.middlewares=phpldapadmin-http2https"
# https entrypoint
- "traefik.http.routers.phpldapadmin-https.entryPoints=https"
- "traefik.http.routers.phpldapadmin-https.rule=Host(`phpldapadmin.docker.local`)"
- "traefik.http.routers.phpldapadmin-https.service=phpldapadmin-https"
- "traefik.http.routers.phpldapadmin-https.tls=true"
- "traefik.http.services.phpldapadmin-https.loadbalancer.passhostheader=true"
- "traefik.http.services.phpldapadmin-https.loadbalancer.server.port=80"
- "traefik.http.services.phpldapadmin-https.loadbalancer.server.scheme=http"
Both traefik and phpldapadmin containers are in the same network as showed below:
❯ docker network inspect ldap_frontend
[
{
"Name": "ldap_frontend",
"Id": "d84a4c4dfaf229bd68b33ec1eee21d43d4f8631cd3aaf6788d37c799e9422d48",
"Created": "2020-03-28T12:32:16.752088842Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.20.0.0/16",
"Gateway": "172.20.0.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"48ad2ff71b46d7c1c8a742366e683eb24d55ad36792c6268fec439296143b267": {
"Name": "ldap_phpldapadmin_1",
"EndpointID": "c288b66d01eccf90f79fef07aaba4874f0f7a3817521a1c86d244ca88a26cb43",
"MacAddress": "02:42:ac:14:00:02",
"IPv4Address": "172.20.0.2/16",
"IPv6Address": ""
},
"df8352145f9307d09579d5745411abc51d786f627aa04ea21ba1d70d4c87fac3": {
"Name": "ldap_traefik_1",
"EndpointID": "458c136de2b4ea35ce0d5fdaa44dbeb26df71efaf82d0eb7ba1ac9e0d4bbc38c",
"MacAddress": "02:42:ac:14:00:03",
"IPv4Address": "172.20.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {
"com.docker.compose.network": "frontend",
"com.docker.compose.project": "ldap",
"com.docker.compose.version": "1.25.4"
}
}
]
❯ docker network inspect ldap_backend
[
{
"Name": "ldap_backend",
"Id": "210404e96a48fae8bc0fc689f834133c619f56d91e0d07511ae59599adc6d199",
"Created": "2020-03-28T12:32:16.795605381Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.21.0.0/16",
"Gateway": "172.21.0.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"48ad2ff71b46d7c1c8a742366e683eb24d55ad36792c6268fec439296143b267": {
"Name": "ldap_phpldapadmin_1",
"EndpointID": "98f3d4a93c01c9ad9db5e1d4eacdf2bdff003a51c314d1bbd74178a0544b67c4",
"MacAddress": "02:42:ac:15:00:03",
"IPv4Address": "172.21.0.3/16",
"IPv6Address": ""
},
"dea2ed5f1185353775d37c762e03812cbbf9ed91162a4be8d3f7b1b65faa7eec": {
"Name": "ldap_ldap_1",
"EndpointID": "195048371e1dbd131cbf2d0c8a6f432feb90228bd981ded04592a862a570cb9e",
"MacAddress": "02:42:ac:15:00:02",
"IPv4Address": "172.21.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {
"com.docker.compose.network": "backend",
"com.docker.compose.project": "ldap",
"com.docker.compose.version": "1.25.4"
}
}
]
When I check traefik logs, I found that traefik use backend network to proxy on phpldapadmin:
traefik_1 | 172.20.0.1 - - [28/Mar/2020:12:32:56 +0000] "GET / HTTP/2.0" 504 15 "-" "-" 1 "phpldapadmin-https@docker" "http://172.21.0.3:80" 30006ms
I have configured traefik to use only the frontend network, so how is it possible that traefik tries to use the backend network?
This problem has been encountered with both version 2.1 and 2.2 of traefik.
