jittering / traefik-kop Goto Github PK

View Code? Open in Web Editor NEW

174.0 7.0 13.0 256 KB

A dynamic docker->redis->traefik discovery agent

License: MIT License

Dockerfile 0.25% Makefile 1.60% Go 97.62% Shell 0.54%

traefik traefik-docker docker redis

traefik-kop's Introduction

traefik-kop

A dynamic docker->redis->traefik discovery agent.

Solves the problem of running a non-Swarm/Kubernetes multi-host cluster with a single public-facing traefik instance.

                        +---------------------+          +---------------------+
                        |                     |          |                     |
+---------+     :443    |  +---------+        |   :8088  |  +------------+     |
|   WAN   |--------------->| traefik |<-------------------->| svc-nginx  |     |
+---------+             |  +---------+        |          |  +------------+     |
                        |       |             |          |                     |
                        |  +---------+        |          |  +-------------+    |
                        |  |  redis  |<-------------------->| traefik-kop |    |
                        |  +---------+        |          |  +-------------+    |
                        |             docker1 |          |             docker2 |
                        +---------------------+          +---------------------+

traefik-kop solves this problem by using the same traefik docker-provider logic. It reads the container labels from the local docker node and publishes them to a given redis instance. Simply configure your traefik node with a redis provider and point it to the same instance, as in the diagram above.

Usage

Configure traefik to use the redis provider, for example via traefik.yml:

providers:
  providersThrottleDuration: 2s
  docker:
    watch: true
    endpoint: unix:///var/run/docker.sock
    swarmModeRefreshSeconds: 15s
    exposedByDefault: false
  redis:
    endpoints:
      # assumes a redis link with this service name running on the same
      # docker host as traefik
      - "redis:6379"

Run traefik-kop on your other nodes via docker-compose:

services:
  traefik-kop:
    image: "ghcr.io/jittering/traefik-kop:latest"
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - "REDIS_ADDR=192.168.1.50:6379"
      - "BIND_IP=192.168.1.75"

Then add the usual labels to your target service:

services:
  nginx:
    image: "nginx:alpine"
    restart: unless-stopped
    ports:
      # The host port binding will automatically be picked up for use as the
      # service endpoint. See 'service port binding' in the configuration
      # section for more.
      - 8088:80
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nginx.rule=Host(`nginx-on-docker2.example.com`)"
      - "traefik.http.routers.nginx.tls=true"
      - "traefik.http.routers.nginx.tls.certresolver=default"
      # [opptional] explicitly set the port binding for this service.
      # See 'service port binding' in the configuration section for more.
      - "traefik.http.services.nginx.loadbalancer.server.scheme=http"
      - "traefik.http.services.nginx.loadbalancer.server.port=8088"

Configuration

traefik-kop can be configured via either CLI flags are environment variables.

USAGE:
   traefik-kop [global options] command [command options] [arguments...]

GLOBAL OPTIONS:
   --hostname value       Hostname to identify this node in redis (default: "server.local") [$KOP_HOSTNAME]
   --bind-ip value        IP address to bind services to (default: "auto.detected.ip.addr") [$BIND_IP]
   --redis-addr value     Redis address (default: "127.0.0.1:6379") [$REDIS_ADDR]
   --redis-pass value     Redis password (if needed) [$REDIS_PASS]
   --redis-db value       Redis DB number (default: 0) [$REDIS_DB]
   --docker-host value    Docker endpoint (default: "unix:///var/run/docker.sock") [$DOCKER_HOST]
   --docker-config value  Docker provider config (file must end in .yaml) [$DOCKER_CONFIG]
   --poll-interval value  Poll interval for refreshing container list (default: 60) [$KOP_POLL_INTERVAL]
   --namespace value      Namespace to process containers for [$NAMESPACE]
   --verbose              Enable debug logging (default: false) [$VERBOSE, $DEBUG]
   --help, -h             show help
   --version, -V          Print the version (default: false)

Most important are the bind-ip and redis-addr flags.

IP Binding

There are a number of ways to set the IP published to traefik. Below is the order of precedence (highest first) and detailed descriptions of each setting.

kop.<service name>.bind.ip label
kop.bind.ip label
Container networking IP
--bind-ip CLI flag
BIND_IP env var
Auto-detected host IP

bind-ip

Since your upstream docker nodes are external to your primary traefik server, traefik needs to connect to these services via the server's public IP rather than the usual method of using the internal docker-network IPs (by default 172.20.0.x or similar).

When using host networking this can be auto-detected, however it is advisable in the majority of cases to manually set this to the desired IP address. This can be done using the docker image by exporting the BIND_IP environment variable.

traefik-kop service labels

The bind IP can be set via label for each service/container.

Labels can be one of two keys:

kop.<service name>.bind.ip=2.2.2.2
kop.bind.ip=2.2.2.2

For a container with a single exposed service, or where all services use the same IP, the latter is sufficient.

Container Networking

If your container is configured to use a network-routable IP address via an overlay network or CNI plugin, that address will override the bind-ip configuration above when the traefik.docker.network label is present on the service.

