-
-
Save ismailyenigul/0d25f37337bf9b56f537488670121365 to your computer and use it in GitHub Desktop.
| ## Trafik Multi Network Deployment | |
| 1. Create Traefik network | |
| ` # docker network create --driver=bridge --attachable --internal=false traefik ` | |
| 2. Edit `traefik2/docker-compose.yml` | |
| - Change ACME email | |
| - Change --providers.docker.network=traefik value if you created different network then `traefik` | |
| 3. Deploy traefik | |
| `docker-compose -f traefik2/docker-compose.yml up -d` | |
| 4. Edit `nextcloud/docker-compose.yml` | |
| - Change traefik.http.routers.nextcloud.rule Host | |
| - Remove `traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue` and `contentSecurityPolicy` | |
| if you dont need to iframe access from your external website | |
| - Change PostgreSQL environments | |
| - Edit `TRUSTED_PROXIES` with your traefik network address | |
| 5. Deploy nextcloud | |
| `docker-compose -f nextcloud/docker-compose.yml up -d` | |
| $ cat traefik2/docker-compose.yml | |
| # Create network first | |
| # docker network create --driver=bridge --attachable --internal=false traefik | |
| #NOTES: | |
| #1. [email protected] | |
| # cat docker-compose.yml | |
| version: '3.3' | |
| volumes: | |
| letsencrypt: | |
| driver: local | |
| services: | |
| traefik: | |
| image: traefik:v2.2 | |
| container_name: traefik | |
| restart: always | |
| command: | |
| - "--log.level=DEBUG" | |
| - "--api.insecure=true" | |
| - "--providers.docker=true" | |
| - "--providers.docker.network=traefik" | |
| - "--providers.docker.exposedbydefault=true" | |
| - "--entrypoints.web.address=:80" | |
| - "--entrypoints.websecure.address=:443" | |
| - "--entrypoints.web.http.redirections.entryPoint.to=websecure" | |
| - "--entrypoints.web.http.redirections.entryPoint.scheme=https" | |
| - "--certificatesresolvers.myresolver.acme.httpchallenge=true" | |
| - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" | |
| - "[email protected]" | |
| - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" | |
| ports: | |
| - 80:80 | |
| - 443:443 | |
| networks: | |
| - default | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - letsencrypt:/letsencrypt | |
| networks: | |
| default: | |
| external: | |
| name: traefik | |
| $ cat nextcloud/docker-compose.yml | |
| # Create netxcloud network first | |
| # docker network create nextcloud | |
| #NOTES: | |
| #1. [email protected] | |
| #2. TRUSTED_PROXIES values based on your 'traefik docker network run docker network inspect traefik' to see the network | |
| #3. remove traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy and | |
| #traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue if you don't want to allow iframe your domain | |
| version: '3.3' | |
| volumes: | |
| nextcloud-www: | |
| driver: local | |
| nextcloud-db: | |
| driver: local | |
| redis: | |
| driver: local | |
| services: | |
| db: | |
| restart: always | |
| image: postgres:11 | |
| networks: | |
| - nextcloud | |
| environment: | |
| - POSTGRES_USER=nextcloud | |
| - POSTGRES_PASSWORD=password | |
| - POSTGRES_DB=nextcloud | |
| volumes: | |
| - nextcloud-db:/var/lib/postgresql/data | |
| redis: | |
| image: redis:latest | |
| restart: always | |
| networks: | |
| - nextcloud | |
| volumes: | |
| - redis:/var/lib/redis | |
| nextcloud: | |
| image: nextcloud:latest | |
| restart: always | |
| networks: | |
| - default | |
| - nextcloud | |
| depends_on: | |
| - redis | |
| - db | |
| labels: | |
| - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect | |
| - traefik.http.routers.nextcloud.tls.certresolver=myresolver | |
| - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`) | |
| - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com | |
| - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' mydomain.com *.mydomain.net | |
| - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011 | |
| - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true | |
| - traefik.http.middlewares.nextcloud.headers.stsPreload=true | |
| - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav | |
| - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/ | |
| environment: | |
| - POSTGRES_DB=nextcloud | |
| - POSTGRES_USER=nextcloud | |
| - POSTGRES_PASSWORD=password | |
| - POSTGRES_HOST=db | |
| - NEXTCLOUD_ADMIN_USER=admin | |
| - NEXTCLOUD_ADMIN_PASSWORD=adminpass | |
| - REDIS_HOST=redis | |
| - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mydomain.com | |
| - TRUSTED_PROXIES=172.19.0.0/16 | |
| volumes: | |
| - nextcloud-www:/var/www/html | |
| networks: | |
| default: | |
| external: | |
| name: traefik | |
| nextcloud: | |
| internal: true | |
labels are based on two parts.