Building fails with "Build failed: Dockerfile not found at ./Dockerfile". Problem appeared after v1.4.0-rc1 https://hub.docker.com/r/containous/traefik/builds/
I would like to use the new feature of 301 redirects for HTTP to HTTPS redirections.
However, it looks like the feature is added to the v1.6 milestone. The Docker image currently uses v1.5.4 and does not have it. Is there any chance we can build a Docker image using the 'master' branch?
Thanks.
These images don't seem to be compatible with Server 2019, presumably because they are based on Server 2016:
traefik nanoserver 353cb508ac13 2 weeks ago 1.24GB
traefik v1.7.6-nanoserver-sac2016 353cb508ac13 2 weeks ago 1.24GB
Trying to run either of these images on Windows Server 2019, and I get:
C:\Program Files\Docker\docker.exe: Error response from daemon: CreateComputeSystem a23f4b47a46a902c1690906ca7e33dd4e868804ec1932d86d0a12f72bbc83b34: The container operating system does not match the host operating system.
(extra info: {
"SystemType": "Container",
"Name": "a23f4b47a46a902c1690906ca7e33dd4e868804ec1932d86d0a12f72bbc83b34",
"Owner": "docker",
"VolumePath": "\\\\?\\Volume{c7e8345b-0263-4414-ab90-07731f30fce0}",
"IgnoreFlushesDuringBoot": true,
"LayerFolderPath": "C:\\ProgramData\\docker\\windowsfilter\\a23f4b47a46a902c1690906ca7e33dd4e868804ec1932d86d0a12f72bbc83b34",
"Layers": [
{
"ID": "ce56e41a-b3a1-568d-95bd-561cb8d22679",
"Path": "C:\\ProgramData\\docker\\windowsfilter\\0ad821e002431021d9419398ca2fce0f5b65f6b6f5243cf01e18b3e5af338097"
},
{
"ID": "b9ba4f2b-8464-56b0-bb12-d91ed53c812c",
"Path": "C:\\ProgramData\\docker\\windowsfilter\\9a25a52f638e01349af3452555e7bb6e9b4cf769d2dc5aef0eaa2ce231fcddd8"
},
{
"ID": "1bc1fd4a-a21f-5099-a36b-53e255746556",
"Path": "C:\\ProgramData\\docker\\windowsfilter\\d3c02c2cc7053432c6b9cd368a774fcabd3aa34ae766bbf72b536123063c9707"
},
{
"ID": "f34ac827-af1d-590e-ae68-1da3d2f914a6",
"Path": "C:\\ProgramData\\docker\\windowsfilter\\84f264e447c50812749efcd090cbe78daccba73e718feab4b2298f759677cfad"
},
{
"ID": "eb18cb63-9d38-5b03-b34a-b728e15ba854",
"Path": "C:\\ProgramData\\docker\\windowsfilter\\4cfc7b4b0f0d5d079c6a015ef7c874d782df91c5a16e3a9a6aafe098f84d0f89"
},
{
"ID": "b543f2a2-5299-5578-bd3c-98c3bbac9106",
"Path": "C:\\ProgramData\\docker\\windowsfilter\\a2402de0be1e905f4868994126df284de50f20db90022630851197872010465d"
}
],
"HostName": "a23f4b47a46a",
"MappedDirectories": [
{
"HostPath": "c:\\etc\\traefik",
"ContainerPath": "c:\\etc\\traefik",
"ReadOnly": false,
"BandwidthMaximum": 0,
"IOPSMaximum": 0,
"CreateInUtilityVM": false
}
],
"HvPartition": false,
"EndpointList": [
"BDDEE7DD-7E3F-4BCA-AA85-EE4B8DA8A1CB"
],
"AllowUnqualifiedDNSQuery": true
}).
On our test rig we noticed that Traefik 1.4.2 becomes stuck in Pending state because "no suitable node (scheduling constraints not satisfied on 3 nodes; unsupported platform on 3 nodes)" even though its constraints are identical to other, successfully deployable services.