Service port binding

By default, the service port will be picked up from the container port bindings if only a single port is bound. For example:

services:
  nginx:
    image: "nginx:alpine"
    restart: unless-stopped
    ports:
      - 8088:80

8088 would automatically be used as the service endpoint's port in traefik. If you have more than one port or are using host networking, you will need to explicitly set the port binding via service label, like so:

services:
  nginx:
    image: "nginx:alpine"
    network_mode: host
    ports:
      - 8088:80
      - 8888:81
    labels:
      # (note: other labels snipped for brevity)
      - "traefik.http.services.nginx.loadbalancer.server.port=8088"

NOTE: unlike the standard traefik-docker usage, we need to expose the service port on the host and tell traefik to bind to that port (8088 in the example above) in the load balancer config, not the internal port (80). This is so that traefik can reach it over the network.

Namespaces

traefik-kop has the ability to target containers via namespaces. Simply configure kop with a namespace:

services:
  traefik-kop:
    image: "ghcr.io/jittering/traefik-kop:latest"
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - "REDIS_ADDR=192.168.1.50:6379"
      - "BIND_IP=192.168.1.75"
      - "NAMESPACE=staging"

Then add the kop.namespace label to your target services, along with the usual traefik labels:

services:
  nginx:
    image: "nginx:alpine"
    restart: unless-stopped
    ports:
      - 8088:80
    labels:
      - "kop.namespace=staging"
      - "traefik.enable=true"
      - "traefik..."

Docker API

traefik-kop expects to connect to the Docker host API via a unix socket, by default at /var/run/docker.sock. The location can be overridden via the DOCKER_HOST env var or --docker-host flag.

Other connection methods (like ssh, http/s) are not supported.

By default, traefik-kop will listen for push events via the Docker API in order to detect configuration changes. In some circumstances, a change may not be pushed correctly. For example, when using healthchecks in certain configurations, the start -> healthy change may not be detected via push event. As a failsafe, there is an additional polling mechanism to detect those missed changes.

The default interval of 60 seconds should be light so as not to cause any issues, however it can be adjusted as needed via the KOP_POLL_INTERVAL env var or set to 0 to disable it completely.

Traefik Docker Provider Config

In addition to the simple --docker-host setting above, all Docker Provider configuration options are available via the --docker-config <filename.yaml> flag which expects either a filename to read configuration from or an inline YAML document.

For example:

services:
  traefik-kop:
    image: "ghcr.io/jittering/traefik-kop:latest"
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      REDIS_ADDR: "172.28.183.97:6380"
      BIND_IP: "172.28.183.97"
      DOCKER_CONFIG: |
        ---
        docker:
          defaultRule: Host(`{{.Name}}.foo.example.com`)

Releasing

To release a new version, simply push a new tag to github.

git push
git tag -a v0.11.0
git push --tags

To update the changelog:

make update-changelog
# or (replace tag below)
docker run -it --rm -v "$(pwd)":/usr/local/src/your-app \
  githubchangeloggenerator/github-changelog-generator \
  -u jittering -p traefik-kop --output "" \
  --since-tag v0.10.1

License

traefik-kop's People

Contributors

Stargazers

Watchers

Forkers

prathoss hcooper betwowt dorianim-forks bdowden willfantom webclinic017 geronimoes alexseysua mwacker-sms ukaserge damfleu protocol789

traefik-kop's Issues

Details from only one of four hosts are appearing in the dashboard

I have four small form factor servers running services using docker compose, and traefik-kop looks like it will enable me to implement Traefik - and therefore continue my 'configuration as code' GitOps journey.

Environment

I have four servers with a minimal Linux installation and the docker engine and compose plugin, installed the approved way.

Four servers running Debian 11.5 headless
- 2 x Edge servers : Raspberry Pi 4b RAM 2GB SSD 120GB
- 1 x Services server : Intel NUC7CJYHN RAM 16GB SSD 500GB
- 1 x Security server : Intel NUC8i3BEH RAM 32GB SSD 250GB
Exclusive use of docker-compose.yml files for managing containers
Configuration-as-code stored in private github repositories
Server specific information held in .env.example files
- .env files created before container start
- Container and server specific details added at runtime for security

Traefik-Kop Configuration

Each of the 4 servers is running traefik-kop using a compose file and an environment file.

compose.yaml

services:
  traefik-kop:
    image: ghcr.io/jittering/traefik-kop:latest
    container_name: ${CONTAINER}
    hostname: ${HOSTNAME}
    environment:
      - BIND_IP=${BIND_IP}
      - REDIS_ADDR=${REDIS_ADDR}
      - REDIS_PASS=${REDIS_PASS}
      - VERBOSE=true
      - DEBUG=1
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped
    networks:
      my-net:
        ipv4_address: ${NETWORK_IPV4_ADDRESS}
networks:
  my-net:
    name: ${NETWORK_NAME}
    external: true

.env.example

# Host specifics
CONTAINER=traefik-kop-[1, 2, 3, 4]
HOSTNAME=[hostname]
DNS=192.168.1.1
# Network specifics
NETWORK_NAME=[network-name]
NETWORK_IPV4_ADDRESS=[docker-ip-address] # traefik 21 redis 23 traefik-kop 25
# Container specifics
BIND_IP=[host-ip-address]
REDIS_ADDR=[redis-ip-address]:6379
REDIS_PASS=[password]

Redis Configuration

The edge server that will manage inbound requests is running the redis service, which has a compose file, an environment file, and a configuration file.

compose.yaml

services:
  redis:
    image: redis:latest
    container_name: ${CONTAINER}
    hostname: ${HOSTNAME}
    dns: ${DNS}
    command: redis-server --requirepass ${REDIS_PASSWORD}
    ports:
      - "6379:6379"
    volumes:
      - ${DIRECTORY_CONFIG}:/usr/local/etc/redis/
      - ${DIRECTORY_DATA}:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    networks:
      my-net:
        ipv4_address: ${NETWORK_IPV4_ADDRESS}
networks:
  my-net:
    name: ${NETWORK_NAME}
    external: true

.env.example

# Host specifics
CONTAINER=redis
HOSTNAME=[hostname]
DNS=192.168.1.1
# Network specifics
NETWORK_NAME=[network-name]
NETWORK_IPV4_ADDRESS=[docker-ip-address] # traefik 21 redis 23 traefik-kop 25
# Directory locations
DIRECTORY_CONFIG=/srv/redis/config
DIRECTORY_DATA=/srv/redis/data
# Container specifics
REDIS_PASSWORD=[password]

redis.conf

bind [host-ip-address]
protected-mode no
port 6379
tcp-backlog 511
timeout 0
tcp-keepalive 300
daemonize no
pidfile redis_6379.pid
loglevel verbose
logfile ""
databases 16
always-show-logo no
set-proc-title yes
proc-title-template "{title} {listen-addr} {server-mode}"
locale-collate ""
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
rdb-del-sync-files no
dir /data

Traefik Configuration

The edge server that will manage inbound requests is running the traefik service, which has a compose file and an environment file. I am trying to use the Traefik CLI for all configuration settings.

compose.yaml

services:
  traefik:
    image: traefik:latest
    container_name: ${CONTAINER}
    hostname: ${HOSTNAME}
    command:
      - "--log=true"
      - "--log.level=DEBUG"
      - "--api=true"
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--providers.redis=true"
      - "--providers.redis.rootkey=traefik"
      - "--providers.redis.endpoints=[redis-ip-address]:6379"
      - "--providers.redis.password=${REDIS_PASS}"
      # - "--certificatesresolvers.azuredns.acme.dnschallenge=true"
      # - "--certificatesresolvers.azuredns.acme.dnschallenge.provider=azuredns"
      # - "--certificatesresolvers.azuredns.acme.dnschallenge.delaybeforecheck=90"
      # - "--certificatesresolvers.azuredns.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      # - "--certificatesresolvers.azuredns.acme.email=deanwsmith@outlook.com"
      # - "--certificatesresolvers.azuredns.acme.storage=/acme/acme.json"
    ports:
      - "80:80"     # http
      - "443:443"   # https
      - "8888:8080" # web ui (enabled by --api=true)
    environment:
      - TRAEFIK_PASS=${TRAEFIK_PASS}
      - AZURE_CLIENT_ID=${AZURE_CLIENT_ID}
      - AZURE_TENANT_ID=${AZURE_TENANT_ID}
      - AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET}
      - AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP}
      - AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID}
    volumes:
      - ${DIRECTORY_ETCTRAEFIK}:/etc/traefik
      - ${DIRECTORY_ACME}:/acme
      - ${DIRECTORY_LETSENCRYPT}:/letsencrypt
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    labels:
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik.example.com`)"
      - "traefik.http.routers.traefik.entrypoints=webs"
      - "traefik.http.routers.traefik.service=traefik"
      - "traefik.http.services.traefik.loadbalancer.server.port=8888"
      #  - "traefik.http.routers.traefik.tls=true"
      #  - "traefik.http.routers.traefik.tls.certresolver=myresolver"
      # - "traefik.http.services.traefik.loadbalancer.server.scheme=http"
    networks:
      my-net:
        ipv4_address: ${NETWORK_IPV4_ADDRESS}
networks:
  my-net:
    name: ${NETWORK_NAME}
    external: true

.env.example

# Host specifics
CONTAINER=traefik
HOSTNAME=[hostname]
DNS=192.168.1.1
# Network specifics
NETWORK_NAME=[network-name]
NETWORK_IPV4_ADDRESS=[docker-ip-address] # traefik 21 redis 23 traefik-kop 25
# Directory locations
DIRECTORY_ETCTRAEFIK=/srv/traefik/etc-traefik
DIRECTORY_ACME=/srv/traefik/acme
DIRECTORY_LETSENCRYPT=/srv/traefik/letsencrypt
# Container specifics
TRAEFIK_PASS=[password]
REDIS_PASS=[password]
AZURE_CLIENT_ID=[client_id]
AZURE_TENANT_ID=[tenant_id]
AZURE_CLIENT_SECRET=[client_secret]
AZURE_RESOURCE_GROUP=[resource_group]
AZURE_SUBSCRIPTION_ID=[subscription_id]

Service Configurations

As well as individual services on each of the servers I also have a number of common services (diun, netdata, promtail, scrutiny-collector). Here are the configuration details for each of the promtail services.

promtail-1 compose.yaml

services:
  promtail:
    image: grafana/promtail:latest
    container_name: ${CONTAINER}
    hostname: ${CONTAINER}.${HOSTNAME}
    dns: ${DNS}
    command: -config.file=/etc/promtail/config.yaml -config.expand-env=true
    user: 0:0
    ports:
      - "9080:9080" # web ui
    environment:
      - TZ=${TZ}
    volumes:
      - ${DIRECTORY_ETCPROMTAIL}:/etc/promtail/
      - /var/log:/var/log:ro
      - /var/lib/docker/containers:/var/lib/docker/containers:ro
      - /var/lib/docker/:/var/lib/docker:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    labels:
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.promtail-1.rule=Host(`promtail-1.example.com`)"
      # - "traefik.http.routers.promtail-1.tls=true"
      # - "traefik.http.routers.promtail-1.tls.certresolver=myresolver"
      - "traefik.http.services.promtail-1.loadbalancer.server.scheme=http"
      - "traefik.http.services.promtail-1.loadbalancer.server.port=9080"
    networks:
      my-net:
        ipv4_address: ${NETWORK_IPV4_ADDRESS}
networks:
  my-net:
    name: ${NETWORK_NAME}
    external: true

promtail-1 .env.example

# Host specifics
CONTAINER=promtail-1
HOSTNAME=[server1]
DNS=192.168.1.1
# Network specifics
NETWORK_NAME=[server1]
NETWORK_IPV4_ADDRESS=[docker-ip-address]
# Timezone from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=America/Denver
# Directory locations
DIRECTORY_ETCPROMTAIL=/srv/promtail/etc-promtail
# Container specifics
#none

promtail-2 compose.yaml

services:
  promtail:
    image: grafana/promtail:latest
    container_name: ${CONTAINER}
    hostname: ${CONTAINER}.${HOSTNAME}
    dns: ${DNS}
    command: -config.file=/etc/promtail/config.yaml -config.expand-env=true
    user: 0:0
    ports:
      - "9080:9080" # web ui
    environment:
      - TZ=${TZ}
    volumes:
      - ${DIRECTORY_ETCPROMTAIL}:/etc/promtail/
      - /var/log:/var/log:ro
      - /var/lib/docker/containers:/var/lib/docker/containers:ro
      - /var/lib/docker/:/var/lib/docker:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    labels:
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.promtail-2.rule=Host(`promtail-2.example.com`)"
      # - "traefik.http.routers.promtail-2.tls=true"
      # - "traefik.http.routers.promtail-2.tls.certresolver=myresolver"
      - "traefik.http.services.promtail-2.loadbalancer.server.scheme=http"
      - "traefik.http.services.promtail-2.loadbalancer.server.port=9080"
    networks:
      my-net:
        ipv4_address: ${NETWORK_IPV4_ADDRESS}
networks:
  my-net:
    name: ${NETWORK_NAME}
    external: true

promtail-2 .env.example

services:
  promtail:
    image: grafana/promtail:latest
    container_name: ${CONTAINER}
    hostname: ${CONTAINER}.${HOSTNAME}
    dns: ${DNS}
    command: -config.file=/etc/promtail/config.yaml -config.expand-env=true
    user: 0:0
    ports:
      - "9080:9080" # web ui
    environment:
      - TZ=${TZ}
    volumes:
      - ${DIRECTORY_ETCPROMTAIL}:/etc/promtail/
      - /var/log:/var/log:ro
      - /var/lib/docker/containers:/var/lib/docker/containers:ro
      - /var/lib/docker/:/var/lib/docker:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    labels:
      # Traefik
      - "traefik.enable=true"
       - "traefik.http.routers.promtail-2.rule=Host(`promtail-2.example.com`)"
       - "traefik.http.routers.promtail-2.tls=true"
      #  - "traefik.http.routers.promtail-2.tls.certresolver=myresolver"
      - "traefik.http.services.promtail-2.loadbalancer.server.scheme=http"
      - "traefik.http.services.promtail-2.loadbalancer.server.port=9080"
    networks:
      my-net:
        ipv4_address: ${NETWORK_IPV4_ADDRESS}
networks:
  my-net:
    name: ${NETWORK_NAME}
    external: true

promtail-2 .env.example

# Host specifics
CONTAINER=promtail-2
HOSTNAME=[server2]
DNS=192.168.1.1
# Network specifics
NETWORK_NAME=[server2]
NETWORK_IPV4_ADDRESS=[docker-ip-address]
# Timezone from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=America/Denver
# Directory locations
DIRECTORY_ETCPROMTAIL=/srv/promtail/etc-promtail
# Container specifics
#none

promtail-3 compose.yaml

services:
  promtail:
    image: grafana/promtail:latest
    container_name: ${CONTAINER}
    hostname: ${CONTAINER}.${HOSTNAME}
    dns: ${DNS}
    command: -config.file=/etc/promtail/config.yaml -config.expand-env=true
    user: 0:0
    ports:
      - "9080:9080" # web ui
    environment:
      - TZ=${TZ}
    volumes:
      - ${DIRECTORY_ETCPROMTAIL}:/etc/promtail/
      - /var/lib/docker/containers:/var/lib/docker/containers:ro
      - /var/lib/docker/:/var/lib/docker:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /var/log:/var/log:ro
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    labels:
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.promtail-3.rule=Host(`promtail-3.example.com`)"
    #   - "traefik.http.routers.promtail-3.tls=true"
    #   - "traefik.http.routers.promtail-3.tls.certresolver=myresolver"
      - "traefik.http.services.promtail-3.loadbalancer.server.scheme=http"
      - "traefik.http.services.promtail-3.loadbalancer.server.port=9080"
    networks:
      my-net:
        ipv4_address: ${NETWORK_IPV4_ADDRESS}
networks:
  my-net:
    name: ${NETWORK_NAME}
    external: true

