Docker Community Forums

Share and learn in the Docker community.

Traefik not rooting flow to MariaDB and phpMyadmin (with MACVLAN)

Hello,

I’m trying to get MariaDB and phpMyadmin one the same fixed IP address.
I have written this compose stack to get Traefik a fixed address on my network, which works great thanks to the MACVLAN trick you point me to yesterday.
When I do a nmap to this host, I can see the three open ports (80, 8080 and 3306) and I can connect to the Traeffic dashboard on port 8080.
From Portainer, I can see the 3 containers do have an ip address in the container (176.xxx) network.

My problem is Traefik do not route exposed port 80 to phpMyadmin nor port 3306 to MariaDB.
When connecting to port 80, I always get “404 page not found” message (it’s not an 404 error message, the page actually contains html content with the text message), wether the phpMyadmin container is started or no.
I have not setup a personalized traefic config file.

Do you know what I’m missing to get this routing done?
Thanks

version: '3.2'

services:
  traefik:
    image: 'traefik'
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--entrypoints.phpmyadmin.address=:80"
      - "--entrypoints.mariadb.address=:3306"
    networks:
      lan:
          ipv4_address: 192.168.1.75
      dbnet:
    ports:
      - "80:80"
      - "3306:3306"
      - "8080:8080"

  phpmyadmin:
    image: phpmyadmin/phpmyadmin:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.phpmyadmin.rule=HostSNI(`*`)"
      - "traefik.http.services.phpmyadmin.loadbalancer.server.port=80"
      - "traefik.http.routers.phpmyadmin.entrypoints=phpmyadmin"
    restart: unless-stopped
    networks:
      - dbnet
    environment:
      PMA_HOST: mariadb
      PMA_USER: root
      PMA_PASSWORD: test

    
  mariadb:
    image: mariadb:latest
    labels:
      - "traefik.enable=true"
      - "traefik.tcp.routers.mariadb.rule=HostSNI(`*`)"
      - "traefik.tcp.services.mariadb.loadbalancer.server.port=3306"
      - "traefik.tcp.routers.mariadb.entrypoints=mariadb"
    networks:
      - dbnet
    volumes:
      - mariadb-data:/var/lib/mysql
      - mariadb-conf:/etc/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=root
      - MYSQL_DATABASE=test
      - MYSQL_USER=test
      - MYSQL_PASSWORD=test

volumes:
  mariadb-data:
  mariadb-conf:

networks:
  dbnet:
  lan:
    external: true

You mangaged to find one of my personal blind spots: a traefik2 reverse proxy container + target containers all using a macvlan.

I am not going to ask why this setup makes sense from the perspective.
As I still use Treafik 1.7 in my existing swarm environment, and my kubernetes environment does not realy require Treafik, I have zero tendencies on magrating my swarm stack from Trafik 1.7 to Traefik 2.x. Thus said, I can’t help you with the 2.0 rules.

But I can comment on two obersveration:

  • I am not sure how SNI is supposed to work outside a TLS context - and it realy just makes sense when tcp/ passthrough of tls encrypted traffic (sometimes refered to as tls passthrough) takes place.
  • Traefik by default does layer7 http reverse proxying, which applies to phpmyadmin, but definitly does not to mariadb, which requires tcp passthrough

Did you ever check the dashboard and see if the entrpoints are even conntected with the services?

Offtopic: @avbentem Thank you for having css fixed!!! :slight_smile:

1 Like

Hi @meyay
I’m just wanting to choose the IP address for my new MariaDB server and have Maria and phpMyadmin running on same server to save 1 IP address and group these services together. If you know a better way of doing so, that would be great! (without kubernetes. I tried it, but to much an overkill for my needs, although now I’m more familiar with docker I may find it easier to play with)

I’m not planning on really using SNI. Removing this does entry does not help.
Since then I adapted config to add a volume pointing to my docker.sock (same result, maybe it result in similar config depite being declared differently).

But you are right, in the dashboard, my 2 containers are not listed, neither in HTTP (for phpMyadmin) nor TCP (for MariaDB), seems I’m missing something in my config :angry: (why is there no good howto!!)

How do the service labels describe that the dbnet network should be used to wire traefik and the target services together? You rules look incomplete.

I am not the right one to help you here: I simply never migrated to Treafik2 rules and don’t plan to do so, as it realy has no relevance for me (which would be different if it would bring something new to the table when used with k8s… whixh it doesn’t).

The shared docker file looks so odd to me that I can’t even tell how to fix it. I wrote in the other thread how I use it - and I wouldn’t use it any different than described there.

Yes, I understand. Thanks for your help.

Looks like it manager to find it’s way with the correct network.

I’m getting a bit closer, I now have the service detected, same for HTTP router. But not working yet. Looks like I’m still missing the HTTP middleware as I have no entry in there (don’t even know if I need one…).

I’ll post the answer if I finally make it work.

OK, got HTTP routing to work.
TCP remaining.

OK, this works. Some parts can be removed, but I’ll keep as-is.
I have to force these two entries to make it work…

- "traefik.http.routers.phpmyadmin.rule=ClientIP(`192.168.1.0/24`, `::1`)"
- "traefik.tcp.routers.mariadb.rule=HostSNI(`*`)"

For the records:

version: '3.2'

services:
  traefik:
    image: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.phpmyadmin.address=:80"
      - "--entrypoints.mariadb.address=:3306"
    labels:
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.entrypoints=phpmyadmin"
      - "traefik.tcp.routers.api.entrypoints=mariadb"
    networks:
      lan:
          ipv4_address: 192.168.1.75
      dbnet:
    ports:
      - "80:80"
      - "3306:3306"
      - "8080:8080"
    volumes:
      - "/run/docker.sock:/run/docker.sock:ro"

  phpmyadmin:
    image: phpmyadmin/phpmyadmin:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.phpmyadmin.entrypoints=phpmyadmin"
      - "traefik.http.services.phpmyadmin.loadbalancer.server.port=80"
      - "traefik.http.routers.phpmyadmin.rule=ClientIP(`192.168.1.0/24`, `::1`)"
    restart: unless-stopped
    networks:
      - dbnet
    expose:
      - "80"
    environment:
      PMA_HOST: mariadb
    
  mariadb:
    image: mariadb:latest
    labels:
      - "traefik.enable=true"
      - "traefik.tcp.services.mariadb.loadbalancer.server.port=3306"
      - "traefik.tcp.routers.mariadb.entrypoints=mariadb"
      - "traefik.tcp.routers.mariadb.rule=HostSNI(`*`)"

    networks:
      - dbnet
    expose:
      - "3306"
    volumes:
      - mariadb-data:/var/lib/mysql
      - mariadb-conf:/etc/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=root
      - MYSQL_DATABASE=test
      - MYSQL_USER=test
      - MYSQL_PASSWORD=test

volumes:
  mariadb-data:
  mariadb-conf:

networks:
  dbnet:
  lan:
    external: true