I'm happy to debug this further for you as I don't know if you can reproduce the issue or need any further information.
As it is we had to pin our images to version 1.4.1 as Traefik 1.4.2 wouldn't start at all.
I have a Kubernetes cluster with traffic app installed. I can't log into container from host.
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
10cfcdca52d9 traefik "/traefik" About an hour ago Up About an hour k8s_mytraffic_mytraffic-7bdc7b7b9d-65m8q_default_acbbab56-49f7-11e8-a9bc-fa163e771c4c_0
# docker exec -ti 10cfcdca52d9 bash
OCI runtime exec failed: exec failed: container_linux.go:296: starting container process caused "exec: \"bash\": executable file not found in $PATH": unknown
# docker exec -ti 10cfcdca52d9 /bin/bash
OCI runtime exec failed: exec failed: container_linux.go:296: starting container process caused "exec: \"/bin/bash\": stat /bin/bash: no such file or directory": unknown
Host is fedora 27, Kubernetes is 1.10.
I use Rancher to manage the cluster, and when using the Rancher web UI to open a shell inside container, the shell windows open then quickly closes.
I'm sorry for posting it here, I'm sure it's not an issue but I'm doing something wrong but I'm quite desperate.
I have a django app and want to load static files by nginx. But somehow the routing refuses to go to nginx for anything. nginx shows 0 logs of activity, as if traefik is not talking to that service.
Here's my code:
web-nginx.yml:
services:
web:
#build: ./web
image: web:production
command: gunicorn web.wsgi:application --bind 0.0.0.0:8000
volumes:
- static_volume:/usr/src/app/static
ports:
- "8000:8000"
networks:
- traefik-public
env_file:
- .env
#depends_on:
# - migration_and_static
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.web.rule=Host(`example`)"
- "traefik.http.routers.web.entrypoints=websecure"
- "traefik.http.routers.static.priority=1"
- "traefik.http.routers.web.tls.certresolver=letsencryptresolver"
- "traefik.http.services.web.loadbalancer.server.port=8000"
update_config:
delay: 10s
static:
image: nginx
volumes:
- static_volume:/usr/share/nginx/html:ro
networks:
- traefik-public
labels:
- "traefik.enable=true"
- "traefik.http.routers.static.rule=Host(`example.com`) && PathPrefix(`/static`)"
- "traefik.http.routers.static.entrypoints=websecure"
- "traefik.http.routers.static.service=static"
- "traefik.http.routers.static.priority=200"
- "traefik.http.routers.static.tls.certresolver=letsencryptresolver"
- "traefik.http.services.static.loadbalancer.server.port=8080"
- "traefik.http.middlewares.static-stripprefix.stripprefix.prefixes=/static"
# Match on the hostname and the path
# - traefik.enable=true
# - traefik.http.routers.static.rule=(Host(`example.com`) && Path(`/static`))
# - traefik.http.routers.static.tls=true
# - traefik.http.routers.static.tls.certresolver=le
# - traefik.http.services.static.loadbalancer.server.port=80
# # Define a new middleware to strip the URL prefix before sending it to static-files
# - traefik.http.middlewares.static-stripprefix.stripprefix.prefixes=/static
# tell Traefik which middlewares we want to use on this container
# - traefik.http.routers.static.middlewares=gzip@docker,static-stripprefix@docker
#depends_on:
# - web
volumes:
static_volume:
networks:
traefik-public:
external: true
traefik.yml:
services:
reverse-proxy:
image: traefik:v2.2.0
command:
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=traefik-public"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencryptresolver.acme.email=myemail@example.com"
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
ports:
- 80:80
- 443:443
volumes:
- traefik-certificates:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- traefik-public
deploy:
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.services.static-http.loadbalancer.server.port=443"
volumes:
traefik-certificates:
networks:
traefik-public:
external: true
Sorry once again, don't know where else to go
Thanks!
Sam
I am building a wrapper image arround the official traefik release. While the amd64 build works as usual ( and has been working for months, same as the arm builds ) with 1.7.14 the arm build is failing:
docker build -t eugenmayer/traefik:arm64 . -f Dockerfile_arm64
Sending build context to Docker daemon 167.4kB
Step 1/10 : FROM arm64v8/traefik:1.7-alpine
---> 0d3f272be5ec
Step 2/10 : MAINTAINER Eugen Mayer <[email protected]>
---> Using cache
---> 324742637052
Step 3/10 : ADD bin/ /usr/local/bin/
---> Using cache
---> 3c7c9f1ed01b
Step 4/10 : ADD configuration-entrypoint.sh /configuration-entrypoint.sh
---> Using cache
---> 706c9d9872c6
Step 5/10 : RUN mkdir -p /etc/traefik /mnt/acme /mnt/filestorage /mnt/certs /usr/local/bin /etc/tiller && apk --update add bash ruby openssl && chmod +x /usr/local/bin/*.sh /configuration-entrypoint.sh && gem install tiller json_pure --no-ri
---> Running in 346b74d091c1
standard_init_linux.go:211: exec user process caused "exec format error"
The command '/bin/sh -c mkdir -p /etc/traefik /mnt/acme /mnt/filestorage /mnt/certs /usr/local/bin /etc/tiller && apk --update add bash ruby openssl && chmod +x /usr/local/bin/*.sh /configuration-entrypoint.sh && gem install tiller json_pure --no-ri' returned a non-zero code: 1
https://github.com/EugenMayer/docker-image-traefik/blob/master/Dockerfile_arm64
What has been changed from 1.7.13 to 1.7.14 concerning the image itself? i have seen that go has been upgraded, but that should not break the gem installation of a ruby gem i would say.
The same gem installs just find in the amd64 build with 1.7.14
https://github.com/EugenMayer/docker-image-traefik/blob/master/Dockerfile
Thanks!
Hello,
I'm having problems to forward requests when container has more than one network.
In the docker-compose file, I create 2 networks: frontend for apps and backend for database. The container that is causing me problems is the dspace that has the 2 networks. When I leave only the frontend network the routing of the traefik works.
I've tried using the options "providers.docker.network=frontend" and "traefik.docker.network=frontend" but still don't work.
It looks like my Traefik linux container was updated today and since then my external connectivity is broken and the logs and this same error repeated over and over.
2019/09/17 04:18:32 command traefik error: field not found, node: address
I have checked with a friend with the same setup and he is getting the same issue. I am running the traefik:latest image on docker on Ubuntu 18.04.
Installed the latest version and was met with the error:
("OCI runtime create failed: container_linux.go:345: starting container process caused "exec: "/traefik": stat /traefik: no such file or directory": unknown")
I do not exactly know what that means but going back to 1.7 fixed the issue.
I can't pull the scratch/amd64 images (at least 1.4) because there is no matching manifest for linux/amd64? The alpine image seems to work just fine.
haster@schootbak3:~
$ docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik
Unable to find image 'traefik:latest' locally
latest: Pulling from library/traefik
docker: no matching manifest for linux/amd64 in the manifest list entries.
See 'docker run --help'.
haster@schootbak3:~
$ docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v1.4.2
Unable to find image 'traefik:v1.4.2' locally
v1.4.2: Pulling from library/traefik
docker: no matching manifest for linux/amd64 in the manifest list entries.
See 'docker run --help'.
haster@schootbak3:~
$ docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v1.4
Unable to find image 'traefik:v1.4' locally
v1.4: Pulling from library/traefik
docker: no matching manifest for linux/amd64 in the manifest list entries.