promtail-3 .env.example

# Host specifics
CONTAINER=promtail-3
HOSTNAME=[server3]
DNS=192.168.1.1
# Network specifics
NETWORK_NAME=[server3]
NETWORK_IPV4_ADDRESS=[docker-ip-address]
# Timezone from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=America/Denver
# Directory locations
DIRECTORY_ETCPROMTAIL=/srv/promtail/etc-promtail
# Container specifics
#none

promtail-4 compose.yaml

services:
  promtail:
    image: grafana/promtail:latest
    container_name: ${CONTAINER}
    hostname: ${CONTAINER}.${HOSTNAME}
    dns: ${DNS}
    command: -config.file=/etc/promtail/config.yaml -config.expand-env=true
    user: 0:0
    ports:
      - "9080:9080" # web ui
    environment:
      - TZ=${TZ}
    volumes:
      - ${DIRECTORY_ETCPROMTAIL}:/etc/promtail/
      - /var/lib/docker/containers:/var/lib/docker/containers:ro
      - /var/lib/docker/:/var/lib/docker:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /var/log:/var/log:ro
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    labels:
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.promtail-4.rule=Host(`promtail-4.example.com`)"
      # - "traefik.http.routers.promtail-4.tls=true"
      # - "traefik.http.routers.promtail-4.tls.certresolver=myresolver"
      - "traefik.http.services.promtail-4.loadbalancer.server.scheme=http"
      - "traefik.http.services.promtail-4.loadbalancer.server.port=9080"
    networks:
      my-net:
        ipv4_address: ${NETWORK_IPV4_ADDRESS}
networks:
  my-net:
    name: ${NETWORK_NAME}
    external: true

promtail-4 .env.example

# Host specifics
CONTAINER=promtail-4
HOSTNAME=[server4]
DNS=192.168.1.1
# Network specifics
NETWORK_NAME=[server4]
NETWORK_IPV4_ADDRESS=[docker-ip-address]
# Timezone from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=America/Denver
# Directory locations
DIRECTORY_ETCPROMTAIL=/srv/promtail/etc-promtail
# Container specifics
#none

Being able to hide sections in markdown is so useful.

Here's an example of an individual service from one of the hosts that isn't picked up:

frigate compose.yaml

services:
  frigate:
    image: ghcr.io/blakeblackshear/frigate:stable
    container_name: ${CONTAINER}
    hostname: ${CONTAINER}.${HOSTNAME}
    dns: ${DNS}
    privileged: true
    cap_add:
      - CAP_PERFMON
    shm_size: 512M
    devices:
      - /dev/bus/usb:/dev/bus/usb # USB Coral
      - /dev/dri:/dev/dri         # intel hwaccel
    ports:
      - 5000:5000 # web ui
      - 8554:8554 # rtsp
      - 8555:8555/tcp # webrtc
      - 8555:8555/udp # webrtc
    environment:
      - TZ=${TZ}
      - FRIGATE_WYZE_PASSWORD=${FRIGATE_WYZE_PASSWORD}
    volumes:
      - ${DIRECTORY_CONFIG}:/config
      - ${DIRECTORY_DATABASE}:/db
      - ${DIRECTORY_MEDIA}:/media/frigate
      - /etc/localtime:/etc/localtime:ro
      - /dev/bus/usb:/dev/bus/usb # USB Coral
      - /dev/dri:/dev/dri         # Intel hwaccel
      - type: tmpfs
        target: /tmp/cache
        tmpfs:
          size: 1073741824
    restart: unless-stopped
    labels:
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.frigate.rule=Host(`frigate.example.com`)"
      # - "traefik.http.routers.frigate.tls=true"
      # - "traefik.http.routers.frigate.tls.certresolver=myresolver"
      - "traefik.http.services.frigate.loadbalancer.server.scheme=http"
      - "traefik.http.services.frigate.loadbalancer.server.port=5000"
    networks:
      my-net:
        ipv4_address: ${NETWORK_IPV4_ADDRESS}
networks:
  my-net:
    name: ${NETWORK_NAME}
    external: true

frigate .env.example

# Host specifics
CONTAINER=frigate
HOSTNAME=[server4]
DNS=192.168.1.1
# Network specifics
NETWORK_NAME=[server4]
NETWORK_IPV4_ADDRESS=[docker-ip-address]
# Timezone from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=America/Denver
# Directory locations
DIRECTORY_CONFIG=/srv/frigate/config
DIRECTORY_DATABASE=/srv/frigate/database
DIRECTORY_MEDIA=/mnt/security1/frigate
# Container specifics
FRIGATE_WYZE_PASSWORD=[password]

