Docker Swarm and Traefik Issue

General
1

OS: AWS - RHEL 8
Docker engine: 18.09.1

Hello,

I am having major issues getting my backend swarm workers to populate in the Treafik GUI - Traefik just doesnt see them for some reason and I dont know why.

I have:
– dropped all security groups on the AWS instances to ensure nothing is blocking
– browsed /var/lib/docker/volumes/XXXXX/_data and can see the mounted NFS share functioning as expected on both the leader and worker
– SSHd to a worker node and verified that it is on the same IP range as the Traefik backend instance using docker > network > inspect
– I can ping between all nodes without issue and can see them in docker node ls

Is there something obvious on my .yaml files?

TRAEFIK.YAML

version: '3.5'
services:
  traefik:
    image: traefik:v1.7.15
    command: --docker.domain=XXXXXXXXX.com --acme.email=me@XXXXXXXXX.com 
    networks:
      - proxylan
      - default
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.toml:/traefik.toml
      - ./acme.json:/acme.json
      - ./basic_auth:/basic_auth
    deploy:
      labels:
        traefik.enable: "true"
        traefik.port: 8080
        traefik.backend: "traefik"
        traefik.frontend.rule: "Host:traefik.XXXXXXXXXX.com"
        traefik.frontend.auth.basic.usersFile: "/basic_auth"
        traefik.docker.network: "proxylan"
    restart: unless-stopped   
networks:
  proxylan:
    name: proxylan
    external: true

HEIMDALL.YAML - worker task that should appear in Traefik GUI

version: "3.5"
volumes:
  data:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.100.87,nolock,soft,rw"
      device: ":/mnt/data/heimdall"
services:
  software:
    restart: always
    image: linuxserver/heimdall
    container_name: heimdall
    networks:
      - proxylan
      - default
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - data:/config
    deploy:
      labels:
        - traefik.enable="true"
        - traefik.frontend.rule="Host:home.XXXXXXXXXX.com"
        - traefik.frontend.passHostHeader=true"
        - traefik.frontend.headers.SSLRedirect="true"
        - traefik.docker.network="proxylan"
      placement:
        constraints:
          - node.role == worker
      replicas: 1
networks:
  proxylan:
    name: proxylan
    external: true

TRAEFIK.TOML

defaultEntryPoints = ["http", "https"]

logLevel = "INFO"

 [entryPoints]
   [entryPoints.http]
   address = ":80"
    [entryPoints.http.redirect]
     entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[acme]
storage = "acme.json"
 entryPoint = "https"
onDemand = false
onHostRule = true
  [acme.httpChallenge]
   entryPoint = "http"

 [api]

 [ping]
 entryPoint = "https"

[docker]
 endpoint = "unix:///var/run/docker.sock"  
 swarmmode=true
 exposedByDefault=true
 watch=true

Thank you in advance - I have been looking at this for two weeks non-stop. Files may be a little messy from troubleshooting.

2

I asume your problem is that traefik does not provide port detection for Swarm Mode. Even for normal Docker mode, it generally fails if the used image exposes anything else than exactly one single port

Required deployment labels for Swarm mode deployments:
traefik.frontend.rule
traefik.port - Without this the debug logs will show this service is deliberately filtered out.
traefik.docker.network - Without this a 504 may occur.

(see: https://docs.traefik.io/v1.7/configuration/backends/docker/#using-docker-with-swarm-mode)

Are you aware that traefik 2.1 is available already? Though, it lacks the ability to store the configuration and generated letsencrypt certificates in a kv-store. Hence, there is no real cluster-mode available anymore.

3

Thank you - you are a genius! I followed that page you referenced but didn’t realise it needed be done on containers other than Traefik. I added the required deployment labels for Swarm mode deployments to the yaml’s of the services I wanted to push on the swarm, corrected my formatting in the heimdall.yaml labels to key:“value” and it’s working.

My plan was to move to 2.1 once I had things working, I read on Reddit that it took a small amount of time to convert your Traefik yamls.

Merry Christmas - thank you for your assistance, I have been looking at this non-stop for two weeks.

1 Like