See 'docker run --help'.
haster@schootbak3:~
$ docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v1.4-alpine
Unable to find image 'traefik:v1.4-alpine' locally
v1.4-alpine: Pulling from library/traefik
b56ae66c2937: Pull complete
622747cc946a: Pull complete
38ac1701549a: Pull complete
625397284ae3: Pull complete
Digest: sha256:6557adf3f4e3ec101f59f1d419f69ab22bf56b02bc6c14750461bc8818061be0
Status: Downloaded newer image for traefik:v1.4-alpine
07ca2b2a83ca03ebef4c5ee108d464b17258a23e2ac5c2069f081c33ce554ea9
Using version: latest docker (2.3.6)
Error I'm getting both when renewing and requesting new:
legolog: [INFO] retry due to: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/authz-v3/REDACTED:: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: "REDACTED", url:
legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/REDACTED
Unable to obtain ACME certificate for domains "REDACTED": unable to generate a certificate for the domains [REDACTED]: error: one or more domains had a problem:\n[REDACTED] time limit exceeded: last error: NS ns-1153.awsdns-16.org. returned REFUSED for _acme-challenge.REDACTED.\n" rule="Host(REDACTED
)" providerName=default.acme routerName=server@docker
Configuration:
[certificatesResolvers]
[certificatesResolvers.default]
[certificatesResolvers.default.acme]
email = "REDACTED"
storage = "/etc/traefik/acme/acme.json"
[certificatesResolvers.default.acme.dnsChallenge]
provider = "route53"
delayBeforeCheck = "3m"
resolvers = ["192.168.3.1:53"]
I want use tmp disk in memory (tmpfs).
What max size can be for this tmp disk? and what will happen if out free space?
Hi,
I'm getting errors like these:
time="2020-05-11T05:43:37Z" level=error msg="open /tmp/temp-multibuf-419673259: read-only file system"
time="2020-05-11T05:48:25Z" level=error msg="vulcand/oxy/buffer: error when reading request body, err: open /tmp/temp-multibuf-063517198: read-only file system"
Based on this issue: #45, the problem is that the image does not have a writeable /tmp directory.
For scratch, it was fixed here: #40
Pls fix this in the alpine image too.
Support for ppc64le architecure in official Docker image.
I get this when trying to upgrade, it seems like v2.5.0 is not available, 2.5 seems to be though
❯ dcup -d --build
Pulling traefik (traefik:v2.5.0)...
v2.5.0: Pulling from library/traefik
ERROR: no matching manifest for linux/amd64 in the manifest list entries
This repository is huge and trigges some quota warnings on GitHub. Since the official images library does not support multi stage builds, you may consider a similar approach like the busybox image and using a builder Dockerfile.
It would be much simpler to just use ADD
instead of COPY
(see #46), but this method does not provide any integrity checks and there is currently no way to make the binary executable on unix hosts (see moby/moby#34819).
I wanted to switch from the v1.2.3 docker image to the v1.2.3-alpine image.
Unfortunately I am unable to start the container with the alpine image.
The container quits with the following error:
Error parsing command: pflag: help requested
Please note that traefik works fine when switching back to v1.2.3.
I'm running traefik in docker, setup to talk with docker, and if I restart the traefik container the other containers show up. But it won't do it automatically.
Here is my docker-compose for traefik
##################################################
traefik:
image: traefik
restart: always
ports:
- 80:80
- 443:443
networks:
- home
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik/traefik.toml:/etc/traefik/traefik.toml
- ./traefik/acme.json:/acme.json
container_name: traefik
labels:
- traefik.port=8080
- traefik.frontend.rule=Host:traefik.
#################################################
and here is my traefik.toml
############################################
logLevel = "ERROR"
checkNewVersion = true
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[acme]
email = "************"
storageFile = "acme.json"
entryPoint = "https"
onHostRule = true
[acem.httpChallenge]
entryPoint = "http"
[File]
filename = "rules.toml"
watch = true
[api]
address = ":8080"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "local.local"
watch = true
exposedByDefault = true
###########################################
you should not run traefik as root in the docker image.