Here's an example of an individual service from the host that is being seen by Traefik:

teslamate compose.yaml

services:
  teslamate:
    image: teslamate/teslamate:latest
    container_name: ${CONTAINER}-app
    hostname: ${CONTAINER}-app.${HOSTNAME}
    dns: ${DNS}
    cap_drop:
      - all
    ports:
      - 4000:4000
    environment:
      - ENCRYPTION_KEY=${ENCRYPTION_KEY}
      - DATABASE_USER=${DATABASE_USER}
      - DATABASE_PASS=${DATABASE_PASS}
      - DATABASE_NAME=${DATABASE_NAME}
      - DATABASE_HOST=${DATABASE_HOST}
      - DATABASE_PORT=${DATABASE_PORT}
      - VIRTUAL_HOST=${VIRTUAL_HOST}
      - CHECK_ORIGIN=${CHECK_ORIGIN}
      - MQTT_HOST=${MQTT_HOST}
      - MQTT_PORT=${MQTT_PORT}
      - TZ=${TZ}
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.teslamate.rule=Host(`teslamate.example.org`)"
    #   - "traefik.http.routers.teslamate.tls=true"
    #   - "traefik.http.routers.teslamate.tls.certresolver=myresolver"
      - "traefik.http.services.teslamate.loadbalancer.server.scheme=http"
      - "traefik.http.services.teslamate.loadbalancer.server.port=4000"
    networks:
      my-net:
        ipv4_address: ${NETWORK_IPV4_ADDRESS_APP}
  database:
    image: postgres:13
    container_name: ${CONTAINER}-db
    hostname: ${CONTAINER}-db.${HOSTNAME}
    dns: ${DNS}
    ports:
      - 5432:5432
    environment:
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASS}
      - POSTGRES_DB=${POSTGRES_DB}
      - TZ=${TZ}
    volumes:
      - teslamate-db:/var/lib/postgresql/data
    restart: unless-stopped
    networks:
      my-net:
        ipv4_address: ${NETWORK_IPV4_ADDRESS_DB}
  grafana:
    image: teslamate/grafana:latest
    container_name: ${CONTAINER}-dash
    hostname: ${CONTAINER}-dash.${HOSTNAME}
    dns: ${DNS}
    ports:
      - 3021:3021
    environment:
      - DATABASE_USER=${DATABASE_USER}
      - DATABASE_PASS=${DATABASE_PASS}
      - DATABASE_NAME=${DATABASE_NAME}
      - DATABASE_HOST=${DATABASE_HOST}
      - DATABASE_PORT=${DATABASE_PORT}
      - GF_SERVER_HTTP_PORT=${SERVER_HTTP_PORT}
      - GF_SERVER_DOMAIN=${SERVER_DOMAIN}
      - TZ=${TZ}
    volumes:
      - teslamate-grafana-data:/var/lib/grafana
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.obsidian.rule=Host(`obsidian.example.com`)"
    #   - "traefik.http.routers.obsidian.tls=true"
    #   - "traefik.http.routers.obsidian.tls.certresolver=myresolver"
      - "traefik.http.services.obsidian.loadbalancer.server.scheme=http"
      - "traefik.http.services.obsidian.loadbalancer.server.port=3021"
    networks:
      my-net:
        ipv4_address: ${NETWORK_IPV4_ADDRESS_DASH}
networks:
  my-net:
    name: ${NETWORK_NAME}
    external: true
volumes:
  teslamate-db:
  teslamate-grafana-data:

teslamate .env.example

# Host specifics
CONTAINER=teslamate
HOSTNAME=[server3]
DNS=192.168.1.1
# Network specifics
NETWORK_NAME=[server3]
NETWORK_IPV4_ADDRESS_APP=[docker-ip-address-app]
NETWORK_IPV4_ADDRESS_DB=[docker-ip-address-db]
NETWORK_IPV4_ADDRESS_DASH=[docker-ip-address-dash]
# Timezone from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=America/Denver
# Container specifics
# teslamate
ENCRYPTION_KEY=[encryption_key]
DATABASE_USER=teslamate
DATABASE_PASS=[database_password]
DATABASE_NAME=teslamate
DATABASE_HOST=[server3]
DATABASE_PORT=5432
VIRTUAL_HOST=teslamate.example.com
CHECK_ORIGIN=true
PORT=4000
MQTT_HOST=[mqtt-ip-address]
MQTT_PORT=1883
# postgres
POSTGRES_USER=teslamate
POSTGRES_PASS=[postgres_password]
POSTGRES_DB=teslamate
# grafana
SERVER_HTTP_PORT=3021
SERVER_DOMAIN=obsidian.example.com

