search

anandslab / docker-traefik

Docker media and home server stack with Docker Compose, Traefik, Swarm Mode, Google OAuth2/Authelia, and LetsEncrypt
https://www.smarthomebeginner.com/
MIT License
2.88k stars 632 forks source link

Secrets can't be loaded #314

Open lordraiden opened 1 year ago

lordraiden commented 1 year ago

I'm using Unraid as base distro

Below you can find my compose file and the env. With traefik I'm using as well a traefik.yml which is not relevant, and everthing works fine if I remove the secrets and add the in the env file

This is my compose

###############################################################
# Traefik 
###############################################################

version: '3.9'

# Services ####################################################

services:

  traefik:
    container_name: Traefik
    image: traefik:latest
    restart: unless-stopped
    depends_on:
      - socketproxy
    networks:
      socketproxy: # rename this to your custom docker network
      br2:
        ipv4_address: 10.10.50.250
    dns: 10.10.50.5
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080" # Dashboard port
    volumes:
      - "/mnt/user/Docker/Traefik:/etc/traefik/"
    environment:
      - TZ
      - DOCKER_HOST=socketproxy
      - CF_API_EMAIL
      - CF_DNS_API_TOKEN
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.localwhitelist2.ipwhitelist.sourcerange=10.10.10.1/24"
      - "traefik.http.routers.traefik-dashboard.middlewares=localwhitelist2"
      - "traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080" #required
      - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.test.com.es`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.traefik-dashboard.tls=true"
      - "traefik.http.routers.traefik-dashboard.tls.certresolver=letsencrypt"
      - "traefik.http.routers.traefik-dashboard.service=api@internal" #required
      - "traefik.http.routers.api.service=api@internal" #required
      #- "traefik.http.routers.api.tls=true"
      #- "traefik.http.routers.traefik-dashboard.entrypoints=https443"
      - "com.centurylinklabs.watchtower.enable=true"
    secrets:
      - CF_API_EMAIL
      - CF_DNS_API_TOKEN

  socketproxy:
    container_name: Traefik-socketproxy
    image: tecnativa/docker-socket-proxy
    privileged: true

    networks:
      - socketproxy
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
      - LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg
      - CONTAINERS=1
      - POST=0
    labels:
      - "com.centurylinklabs.watchtower.enable=true"

# Networks ####################################################

networks:
  br2:
    driver: macvlan
    external: true
  br1:
    driver: macvlan
    external: true
  socketproxy:
    internal: true

# Secrets ##############################################

secrets:
  # CF_API_EMAIL
  CF_API_EMAIL:
    file: $DOCKERDIR/CF_API_EMAIL
  # CF_API_EMAIL
  CF_DNS_API_TOKEN:
    file: $DOCKERDIR/CF_DNS_API_TOKEN

this is the env

###############################################################
# Traefik
###############################################################

# General
TZ=Europe/Madrid

# Secrets path
DOCKERDIR=/mnt/user/Docker/docker-compose/Traefik/secrets

# Secrets Traefik
CF_API_EMAIL=/run/secrets/CF_API_EMAIL
CF_DNS_API_TOKEN=/run/secrets/CF_DNS_API_TOKEN

secrets are stored here imagen

I have give read and write permissions just in case but still I can't get the secrets to be loaded. When I launch the compose I get an error in the traeffic log that the api token is not good.

I have been trying to fix this for too may hours but still can figure out how to fix it.

lordraiden commented 1 year ago

ups Ok, I have discovered that I have to add _FILE at the end of the variables.

So, using secrets from file is something that require for every container specific variables? Secrets from file won't be supported by any container by default unless the developer add this feature specifically