- label type (
routers,middlewareswhich you can see at https://docs.traefik.io/middlewares/overview/ and https://docs.traefik.io/routing/routers/ - routers and middleware names which
nextcloud, nexcloud_redirectthey are custom name you can define. and it can be any value you want.
If you search for something liketraefik.http.middlewares.nextcloudin traefik docs you will not see anything.
and
- "traefik.docker.network=traefiknetwork"
it is the network you created for traefik container. which I created myself (check item 1 above)
- Create Traefik network
# docker network create --driver=bridge --attachable --internal=false traefik
If you want to use same network for all containers check this https://gist.github.com/ismailyenigul/f03b4f5f15e5e61ac5b80905c5d2890a
i dont see anything with labels on this page https://docs.traefik.io/routing/routers/
the network is a network i created yes and usually in v1 you just declare it the way i have it above
just basic and i use it to separate my containers and allow communication within certain networks
all am asking is how to convert to v2.2, dont want to go over reason or why for the network
docker network create traefiknetwork
It is here
https://docs.traefik.io/routing/providers/docker/
traefik.docker.network
- "traefik.docker.network=mynetwork"
Overrides the default docker network to use for connections to the container.
If you run traefik in different docker-compose file you can define the network in docker-compose file without creating it manually. I created it manually to make it persistent and it will not be deleted when you run docker-compose down
there you go..perfect..surprised it is exact as v1...works for what i was trying to do
thanks!
Hello thanks for writing this up. This is exactly what i was looking for so that I can use Traefik for other containers also and not just nextcloud.
everything went smoothly but i am getting "404 page not found" when I am trying to set up next cloud in the browser.
I am getting this log for nextcloud from portainer
`
Configuring Redis as session handler
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.23.0.4. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.23.0.4. Set the 'ServerName' directive globally to suppress this message
[Thu Jun 25 03:12:05.835939 2020] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.4.7 configured -- resuming normal operations
[Thu Jun 25 03:12:05.836109 2020] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
`
only thing I changed is the - POSTGRES_DB=nextcloud to default or else it was showing errors
other container db and redis saying both says ready to accept connections.
I am on raspberry pi 4 running OMV5 with dockers
any help will be appreciated
404 means that treafik can't map your requested hostname to the nextcloud container.
you can check traefik container logs. Above apache logs is not an issue.
Ensure that Host value - traefik.http.routers.nextcloud.rule=Host(nextcloud.mydomain.com) is same as your domain name.
Hi, thanks for sharing your compose files. I have a question I am trying to get nextcloud working with:
"traefik.http.routers.nextcloud-secure.rule=Host(my.example.net)" && PathPrefix(/nx)"
and somehow I can't get it working I allways get redirection errors have you ever tryed a solution like that? with traefik 1 it worked like a charm but somehow I can't get it running with traefik 2.
Greetings and thanks
wHyEt
Hi @wHyEt
Please check https://docs.traefik.io/migration/v1-to-v2/#frontends-and-backends-are-dead-long-live-routers-middlewares-and-services
- "traefik.http.routers.router0.rule=Host(`test.localhost`) && PathPrefix(`/test`)"
Hi @ismailyenigul
thanks a lot for your files, help me so much.
I have one question, when deploy nextcloud file, this created another internal network
b81dd7d84cf0 nextcloud bridge local 1265ff7689c2 nextcloud_nextcloud bridge local
Do you know what happened?
I copy/paste your code, change domains and create network nextcloud that you say for persistent network. I want to add another service, in future.
thx
where did you get the documentation for using these labels?
i can't find documentation on using these labels anywhere on the traefik website
i am looking for the v2 replacement for targeting network