Order of Operations

server2
- docker compose --file /srv/redis/compose.yaml pull
- docker compose --file /srv/redis/compose.yaml up --detach
- [wait one minute for redis to spin up]
- docker compose --file /srv/redis/compose.yaml logs
- [check logs to make sure redis service is running successfully]
server1
- docker compose --file /srv/traefik-kop/compose.yaml pull
- docker compose --file /srv/traefik-kop/compose.yaml up --detach
- [wait one minute for traefik-kop to spin up]
- docker compose --file /srv/traefik-kop/compose.yaml logs
- [check logs to make sure traefik-kop service is running successfully]
server2
- docker compose --file /srv/traefik-kop/compose.yaml pull
- docker compose --file /srv/traefik-kop/compose.yaml up --detach
- [wait one minute for traefik-kop to spin up]
- docker compose --file /srv/traefik-kop/compose.yaml logs
- [check logs to make sure traefik-kop service is running successfully]
server3
- docker compose --file /srv/traefik-kop/compose.yaml pull
- docker compose --file /srv/traefik-kop/compose.yaml up --detach
- [wait one minute for traefik-kop to spin up]
- docker compose --file /srv/traefik-kop/compose.yaml logs
- [check logs to make sure traefik-kop service is running successfully]
server4
- docker compose --file /srv/traefik-kop/compose.yaml pull
- docker compose --file /srv/traefik-kop/compose.yaml up --detach
- [wait one minute for traefik-kop to spin up]
- docker compose --file /srv/traefik-kop/compose.yaml logs
- [check logs to make sure traefik-kop service is running successfully]
server2
- docker exec -it redis bash
  - redis-cli
  - auth [redis-password]
  - keys traefik*
  - [164 keys are listed]
  - keys traefik/http/routers/promtail*
    - "traefik/http/routers/promtail-3/rule"
    - "traefik/http/routers/promtail-4/service"
    - "traefik/http/routers/promtail-2/rule"
    - "traefik/http/routers/promtail-1/rule"
    - "traefik/http/routers/promtail-1/service"
    - "traefik/http/routers/promtail-3/service"
    - "traefik/http/routers/promtail-4/rule"
    - "traefik/http/routers/promtail-2/service"
  - get traefik/http/routers/promtail-1/rule
    - "Host(promtail-1.example.com)"
  - get traefik/http/routers/promtail-1/service
    - "promtail-1"
  - get traefik/http/routers/promtail-2/rule
    - "Host(promtail-2.example.com)"
  - get traefik/http/routers/promtail-2/service
    - "promtail-2"
  - get traefik/http/routers/promtail-3/rule
    - "Host(promtail-3.example.com)"
  - get traefik/http/routers/promtail-3/service
    - "promtail-3"
  - get traefik/http/routers/promtail-4/rule
    - "Host(promtail-4.example.com)"
  - get traefik/http/routers/promtail-4/service
    - "promtail-4"
  - keys traefik/http/services/promtail*
    - "traefik/http/services/promtail-4/loadBalancer/servers/0/url"
    - "traefik/http/services/promtail-2/loadBalancer/servers/0/url"
    - "traefik/http/services/promtail-3/loadBalancer/servers/0/url"
    - "traefik/http/services/promtail-2/loadBalancer/passHostHeader"
    - "traefik/http/services/promtail-1/loadBalancer/passHostHeader"
    - "traefik/http/services/promtail-4/loadBalancer/passHostHeader"
    - "traefik/http/services/promtail-1/loadBalancer/servers/0/url"
    - "traefik/http/services/promtail-3/loadBalancer/passHostHeader"
  - get traefik/http/services/promtail-1/loadBalancer/servers/0/url
    - "http://[server1-ip-address]:9080"
  - get traefik/http/services/promtail-1/loadBalancer/passHostHeader
    - "true"
  - get traefik/http/services/promtail-2/loadBalancer/servers/0/url
    - "http://[server2-ip-address]:9080"
  - get traefik/http/services/promtail-2/loadBalancer/passHostHeader
    - "true"
  - get traefik/http/services/promtail-3/loadBalancer/servers/0/url
    - "http://[server3-ip-address]:9080"
  - get traefik/http/services/promtail-3/loadBalancer/passHostHeader
    - "true"
  - get traefik/http/services/promtail-4/loadBalancer/servers/0/url
    - "http://[server4-ip-address]:9080"
  - get traefik/http/services/promtail-4/loadBalancer/passHostHeader
    - "true"
server2
- docker compose --file /srv/traefik/compose.yaml pull
- docker compose --file /srv/traefik/compose.yaml up --detach
- [wait one minute for traefik to spin up]
- docker compose --file /srv/traefik/compose.yaml logs
- [check logs to make sure redis service is running successfully]
- access traefik ui at http://[server2-ip-address]:8888/dashboard/
- review Routers & Services

Traefik Entries

There are 29 Routers and 30 Services in Traefik.

All of the web entrypoints are for server3, none are from the other 3 servers. There are also two traefik entrypoints, which I think are expected.

All of the loadbalancer services are for server3, none are from the other 3 servers. There are also three internal services, which I think are expected.

Problem Definition

Expected Behaviour: Traefik to show services from all 4 servers based on the use of redis as a provider, as the redis cache has entries for services from all servers.

Apparent Behaviour: Traefik only shows services from server3.

Next Steps

Are there any log files I can provide?

Does Traefik store any cache or configuration anywhere that I should flush? I have tried flushing redis (using flushall) to repopulate the cache, but no luck there. I'm wondering if Traefik has temporary stores in docker that I should clear?

Thank you for taking the time to review this!

Doesn't work with multiple services on one container

Currently, there is a problem when configuring multiple routers on one container.
For example:

minio:
  image: quay.io/minio/minio
  volumes:
    - ./minio:/data
  ports:
    - 9000:9000
    - 9001:9001
  command:
    - server
    - /data
    - --console-address
    - ":9001"
  environment:
    MINIO_ROOT_USER: root
    MINIO_ROOT_PASSWORD: root
  labels:
    traefik.enable: true
    traefik.http.routers.s3.rule: "Host(`s3.example.com`)"
    traefik.http.routers.s3.entrypoints: webs
    traefik.http.services.s3.loadbalancer.server.port: 9000

    traefik.http.routers.minio.rule: "Host(`minio.example.com`)"
    traefik.http.routers.minio.entrypoints: webs
    traefik.http.services.minio.loadbalancer.server.port: 9001

It would be really nice to get this working, as it is a bit annoying to put the second one into a different config file :)

Regards,
Dorian

Not working with containers that have healthchecks

traefik-kop works very well in my self-hosted setup. Many thanks for this tool.

