New containers accessing volume on preexisting container

I have a ‘master’ container, that should be already running when starting all the others.

In it i have a conf/ directory, that this service is monitoring and applying the relevant changes.

How can i have each new container drop a file in this directory?

real scenario:

given my docker-compose.yml below, i want each service (portainer, whoami, apache) to drop a .yml file in the "./traefik/conf/:/etc/traefik/conf/" path mapping of the traefik service.


version: "3.5"


        image: traefik
        env_file: ./traefik/env
        restart: unless-stopped
            - "80:80"
            - "443:443"
            - "8080:8080"
            - /var/run/docker.sock:/var/run/docker.sock
            - ./traefik/conf/:/etc/traefik/conf/
            - ./traefik/traefik.yml:/etc/traefik/traefik.yml

        image: portainer/portainer
        depends_on: [traefik]
        command: --no-auth -H unix:///var/run/docker.sock
            - /var/run/docker.sock:/var/run/docker.sock

        image: containous/whoami
        depends_on: [traefik]


            entryPoints: [http]
            middlewares: [redirect-to-http]
            service: portainer-preauth@docker
            rule: Host(`portainer.docker.mydomain`)


            entryPoints: [http]
            middlewares: [redirect-to-http]
            service: whoami-preauth@docker
            rule: Host(`whoami.docker.mydomain`)

If they are on host machine, why not just directly copy them to ./traefik/conf/ ?

the thing is i cant have all files in traefik/conf.
this would require manually dropping a file there every time i create a new image.
i believe that every service should be responsible for its own files.
also, when traefik starts and finds files of those other services that haven’t started yet, it logs lots of errors.
to avoid this behavior, i would like to put the file there only when the container is started.

below is is the project file structure.

project file structure

You are trying a complicated setup when a way simpler one is clearly possible.
Traefik is able to dig into docker configuration using its docker provider.

All you have to do is configure traefik to use docker as provider, then for the services you want traefik to forward, you have a set of labels to setup and you’re done.
Here is an example of traefik setup and one for the services. (please note that there’s labels here for traefik 1.7 and 2.1, so all are not needed depending on the verion of traefik you decide to use)

yes, you’re right.
at first i was doing exactly as you said.
see my apache configuration, for example:

    build: php-apache
    depends_on: [traefik]
    env_file: ./php-apache/env
        - "./php-apache/cert/haproxy/:/etc/ssl/haproxy/"
        - "./php-apache/cert/private/:/etc/ssl/private/"
        - "./php-apache/cert/trusted/:/usr/local/share/ca-certificates/"
        - "./php-apache/conf/:/etc/apache2/conf-enabled/"
        - "./php-apache/log/:/var/log/apache2/"
        - "./php-apache/sites/available/:/etc/apache2/sites-available/"
        - "./php-apache/sites/enabled/:/etc/apache2/sites-enabled/"
        - "./php-apache/www/:/var/www/"
        - "traefik.http.routers.apache.entrypoints=http"
        - "traefik.http.routers.apache.priority=1"
        - "traefik.http.routers.apache.rule=HostRegexp(`{catchall:.*}`)"
        - "traefik.http.routers.apache.service=apache@docker"
        - ""

        - "traefik.tcp.routers.apache.entrypoints=https"
        - "traefik.tcp.routers.apache.rule=HostSNI(`*`)"
        - "traefik.tcp.routers.apache.service=apache@docker"
        - "traefik.tcp.routers.apache.tls.passthrough=true"
        - ""

but then the docker-compose.yml file started to get too big and hard to maintain (i have other services in there not shown here).

thats when i came with the idea of cleaning up this file and every service dropping its own config into traefik directory.

very clean solution, but hard to achieve at my current docker knowledge.

IMHO it’s not that clean, would be hard to maintain and prone to errors/problems.

The idea is to have a compose file per application. So one for traefik, one for portainer, one for… In the end, you should have only a few services (never got over 6 services in a compose file myself).

Beside, let traefik manage the SSL encryption. It does it pretty well. Have a look at the demo configuration I shared you earlier. It has a route that re-route http to https. and while the user is forced to use https, traefik connect to the application using http and does the encryption for us. In your apache example, that would cut the number of labels by 2 and remove 3 volumes lines.
Since you build an image dedicated for your usage here, I would suggest to put the configuration in the container image. This would remove 3 more volumes lines. You might want (probably should) to put the application in there too.
Finally, apache logs should get to the containers logs (and be readable using docker logs <container ID>).
Once there, the compose file will be clearly manageable.

Try to keep to the simplest solutions :wink: