How to access traefik via ip address (both local and public)?

I have traefik dashboard working. I can access it via traefik.example.xyz.
But when I enter my public ip address or my local ip address I get a 404 page not found. It doesn't redirect.
I would like to be able to access traefik via ip address both local and public.

Why would I want to do this?
The hairpinning/NAT Loopback on my router sucks. I want to be able to access traefik at home via local network so I can actually use it. In addition, having the local ip address would allow me to add
192.168.0.108 traefik.example.xyz traefik
to my /etc/pihole/lan.list

Is there really no way to access traefik from a local domain?

Hello,

could you give more information about your configuration?

I have a docker-copose.yml and a data folder with acme.json and traefik.yml

off-topic: I recommend to use more recent version (v2.2)

All your configuration in one docker-compose.yml file (no traefik.yml):

version: "3.7"

########################### NETWORKS
networks:
  t2_proxy:
    external:
      name: t2_proxy
  default:
    driver: bridge

########################### SERVICES
services:
# All services / apps go below this line
  traefik:
    image: traefik:v2.2
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - t2_proxy
    ports:
      - 80:80
      - 8080:8080
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/acme.json:/acme.json
    command:
      # - --log.level=DEBUG
      - --api
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
      - --certificatesresolvers.le.acme.email=myemail@email.xyz
      - --certificatesresolvers.le.acme.storage=acme.json
      - --certificatesresolvers.le.acme.httpchallenge=true
    labels:
      traefik.enable: "true"

      # put a domain only available in your local network
      traefik.http.routers.traefik-local.rule: Host(`traefik.mylocaldomain`)
      traefik.http.routers.traefik-local.entrypoints: web, websecure
      traefik.http.routers.traefik-local.service: api@internal

      traefik.http.routers.traefik.rule: Host(`traefik.${DOMAINNAME}`)
      traefik.http.routers.traefik.entrypoints: web, websecure
      traefik.http.routers.traefik.tls.certresolver: le
      traefik.http.routers.traefik.service: api@internal
      traefik.http.routers.traefik.middlewares: traefik-auth

      traefik.http.middlewares.traefik-auth.basicauth.users: user:password

I also made some improvements in the configuration (related to v2.2 version of Traefik).

You will be able to access locally to traefik.mylocaldomain (with a self-signed certificate).

I appreciate your help and I'll try to adapt to the single file. I've heard opposite (i.e. separation of files) is better, but whatever.

I'm getting an erro that saying:

 level=error msg="Unable to obtain ACME certificate for domains \"traefik.example.xyz\": cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge" rule="Host(`traefik.example.xyz`)" providerName=le.acme routerName=traefik@docker

From my point of view (I'm a maintainer of Traefik), it is better not to have any files.

You just have to copy paste my docker-compose file.

Note, I renamed a lot of things in your configuration, so check your files.

If you are using a file (traefik.yml), remember that YAML is case sensitive.
CLI flags are case insensitive :wink:

lol, hard to argue against that. Just as a learning opertunity, did you turn my traefik.yml to the command label?

Sorry I did mean to say I did copy and paste your code and changed email and domain names. That's the error I got afterwards. You can see in the error it mentions

providerName=le.acme

which I believe is the name given to the new commands.

I forgot to add one line: - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web

version: "3.7"

########################### NETWORKS
networks:
  t2_proxy:
    external:
      name: t2_proxy
  default:
    driver: bridge

########################### SERVICES
services:
# All services / apps go below this line
  traefik:
    image: traefik:v2.2
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - t2_proxy
    ports:
      - 80:80
      - 8080:8080
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/acme.json:/acme.json
    command:
      # - --log.level=DEBUG
      - --api
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
      - --certificatesresolvers.le.acme.email=myemail@email.xyz
      - --certificatesresolvers.le.acme.storage=acme.json
      - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
    labels:
      traefik.enable: 'true'

      # put a domain only available in your local network
      traefik.http.routers.traefik-local.rule: Host(`traefik.mylocaldomain`)
      traefik.http.routers.traefik-local.entrypoints: web, websecure
      traefik.http.routers.traefik-local.service: api@internal

      traefik.http.routers.traefik.rule: Host(`traefik.${DOMAINNAME}`)
      traefik.http.routers.traefik.entrypoints: web, websecure
      traefik.http.routers.traefik.tls.certresolver: le
      traefik.http.routers.traefik.service: api@internal
      traefik.http.routers.traefik.middlewares: traefik-auth
version: "3.7"

