Custom header for Node-red

Hello guys,
I am newbie to traefik and to docker, so excuse me the lack of knowledge.
I am trying to setup traefik for 2 docker micro-services (node-red) , I am almost done with that, the only problem is that node-red uses web sockets, right know I can access to them but page is not working properly.
Sometime ago I had similar problem with reverse proxy in synology Nas with node-red and I solved that this way :slight_smile:
image

right now i am not sure how to setup traefik docker-compose.yml or the node-red docker compose.yml to take in account the Custom header.
anyone that willing to help, would be highly appreciated,

version: '3'

services:
  nodered2:
    image: nodered/node-red-docker:latest
    restart: always
    environment:
       - USER_UID=1000
       - USER_GID=1000
    networks:
      - web
    volumes:
      - /home/luisgcu/noder_data/node2/:/data
    ports:
      - "1881:1880"
    labels:
      - "traefik.enable=true"
      - "traefik.backend=nodered"
      - "traefik.docker.network=web"
      - "traefik.frontend.rule=Host:node2.myweb.net"
      - "traefik.port=1881"     
networks:
  web:
    external: true

this is traefik docker-compose.yml

version: '3'

services:
  traefix:
    image: traefik
    command: --api --docker
    restart: always
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /opt/traefik/traefik.toml:/traefik.toml
      - /opt/traefik/acme.json:/acme.json
    networks:
      - web

networks:
  web:
    external: true

this traefik.toml

debug = false
logLevel = "ERROR"

defaultEntryPoints = ["http", "https","ws","wss"]

[web]
# Port for the status/dashboard page
address = ":8080"

[entryPoints]
    [entryPoints.http]
    address = ":80"
        [entryPoints.http.redirect]
        entryPoint = "https"

    [entryPoints.https]
    address = ":443"
    [entryPoints.https.tls]

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
#domain = "myweb.net"
watch = true
exposedByDefault = true

[acme]
email = "myemail@gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
    [acme.httpChallenge]
    entryPoint = "http"

Please if you see any other bad or non sense setup on those files, i will appreciate your advice.

Hello,

web is deprecated and replaced by api

defaultEntryPoints is not related to supported protocol but to entry points.

The valid configuration is:

defaultEntryPoints = ["http", "https"]

The CLI args override the TOML configuration, so remove the CLI args.

Thanks so much for your advice.
I have fixed that.
Now i have a problem, I am only able to see the web page of only one sub domain, when reaching the others I get "bad Gateway"
What I am missing?

debug = true
logLevel = "ERROR"

defaultEntryPoints = ["http", "https"]

[api]
# Port for the status/dashboard page
address = ":8080"

[entryPoints]
    [entryPoints.http]
    address = ":80"
        [entryPoints.http.redirect]
        entryPoint = "https"

    [entryPoints.https]
    address = ":443"
    [entryPoints.https.tls]

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "xxxx.net"
watch = true
exposedByDefault = false

[acme]
email = "angelgcu@gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
    [acme.httpChallenge]
    entryPoint = "http"

[[acme.domains]]    # is this OK?
  main = "xxxx.net"
  sans = ["node1.xxxx.net", "node3.xxxx.net", "node2.xxxx.net"]

address is not a valid option for api: API / Dashboard | Traefik | v1.7

Moreover, the default port of the api is 8080 so you don't need define it explicitly.


You don't need extra configuration for websocket, Traefik manage websocket by default.


You have provided a docker-compose with only one container, so could you explain how do you created the others?

here are the composer for the other containers.

version: '3'

services:
   nodered1:
    image: nodered/node-red-docker:latest
    restart: always
    environment:
      - USER_UID=1000
      - USER_GID=1000
    networks:
      - web
    volumes:
      - /home/luisgcu/noder_data/node1/:/data
    ports:
      - "1880:1880"
    labels:
      - "traefik.enable=true"
      - "traefik.backend=nodered1"
      - "traefik.docker.network=web"
      - "traefik.frontend.rule=Host:node1.xxxx.net"
      - "traefik.port=80"        // before I had here port 1880 and only this container was ok 
                                          // then I read somewhere in here goes the port traefik is listen is this right??
   nodered2:
    image: nodered/node-red-docker:latest
    restart: always
    environment:
       - USER_UID=1000
       - USER_GID=1000
    networks:
      - web
    volumes:
      - /home/luisgcu/noder_data/node2/:/data
    ports:
      - "1881:1880"
    labels:
      - "traefik.enable=true"
      - "traefik.backend=nodered2"
      - "traefik.docker.network=web"
      - "traefik.frontend.rule=Host:node2.xxxx.net"
      - "traefik.port=80"   
networks:
  web:
    external: true

traefik.port is made to define the port to use for the application inside the container.

You don't to expose the port in your docker-compose file.
You just have to add - "traefik.port=1880"

You don't need to define acme.domains because you are using onHostRule = true.

onHostRule = true means that Traefik will use the Host rule (ex: "traefik.frontend.rule=Host:node1.xxxx.net") to create certificates.

