I’m setting up a docker swarm and try to get working traefik reverse and portainer+agent on docker manager. But the container isnt public available.

I’m new to docker and reverse proxys so i dont tried more than the code showing up.

Starting with:
docker stack deploy -c stack.yml stack0

stack.yml

version: "3.3"
services:
  traefik:
    image: traefik
    command: --docker.swarmmode
    networks:
      - traefik-net
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefikdata:/etc/traefik
    deploy:
      placement:
        constraints: [node.role==manager]

  portainer-agent:
    image: portainer/agent
    environment:
      AGENT_CLISTER_ADDR: tasks.agent
      AGENT_PORT: 9001
      LOG_LEVEL: debug
    ports:
      - target: 9001
        published: 9001
        protocol: tcp
        mode: host
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - portainer-agent_network
      - traefik-net
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == linux]

  portainer:
    image: portainer/portainer
    command: -H tcp://tasks.agent:9001 --tlsskipverify
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./portainerdata:/data"
    networks:
      - portainer-agent_network
      - traefik-net
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.role == manager]
      labels:
        - "traefik.enable=true"
        - "traefik.port=9000"
        - "traefik.docker.network=stack0_traefik-net"
        - "traefik.frontend.rule=Host:portainer.intern.domain.tld"

networks:
  traefik-net:

  portainer-agent_network:
    driver: overlay
    attachable: true

traefikdata/traefik.toml

logLevel = "INFO"
  defaultEntryPoints = ["http", "https"]

[web]
  address = ":8080"

[docker]
  domain = "traefik.intern.domain.tld"
  watch = true
  exposedbydefault = false

 # Force HTTPS
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

 # Let's encrypt configuration
 [acme]
   email="network@techgods.biz"
   storage="/etc/traefik/acme/acme.json"
   entryPoint="https"
   acmeLogging=true
   OnHostRule=true
   [acme.httpChallenge]
     entryPoint = "http"

I expect a running Traefik reverse Proxy, UI reachable over traefik.intern.domain.tld and portainer reachable over portainer.intern.domain.tld

What sense do the published docker-agent ports do, when portainer is configured to access them by tcp://tasks.agent:9001 ?

The declaration “./portainerdata:/data” does only make sense if you have single manager node. Though, it will cause problems once you have more than one manager.

I never added the stack name to traefik label:

traefik.docker.network=stack0_traefik-net

set it to treafik-net instead of stack0_traefik-net

Hi

what does traefik logs give you?
also:
“traefik.docker.network=stack0_traefik-net”
should be: “traefik.docker.network=traefik-net”