Trouble by using this configuration with Traefik Proxy with HTTPS

[marceloavf]

Hi @tiangolo, first of all thank you for this awesome boilerplate.

I'm having some problems by trying to merge this example with yours in dockerswarm.rocks, I'm using docker swarm in my DigitalOcean server and creating some replicas of my node api, but I keep receiving some error messages in traefik logs:

10.255.0.2 - - [18/Feb/2019:20:18:55 +0000] "GET / HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36" 360 "frontend redirect for frontend-servicehttp-prod-webserver-servicehttp" "/" 0ms
10.255.0.2 - marceloavf [18/Feb/2019:20:18:55 +0000] "GET / HTTP/2.0" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36" 359 "servicehttps-prod-webserver-servicehttps" "http://10.0.1.81:80"

I'm trying to keep them in the same domain, but access in different ports. My application is being expose in port 7070, it's working normally in development mode, it's almost equal to yours, but not in production.

Do you have any tips?

---

docker-compose-prod.yml

version: '3.7'
services:
  consul-leader:
    image: consul
    command: agent -server -client=0.0.0.0 -bootstrap -ui
    volumes:
      - consul-data-leader:/consul/data
    environment:
      - CONSUL_BIND_INTERFACE=eth0
      - 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}'
    networks:
      - app-network
      - default
    deploy:
      labels:
        - traefik.enable=true
        - traefik.port=8500
        - traefik.tags=bluedesk-api
        - traefik.frontend.auth.basic.users=test:$$apr1$$VuFjg6b/$9R75O3hETI92Vo21wsJGLq
  consul-replica:
    image: consul
    command: agent -server -client=0.0.0.0 -retry-join="consul-leader"
    volumes:
      - consul-data-replica:/consul/data
    environment:
      - CONSUL_BIND_INTERFACE=eth0
      - 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}'
    networks:
      - app-network
      - default
    deploy:
      replicas: 0
      placement:
        preferences:
          - spread: node.id
  api:
    image: localhost:5000/precisaosistemas/bluedesk:${TAG}
    restart: unless-stopped
    build: .
    environment:
      - VERSION=${TAG}
    command: /bin/bash -c "./wait-for-it.sh -T 0 nc -z couchdb 5984 && yarn start:prod"
    deploy:
      replicas: 2
      update_config:
        parallelism: 1
        delay: 10s
        monitor: 10s
        failure_action: rollback
      rollback_config:
        parallelism: 1
        delay: 10s
        monitor: 10s
      restart_policy:
        condition: on-failure
        max_attempts: 3
        window: 120s
      labels:
        - traefik.frontend.rule=PathPrefix:/
        - traefik.enable=true
        - traefik.port=7070
        - traefik.tags=bluedesk-api
  webserver:
    restart: unless-stopped
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.role == manager
        preferences:
          - spread: node.id
      labels:
        - "traefik.frontend.rule=Host:www.bluedesk-api.precisaosistemas.com.br,bluedesk-api.precisaosistemas.com.br"
        - traefik.enable=true
        - traefik.port=80
        - traefik.tags=bluedesk-api
        - traefik.docker.network=prod_app-network
        - traefik.servicehttp.frontend.entryPoints=http
        - traefik.servicehttp.frontend.redirect.entryPoint=https
        - traefik.servicehttps.frontend.entryPoints=https
        - traefik.frontend.auth.basic.users=test:$$apr1$$VuFjg6b/$9R75O3hETI92Vo21wsJGLq
    command: --docker \
      --docker.swarmmode \
      --docker.watch \
      --docker.exposedbydefault=false \
      --constraints=tag==bluedesk-api \
      --entrypoints='Name:http Address::80'
      --entrypoints='Name:https Address::443 TLS'
      --consul
      --consul.endpoint="consul-leader:8500"
      --acme
      --acme.email=example@example.com
      --acme.storage="traefik/acme/account"
      --acme.entryPoint=https
      --acme.httpChallenge.entryPoint=http
      --acme.onhostrule=true
      --acme.acmelogging=true
      --logLevel=INFO
      --accessLog
      --web
    depends_on:
      - consul-leader
    networks:
      - default
    ports:
      - 80:80
      - 443:443
      - 8080:8080
  couchdb:
    restart: unless-stopped
    labels:
      - traefik.enable=false

volumes:
  consul-data-leader:
  consul-data-replica:

networks:
  app-network:

docker-compose.yml

# https://dockerswarm.rocks/traefik/
version: '3.7'
services:
  #Database
  couchdb:
    image: couchdb:2
    volumes:
      - ./couchdb/data:/opt/couchdb/data
    environment:
      - COUCHDB_USER=test
      - COUCHDB_PASSWORD=test
    networks:
      - db
    labels:
      - traefik.enable=false
  #Application
  api:
    depends_on:
      - couchdb
    networks:
      - app-network
      - db
    volumes:
      - yarn:/home/node/.cache/yarn
      - ./src:/usr/src/app/src
      - ./package.json:/usr/src/app/package.json
      - ./yarn.lock:/usr/src/app/yarn.lock
  #Traefik Service
  webserver:
    image: traefik:v1.7
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - app-network
    links:
      - api

volumes:
  yarn:

networks:
  db:

[tiangolo]

Hey @marceloavf , sorry for the delay.

First, let me suggest you to separate the first docker-compose file, you should be able to have the global Traefik in one docker-compose, deployed only once in a Docker Swarm cluster.

And then, another docker-compose file for your stack, that you can keep updating and re-deploying.

Second suggestion, Traefik is currently having issues with Consul in certain specific situations (generating and saving HTTPS certificates after a period of time). And there are a couple of issues open about that. I have to update DockerSwarm.rocks with that.

But for the time being, it's probably good idea to use a single Traefik: https://dockerswarm.rocks/traefik-with-volume/

[github-actions[bot]]

Assuming the original issue was solved, it will be automatically closed now. But feel free to add more comments or create new issues.