1 Like

I tried with the following docker-compose file and everything works as expected.

version: '3'

services:

  traefik:
    image: traefik:v1.7.14
    restart: always
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /opt/traefik/traefik.toml:/traefik.toml
      - /opt/traefik/acme.json:/acme.json
    networks:
      - web

  nodered1:
    image: nodered/node-red-docker:latest
    restart: always
    environment:
      - USER_UID=1000
      - USER_GID=1000
    networks:
      - web
    volumes:
      - /home/luisgcu/noder_data/node1/:/data
    labels:
      - "traefik.enable=true"
      - "traefik.backend=nodered1"
      - "traefik.docker.network=web"
      - "traefik.frontend.rule=Host:node1.xxxx.net"
      - "traefik.port=1880"

  nodered2:
    image: nodered/node-red-docker:latest
    restart: always
    environment:
       - USER_UID=1000
       - USER_GID=1000
    networks:
      - web
    volumes:
      - /home/luisgcu/noder_data/node2/:/data
    labels:
      - "traefik.enable=true"
      - "traefik.backend=nodered2"
      - "traefik.docker.network=web"
      - "traefik.frontend.rule=Host:node2.xxxx.net"
      - "traefik.port=1880"

networks:
  web:
    external: true
1 Like

Finally I get this to work!!! thanks so much!
At the end what I did is as follow:

get rid of this label--> - "traefik.port=1881" //this is no needed traefik detect the docker container port automatically

version: '3'

services:
   nodered1:
    image: nodered/node-red-docker:latest
    restart: always
    environment:
      - USER_UID=1000
      - USER_GID=1000
    networks:
      - web
    volumes:
      - /home/luisgcu/noder_data/node1/:/data
    ports:
      - "1880:1880"
    labels:
      - "traefik.enable=true"
      - "traefik.backend=nodered1"
      - "traefik.docker.network=web"
      - "traefik.frontend.rule=Host:node1.xxxx.net"
 #     - "traefik.port=1880"

   nodered2:
    image: nodered/node-red-docker:latest
    restart: always
    environment:
       - USER_UID=1000
       - USER_GID=1000
    networks:
      - web
    volumes:
      - /home/luisgcu/noder_data/node2/:/data
    ports:
      - "1881:1880"   # I need NR  exposed port 1881 locally for debug purposes on local network
    labels:
      - "traefik.enable=true"
      - "traefik.backend=nodered2"
      - "traefik.docker.network=web"
      - "traefik.frontend.rule=Host:node2.xxxx.net"
#      - "traefik.port=1881"       //this is no requiered since  traefik detect the docker container port  automatically
networks:
  web:
    external: true

I had problem that I didn't notice before.. see the image below


I think I need 3 separate back-ends one for each front with its sub-domains, but notice that node2 and node3 subdomains are linked to the same back-ends, and that is creating problems between nodered2 and 3. How I can fix that? is that fix on the traefix.toml or in the docker compose.yml?
Thanks so much.

here are the latest files that I used
docker-compose.yml

version: '3'
# Create 3 node-red docker containers  ready to operate behind traefik Reverse proxy
services:
   nodered1:    #Nodered Docker container 1
    image: nodered/node-red-docker:latest
    restart: always
    user: root
    environment:
      - TZ= America/New_York
    networks:
      - web
    volumes:
      - /home/luisgcu/noder_data/node1/:/data  # Do nor forget to set  NR volumes   
    ports:
      - "1880:1880"
    labels:
      - "traefik.enable=true"
      - "traefik.backend=nodered1"
      - "traefik.docker.network=web"
      - "traefik.frontend.rule=Host:node1.yourdomain.net" 

   nodered2:   #Nodered Docker container 2
    image: nodered/node-red-docker:latest
    restart: always
    user: root
    environment:
      - TZ= America/New_York
    networks:
      - web
    volumes:
      - /home/luisgcu/noder_data/node2/:/data # Do nor forget to set  NR volumes
    ports:
      - "1881:1880"
    labels:
      - "traefik.enable=true"
      - "traefik.backend=nodered2"
      - "traefik.docker.network=web"
      - "traefik.frontend.rule=Host:node2.yourdomain.net"
      
   nodered3:  #Nodered Docker container 3 
    image: nodered/node-red-docker:latest
    restart: always
    user: root
    environment:
      - TZ= America/New_York
    networks:
      - web
    volumes:
      - /home/luisgcu/noder_data/node3/:/data  # Do nor forget to set  NR volumes
    ports:
      - "1882:1880"
    labels:
      - "traefik.enable=true"
      - "traefik.backend=nodered2"
      - "traefik.docker.network=web"
      - "traefik.frontend.rule=Host:node3.yourdomain.net"  
      
   traefix:  # Traefix docker compose start here     
    image: traefik
    command: --api --docker
    restart: always    
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /opt/traefik/traefik.toml:/traefik.toml
      - /opt/traefik/acme.json:/acme.json      
    networks:
      - web
    labels:
      - "traefik.frontend.headers.STSPreload=true"
      - "traefik.frontend.passHostHeader=true"  
 
networks:
  web:
    external: true

and traefik.toml

debug = true
logLevel = "ERROR"

defaultEntryPoints = ["http", "https"]

[api]
# Port for the status/dashboard page
dashboard = true

[entryPoints]
    [entryPoints.http]
    address = ":80"
        [entryPoints.http.redirect]
        entryPoint = "https"

    [entryPoints.https]
    address = ":443"
    [entryPoints.https.tls]

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "yourdomain.net"
watch = true
exposedByDefault = true

[acme]
email = "user@emailprovider.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
    [acme.httpChallenge]
    entryPoint = "http"

It's because nodered3 and nodered2 have the same backend name.

:+1: thanks so much.. that was the problem..

How have the config to be changed to proxy the dashboard to dashboard1.xxxx.net / dashboard2.xxxx.net ?
Thanks!