Help with Docker container and Traefik multiple ports

Hi,
I'm using Traefik latest (v1.7.12) to have https with Let's Encrypt certs for my docker containers created with docker-compose. It works nice for more than a year now.

I have a docker container with 3 ports and I would like to make all 3 ports available via Traefik.
The docker container is Kodi Headless, here is the docker-compose:

  kodi:
    image: linuxserver/kodi-headless
    container_name: kodi
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
    volumes:
      - ${USERDIR}/docker/kodi/:/config/.kodi/:rw
    ports:
      - "8080:8080"
      - "9090:9090"
      - "9777:9777/udp"
    restart: unless-stopped
    networks:
      - traefik_proxy
      - default
    labels:
      - "traefik.enable=true"
      - "traefik.backend=kodi"
      - "traefik.frontend.rule=Host:kodi.${DOMAINNAME}"
      - "traefik.port=8080"
      - "traefik.docker.network=traefik_proxy"
      - "traefik.frontend.auth.forward.address="
      - "traefik.frontend.headers.SSLRedirect=true"
      - "traefik.frontend.headers.STSSeconds=315360000"
      - "traefik.frontend.headers.browserXSSFilter=true"
      - "traefik.frontend.headers.contentTypeNosniff=true"
      - "traefik.frontend.headers.forceSTSHeader=true"
      - "traefik.frontend.headers.SSLHost=EXAMPLE.net"
      - "traefik.frontend.headers.STSIncludeSubdomains=true"
      - "traefik.frontend.headers.STSPreload=true"
      - "traefik.frontend.headers.frameDeny=true"

Container is created fine, and I can access Kodi webUI with https://kodi.domain.net
However, I'm missing access to ports 9090 (websocket) and 9777/udp. For some reason, I can't make some connection from remote locations to this Kodi docker (like Sonarr's Connect option). It works when I use internal network address, the IP directly, bypassing domain name.

Can you help me please, what do I need to add to Traefik labels section to have ports 9090 and 9777/udp accessible too? Maybe remove something from the labels listed? It works perfectly for my other docker containers like Plex, Deluge, Sonarr, Radarr, etc.

Many thanks for your help!

Hello,

Traefik v1 is only a L7 reverse proxy (HTTP/HTTPS), then Traefik v1 will not be able to manage UDP.

Otherwise, to manage multiple ports with Docker, you have to use segments labels.

By example:

kodi:
  image: linuxserver/kodi-headless
  container_name: kodi
  environment:
    - PUID=${PUID}
    - PGID=${PGID}
    - TZ=${TZ}
  volumes:
    - ${USERDIR}/docker/kodi/:/config/.kodi/:rw
  ports:
    - "8080:8080"
    - "9090:9090"
    - "9777:9777/udp"
  restart: unless-stopped
  networks:
    - traefik_proxy
    - default
  labels:
    - "traefik.enable=true"
    - "traefik.docker.network=traefik_proxy"
    - "traefik.one.port=8080"
    - "traefik.one.frontend.entryPoints=your-entrypoint-one"
    - "traefik.one.frontend.rule=Host:kodi.${DOMAINNAME}"
    - "traefik.one.frontend.headers.SSLRedirect=true"
    - "traefik.one.frontend.headers.STSSeconds=315360000"
    - "traefik.one.frontend.headers.browserXSSFilter=true"
    - "traefik.one.frontend.headers.contentTypeNosniff=true"
    - "traefik.one.frontend.headers.forceSTSHeader=true"
    - "traefik.one.frontend.headers.SSLHost=EXAMPLE.net"
    - "traefik.one.frontend.headers.STSIncludeSubdomains=true"
    - "traefik.one.frontend.headers.STSPreload=true"
    - "traefik.one.frontend.headers.frameDeny=true"
    - "traefik.docker.network=traefik_proxy"
    - "traefik.two.port=9090"
    - "traefik.two.frontend.entryPoints=your-entrypoint-two"
    - "traefik.two.frontend.rule=Host:kodi.${DOMAINNAME}"
    - "traefik.two.frontend.headers.SSLRedirect=true"
    - "traefik.two.frontend.headers.STSSeconds=315360000"
    - "traefik.two.frontend.headers.browserXSSFilter=true"
    - "traefik.two.frontend.headers.contentTypeNosniff=true"
    - "traefik.two.frontend.headers.forceSTSHeader=true"
    - "traefik.two.frontend.headers.SSLHost=EXAMPLE.net"
    - "traefik.two.frontend.headers.STSIncludeSubdomains=true"
    - "traefik.two.frontend.headers.STSPreload=true"
    - "traefik.two.frontend.headers.frameDeny=true"

• https://docs.traefik.io/v1.7/configuration/backends/docker/#on-containers-with-multiple-ports-segment-labels

This ranks really high in Google for configuring a container with multiple ports. Segment labels don't seem to exist in v2 so you have to configure it differently.

This StackOverflow topic has good info https://stackoverflow.com/questions/59830648/traefik-multiple-port-bindings-for-the-same-host-v2

Basically you need to configure your container with labels that reference multiple services under a single service. The names of the services need not map directly to the Docker service name and will be created in Traefik using the communication you specify.

Here's an example configuration (from the above SO post) for whoami which can be accessed from both an http and https entry point where the port is individually configurable for each

  whoami:
    image: containous/whoami
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami-http.rule=Host(`whoami.localhost`)
      - traefik.http.routers.whoami-http.entrypoints=web
      - traefik.http.routers.whoami-http.service=whoami-http-service
      - traefik.http.services.whoami-http-service.loadbalancer.server.port=80

      - traefik.http.routers.whoami-https.rule=Host(`whoami.localhost`)
      - traefik.http.routers.whoami-https.entrypoints=web-secure
      - traefik.http.routers.whoami-https.service=whoami-https-service
      - traefik.http.services.whoami-https-service.loadbalancer.server.port=80
      - traefik.http.routers.whoami-https.tls=true