TL;DR
Is my setup correct? How do I configure for what I want?
I can't access the dashboard, always get: Error code: SEC_ERROR_INADEQUATE_KEY_USAGE, etc.
What would a traefik.yml config file look like for multiple TL domains with their own subdomains?
Hi, I'm trying to setup traefik v2.2 on a Google Compute Engine instance. One big goal is to also use traefik to handle multiple different TL domains as well as subdomains associated with it. Currently, I have this configuration, but I'm lost in direction on making it work. Below is my current setup. Also, should I even use dynamic/file providers, I want to use labels mostly, but not sure how to translate that.
I'm certain I'm overcomplicating something, but I have read many guides and am having trouble pinpointing to a config setup I want. Below is a recent attempt. (Yes I have labels and dynamic conf. that's bad, but I want to give as much info on what I have tried so far to better understand what I'm doing wrong.)
Thank you in advance.
docker-compose.yml
version: '3.5'
secrets:
gcloud_account:
file: "./../../../secrets/test-eb4692bd2f5a.json"
services:
dockerproxy:
#depends_on:
# - watchtower
environment:
CONTAINERS: 1
image: tecnativa/docker-socket-proxy
networks:
- traefik
ports:
- 2375
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
traefik:
depends_on:
- dockerproxy
image: traefik:2.2
networks:
- default
- traefik
secrets:
- "gcloud_account"
environment:
- GCE_PROJECT=test
- GCE_SERVICE_ACCOUNT_FILE=${GOOGLE_APPLICATION_CREDENTIALS}
ports:
- 80:80
- 443:443
- 8080:8080
restart: always
volumes:
- ./traefik2_2/traefik.yml:/etc/traefik/traefik.yml
- /var/letsencrypt:/var/acme.json
- ./traefik2_2/dynamic:/etc/traefik/dynamic/
labels:
# Dashboard
- "traefik.http.routers.traefik.rule=Host(`traefik.mysite.co`)"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=admin"
- "traefik.http.routers.traefik.tls.certresolver=le"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.middlewares.admin.basicauth.users=[admin:$PASSWORD]"
whoami:
depends_on:
- traefik
image: containous/whoami:latest
command:
- --port=8079
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.whoami.rule=host(`whoami.mysite.co`)"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami.tls.certresolver=letsEncrypt"
- "traefik.http.routers.whoami.service=whoami"
- "traefik.http.services.whoami.loadbalancer.server.port=8079"
#- "traefik.http.routers.whoami.tls.certresolver=le"
#- "traefik.http.routers.whoami.entrypoints=websecure"
networks:
traefik:
external: true
traefik.yml
entryPoints:
http:
address: :80
https:
address: :443
providers:
docker:
watch: true
exposedByDefault: false
endpoint: tcp://dockerproxy:2375
network: traefik
file:
directory: /etc/traefik/dynamic/
api:
insecure: false
dashboard: true
debug: false
certificatesResolvers:
letsEncrypt:
acme:
email: myemail@gmail.com
storage: acme.json
dnsChallenge:
provider: gcloud
delayBeforeCheck: 0
Now for files in the dynamic folder:
redirect.yml
# Handles all http to https
http:
routers:
http:
entryPoints:
- http
middlewares:
- https_redirect
rule: HostRegexp(`{any:.+}`)
service: noop
services:
# noop service, the URL will be never called
noop:
loadBalancer:
servers:
- url: http://192.168.0.1
middlewares:
https_redirect:
redirectScheme:
scheme: https
permanent: true
dynamic.yml
http:
middlewares:
http-redirectscheme:
redirectScheme:
scheme: https
dashadmin:
basicAuth:
users:
- "admin:$PASSWORD"
dashboard.yml
http:
routers:
dashboard:
rule: Host(`traefik.mysite.co`)
service: api@internal # This is the defined name for api. You cannot change it.
entrypoints: web
middlewares: ['dashadmin']
tls:
certresolver: letsEncrypt