Hellu
Is it possible to route RTSP traffic using traefik somehow?
e.g.
[entryPoints]
[entryPoints.rtsp]
address = ":4231"
[file]
watch = true
[frontends]
[frontends.cam-1]
entryPoints = ["rtsp"]
backend = "cam-1"
passHostHeader = true
[frontends.cam-1.routes.root]
rule = "Host:cam-1.tempuri.org"
[backends]
[backends.cam-1]
[backends.cam-1.loadbalancer.stickiness]
[backends.cam-1.servers]
[backends.cam-1.servers.root]
url = "rtsp://myuser:[email protected]:4231/cam/realmonitor?channel=1&subtype=0"
Upgrade to 1.4.2 is failing on amd64 because of a missing manifest. This seems to be the root cause of #21
$ docker pull traefik:1.4.2
1.4.2: Pulling from library/traefik
no matching manifest for linux/amd64 in the manifest list entries
manifest-tool $ ./manifest-tool inspect traefik:1.4.2
Name: traefik:1.4.2 (Type: application/vnd.docker.distribution.manifest.list.v2+json)
Digest: sha256:e9dcd8b3b0ded78d1edca42d087650c06a1d742092fe99d67ffb6a201c69ea45
* Contains 2 manifest references:
1 Mfst Type: application/vnd.docker.distribution.manifest.v2+json
1 Digest: sha256:1a1e91dc981bc6e5e232f6f24f3556be40ddd4fd1327e32b1e06b677d9d38a5c
1 Mfst Length: 739
1 Platform:
1 - OS: linux
1 - OS Vers:
1 - OS Feat: []
1 - Arch: arm
1 - Variant: v6
1 - Feature:
1 # Layers: 2
layer 1: digest = sha256:8996ab8c9ae2c6afe7d318a3784c7ba1b1b72d4ae14cf515d4c1490aae91cab0
layer 2: digest = sha256:ff8e8638d34c45934d48d89851bad4920602c02375f8b174b76507e20813491c
2 Mfst Type: application/vnd.docker.distribution.manifest.v2+json
2 Digest: sha256:a4261837e99952784cc4b4fc27396f062f7ebb202dae4966eb764b5d93f97654
2 Mfst Length: 739
2 Platform:
2 - OS: linux
2 - OS Vers:
2 - OS Feat: []
2 - Arch: arm64
2 - Variant: v8
2 - Feature:
2 # Layers: 2
layer 1: digest = sha256:78fe135ba97a13abc86dbe373975f0d0712d8aa6e540e09824b715a55d7e2ed3
layer 2: digest = sha256:4aa5c73b733a0118e0ff1c0038a0892383d7a330471c5c5849c013a7263a801b
It'd be awesome if you could set this up as an automated build on Docker Hub, so that any time you push with a new version, Docker Hub will automatically build the container for you, and we can always have the latest updates! :)
I'd hate to have to build my own container just to get incremental updates.
Just tried pulling traefik:latest and traefik:1.4.2 and received the title response. Anyone else experience this issue?
docker pull traefik:v1.5.4
v1.5.4: Pulling from library/traefik
no matching manifest for linux/amd64 in the manifest list entries
but
docker pull traefik:v1.5.3
v1.5.3: Pulling from library/traefik
5d3835484afe: Pull complete
0feefa6e9e49: Pull complete
Digest: sha256:d277007b55a8a8d972b1983ef11387d05f719821a2d2e23e8fa06ac5081a302f
Status: Downloaded newer image for traefik:v1.5.3
The amd64 variants are missing on dockerhub for v2.3.6.
There's no docker image for latest
tag based on alpine. Alpine has version/release based images but not a tag for latest release. I'm thinking on latest-alpine
or simple alpine
tag.
Is possible, or is on your routemap, to create this build?
Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.