########################### NETWORKS
networks:
  t2_proxy:
    external:
      name: t2_proxy
  default:
    driver: bridge

########################### SERVICES
services:
  traefik:
    image: traefik:v2.2
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - t2_proxy
    ports:
      - 80:80
      - 8080:8080
      - 443:443
    environment:
      - CF_API_EMAIL=$CLOUDFLARE_EMAIL
      - CF_API_KEY=$CLOUDFLARE_API_KEY
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./acme.json:/acme.json
    command:
      # - --log.level=DEBUG
      - --api
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
      - --certificatesresolvers.le.acme.email=${CLOUDFLARE_EMAIL}
      - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.le.acme.storage=/acme.json
      - --certificatesResolvers.le.acme.dnsChallenge.provider=cloudflare
      - --certificatesResolvers.le.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
    labels:
      traefik.enable: "true"
      traefik.http.routers.traefik-local.rule: Host(`traefik.localdomain`)
      traefik.http.routers.traefik-local.entrypoints: web, websecure
      # traefik.http.routers.traefik-local.tls: "true"
      traefik.http.routers.traefik-local.service: api@internal
      traefik.http.routers.traefik.rule: Host(`${DOMAINNAME}`)
      traefik.http.routers.traefik.entrypoints: web, websecure
      # traefik.http.routers.traefik.tls: "true"
      traefik.http.routers.traefik.tls.certresolver: le
      traefik.http.routers.traefik.service: api@internal
      traefik.http.routers.traefik.middlewares: traefik-auth
      traefik.http.middlewares.traefik-auth.basicauth.users: username:password

Your solution is working. I had to change the challenge to DNS challenge as I was getting an IP issue, so I added all the cloudflare stuff. I am getting a https secure padlock for my dashboard?
Before I mark as solved. How do I access traefik.localdomain? When I type traefik.localdomain in firefox it tried to resolve as www.traefik.localdomain. And when I ping traefik.localdomain I get nothing.

You have to create a DNS entry in your local network, you have several solutions:

  • add an entry in your local DNS, if you have one.
  • add an entry in the /etc/hosts of your computer.

In all cases, a domain, even in local, to be accessible, have to exist as a DNS reference.

Sorry I'm a bit confused how this would work in my /etc/pihole/lan.list which is where I would put the dns entry. /etc/pihole/lan.list looks like

192.168.1.40     marvin.your.lan  marvin

Where the IP is the first entry (hence my first question).

I tried to put

traefik.localdomain traefik

in my /etc/pihole/lan.list rile and then pihole restartdns but still pinging it gives "Name or service not known". I'm confused in the execution of the DNS entry because I'm only familiar with mapping it to an IP.

So is it not possible to do this? Can I not have traefik work with a local ip? That kinda sucks.
I've been trying to do this for almost 2 weeks now, and it's driving me nuts.

The mapping for that file is ipaddress hostname. How you resolve that hostname is up to you. Its not a traefik issue.

Sure you can, make sure the host rule matches the ip.

Accessing traefik only works through traefik.example.xyz
When accessing it through the server IP address (both locally and externally) traefik gives a 404 page, hence asking the question in the first place. I can't access traefik through the IP address, otherwise I would have put that in the host file, hence asking in the first place.

That's why I've been asking "how to access traefik via ip address" because I want to put that in my host file, however, when accessing through the IP address (not the published domain) there's a 404 page, hence why I can't resolve it.

In my second sentence I said

But when I enter my public ip address or my local ip address I get a 404 page not found. It doesn't redirect

That's what I'm having an issue on.

As you have been advised you need a dns or hosts entry. The lack of knowing what ip address to use is your issue, not traefik's or mine.

The ip address will be that of the docker host, unless you are doing some non-default docker networking.

Your rules do not match ip addresses, only hostnames. Hence a 404.

You'll see the difference via curl:

curl  -i http://192.168.1.2
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Fri, 21 Aug 2020 12:29:57 GMT
Content-Length: 19


404 page not found

Using curl to resolve

curl http://traefik.localdomain -i --resolve traefik.localdomain:80:192.168.1.2
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: /dashboard/
Date: Fri, 21 Aug 2020 12:30:44 GMT
Content-Length: 34

<a href="/dashboard/">Found</a>.

Add traefik.http.routers.traefik-local.rule: Host(traefik.localdomain) || Host(192.168.0.114) to the labels. This is the answer.

1 Like

As mentioned a week ago.

I find your comment to be unhelpful and just condescending.