Discussion - Traefik - Custom container exposing multiple ports, single subdomain | PlexGuide.com

Discussion Traefik - Custom container exposing multiple ports, single subdomain

  • Stop using Chrome! Download the Brave Browser via >>> [Brave.com]
    It's a forked version of Chrome with native ad-blockers and Google's spyware stripped out! Download for Mac, Windows, Android, and Linux!
Welcome to the PlexGuide.com
Serving the Community since 2016!
Register Now

gangsgerlyrical

Citizen
Original poster
Nov 30, 2019
4
1
Looking for a bit of help here as I'm struggling to wrap my head around solving my issue with the layers of abstraction that are in play here...

I've used an existing yml file as a template and created a custom app which is deploying an nginx server. I have a subdomain configured and working, pointing to the custom app and able to pull up a "hello world" index.html file from the server via port 80 (redirected to 443 by Traefik). The port within the container is 8778...

Now I need to add a second nginx server instance within that same container. I added a second server stanza to nginx.conf on a different port number (8777) and added those ports as "intport2" and "extport2" in my app's yml file (and re-installed the app).

Of course with a single subdomain I can't differentiate between the two server instances running in the container on unique ports. I am fine with having to reference the second server by it's port specifically. ie let Traefik proxy port 80/443 to port 8778 in the container and access the second port 8777 manually specifying the port in the URL (ie myapp.mydomain.com:8777). Unfortunately I'm struggling getting 8777 exposed to the outside world.

I'm not understanding the relationship between intport/extport and additional iterations like intport2/extport2. I believe Traefik is choosing to proxy only intport/extport, which is fine in this case. But I can't seem to get the second port exposed to the internet... I did notice additional config items towards the bottom of the yml file referring to "published_ports" where I do see intport/extport. I tried adding my second port in two ways like so:

{{ports.stdout}}{{extport2}}:{{intport2}}
{{extport2}}:{{intport2}}

And neither appears to make my second port available to the outside world (nor do I understand what {{ports.stdout}} is for)...

On a related note... I tried disabling the SSL Redirect for this app by setting "traefik.frontend.headers.SSLRedirect: 'false'" but it doesn't appear to have worked... I still get redirected to https when browsing to the standard http url. I will likely need to solve this as well since it's no big deal with Traefik proxying the first port, server doesn't have to worry about SSL... But if that second port can't be proxy'd and has to go direct I need a way to avoid the SSL redirect...


Thanks!!!
 

insanepoet

Citizen+
Staff
Donor
Jul 4, 2019
20
19
So I struggled with that for some time myself setting containers to use --net=container until i found segments in traefik.


TLDR

For each "service" you simply need to name them with their own set of labels, heres a bit using subdomains all on one container, my container actually has 7 each port is split to its own subdomain routed through a container running a vpn connection:

Code:
labels:
    - "traefik.enable=true"
    - "traefik.docker.network=traefik_proxy"
    - "traefik.one.port=8080"
    - "traefik.one.frontend.entryPoints=your-entrypoint-one"
    - "traefik.one.frontend.rule=Host:rutorrent.${DOMAINNAME}"
    - "traefik.one.frontend.headers.SSLRedirect=true"
    - "traefik.one.frontend.headers.STSSeconds=315360000"
    - "traefik.one.frontend.headers.browserXSSFilter=true"
    - "traefik.one.frontend.headers.contentTypeNosniff=true"
    - "traefik.one.frontend.headers.forceSTSHeader=true"
    - "traefik.one.frontend.headers.SSLHost=${DOMAINNAME}"
    - "traefik.one.frontend.headers.STSIncludeSubdomains=true"
    - "traefik.one.frontend.headers.STSPreload=true"
    - "traefik.one.frontend.headers.frameDeny=true"
    - "traefik.docker.network=traefik_proxy"
    - "traefik.two.port=9090"
    - "traefik.two.frontend.entryPoints=your-entrypoint-two"
    - "traefik.two.frontend.rule=Host:qbittorrent.${DOMAINNAME}"
    - "traefik.two.frontend.headers.SSLRedirect=true"
    - "traefik.two.frontend.headers.STSSeconds=315360000"
    - "traefik.two.frontend.headers.browserXSSFilter=true"
    - "traefik.two.frontend.headers.contentTypeNosniff=true"
    - "traefik.two.frontend.headers.forceSTSHeader=true"
    - "traefik.two.frontend.headers.SSLHost=${DOMAINNAME}"
    - "traefik.two.frontend.headers.STSIncludeSubdomains=true"
    - "traefik.two.frontend.headers.STSPreload=true"
    - "traefik.two.frontend.headers.frameDeny=true"
I know i know why multiple torrent clients etc, I like everything split movies to qbit, series to transmission, and ru seeds, etc etc etc XD

btw portainer does not like --net=container... at all (avoid the rabbit hole lol)
 

gangsgerlyrical

Citizen
Original poster
Nov 30, 2019
4
1
I ended up solving my problem without the need for separate server instances within nginx and therefore not needing to use multiple ports after all but for future reference would still like to understand.

Thanks for the pointer to traefik segments. The traefik.one, traefik.two system makes sense to me and although you are using different subdomains, I think I could still get it to work using one due with the independent "port" labels...

Will have to try at some point!



So I struggled with that for some time myself setting containers to use --net=container until i found segments in traefik.


TLDR

For each "service" you simply need to name them with their own set of labels, heres a bit using subdomains all on one container, my container actually has 7 each port is split to its own subdomain routed through a container running a vpn connection:

Code:
labels:
    - "traefik.enable=true"
    - "traefik.docker.network=traefik_proxy"
    - "traefik.one.port=8080"
    - "traefik.one.frontend.entryPoints=your-entrypoint-one"
    - "traefik.one.frontend.rule=Host:rutorrent.${DOMAINNAME}"
    - "traefik.one.frontend.headers.SSLRedirect=true"
    - "traefik.one.frontend.headers.STSSeconds=315360000"
    - "traefik.one.frontend.headers.browserXSSFilter=true"
    - "traefik.one.frontend.headers.contentTypeNosniff=true"
    - "traefik.one.frontend.headers.forceSTSHeader=true"
    - "traefik.one.frontend.headers.SSLHost=${DOMAINNAME}"
    - "traefik.one.frontend.headers.STSIncludeSubdomains=true"
    - "traefik.one.frontend.headers.STSPreload=true"
    - "traefik.one.frontend.headers.frameDeny=true"
    - "traefik.docker.network=traefik_proxy"
    - "traefik.two.port=9090"
    - "traefik.two.frontend.entryPoints=your-entrypoint-two"
    - "traefik.two.frontend.rule=Host:qbittorrent.${DOMAINNAME}"
    - "traefik.two.frontend.headers.SSLRedirect=true"
    - "traefik.two.frontend.headers.STSSeconds=315360000"
    - "traefik.two.frontend.headers.browserXSSFilter=true"
    - "traefik.two.frontend.headers.contentTypeNosniff=true"
    - "traefik.two.frontend.headers.forceSTSHeader=true"
    - "traefik.two.frontend.headers.SSLHost=${DOMAINNAME}"
    - "traefik.two.frontend.headers.STSIncludeSubdomains=true"
    - "traefik.two.frontend.headers.STSPreload=true"
    - "traefik.two.frontend.headers.frameDeny=true"
I know i know why multiple torrent clients etc, I like everything split movies to qbit, series to transmission, and ru seeds, etc etc etc XD

btw portainer does not like --net=container... at all (avoid the rabbit hole lol)
 

Recommend NewsGroups

      Up To a 58% Discount!

Trending