However recently I started adding healthchecks to my containers and traefik-kop doesn't seem to play well with that.

With debug enabled I see the log events

time="2022-04-25T14:56:29Z" level=debug msg="Provider event received {Status:start ID:000c8368443c4b636486602894299be6ac6db31cc19e3df91f76521c6a8ef235 From:docker.io/photostructure/server:beta Type:container Action:start Actor:{ID:000c8368443c4b636486602894299be6ac6db31cc19e3df91f76521c6a8ef235 Attributes:map[containerExitCode:0 image:docker.io/photostructure/server:beta <LABELS OMITTED>]} Scope:local Time:1650898589 TimeNano:1650898589195815495}" providerName=docker

time="2022-04-25T14:56:29Z" level=debug msg="Filtering unhealthy or starting container" providerName=docker container=photostructure-000c8368443c4b636486602894299be6ac6db31cc19e3df91f76521c6a8ef235

Basically it seems traefik-kop is detecting the container start, but at the beginning the container is in the starting state, and after some seconds gets promoted to the healthy state. But traefik-kop is never picking up the state transition from starting -> healthy.

If I restart traefik-kop after the container is healthy, traefik-kop detects it just fine.

FWIW I am running this with podman, not docker (by mounting the podman socket into the container as you would with docker). This has worked fine thus far.

Automatic Expire

Hello,

I wanted to try a Redis alternative dragonflydb and I saw that it does not have a notify-keyspace-events flag.
Now my problem is that when traefik-kop sends they keys it to Redis it works like normal. But when I down a container it will not reflect it in Traefik, in Traefik it shows up as a route that is setup.

The work-around in Redis is to set notify-keyspace-events KEA in the config so that it will immediately reflect in Traefik when a route/container is downed.

Is it possible to set up a default expire on the key so that it removes the route when I down the container? Thanks for this project!

router tls entry missing: router.tls=true without resolver is ignored

Hi,
i am running traefik version v2.11 (current latest as of writing) in combination with the current traefik-kop version (v0.13.2).
So far everything works right out of the box in my simple setup (one docker host with traefik, another one with traefik-kop) and the router configuration is updated on traeffic.

Since i am not using a certresolver but certificate files configured in my main traefik instance i have not configured a cert resolver.
I observed a strange behaviour by moving one of my services from the traefik host (where it worked just fine) to the traefik-kop host where it lost the tls configuration.

The labels in use (minimal example):

[...]
ports: 
  - 123...
labels:
  traefik.enable: true
  traefik.http.routers.https_backend.rule: "Host(`hostname.example`) && PathPrefix(`/api`)"
  traefik.http.routers.https_backend.entrypoints: websecure
  traefik.http.routers.https_backend.tls: true
  traefik.http.routers.https_backend.service: service_backend
  traefik.http.services.service_backend.loadbalancer.server.port: 123
  traefik.http.services.service_backend.loadbalancer.server.scheme: https

In the Traefik-Dashboard the router was successfully created, but without any TLS configuration.

In Redis there was no key traefik/http/routers/https_backend/tls set. After i created the key manually with the value true according to the Traefic KV doc the TLS configuration of the router was set as expected.

Since at least i expected the behaviour of traefik-kop to respect the same label tag configuration as traefik itself and the above configuration example is working fine in traefic itself i guess this might be a bug in traefik-kop.

After some time i found a workaround by adding a default certresolver label (traefik.http.routers.https_backend.tls.certresolver:default) which at least worked with my configuration. But since this is not necessary on treafik i consider this behaviour as unexpected.

0.13 breaks `traefik.docker.network`

Switching from 0.12.1 to 0.13 breaks traefik.docker.network (it goes back to using the host's IP, not the container's).

I've not investigated further yet, but opening an issue in case others run into it.

Container fails to restart automatically after server reboot

Hello,

I am experiencing an issue where the Traefik-Kop container does not restart automatically after a server reboot, despite having the restart: always policy set in the docker-compose.yml. After rebooting the server, the container exits with status code 2. The container logs do not provide further information on why the restart is not occurring.

Expected Behavior:
The Traefik-Kop container should restart automatically after the server reboots.

Actual Behavior:
The Traefik-Kop container does not restart and exits with status code 2.

Additional Information:

I have tried using tini as an init system in the Dockerfile, but the issue persists.
Using an entrypoint.sh script with signal handling and a restart loop did not resolve the issue.
The container runs a Go binary (traefik-kop) which interacts with Redis and Docker.

Any assistance or guidance on resolving this issue would be greatly appreciated. Thank you!

Traefik / redis error

Hi, i have a error in the traefik log when I enable redis :
level=error msg="KV connection error: strconv.ParseInt: parsing \"3.1536e+08\": invalid syntax," providerName=redis
I don't know where traefik find this string.
Any idea?

Kop publish local docker ip insted of binded host ip

Hi. Thx for work and so...
If I understand the idea correctly
the BIND_IP is the ip used for publishing all the services in compose file.
But on my config all services published by kop uses docker net ip insted of binded one.

I tried this two ways

treafiek and kop runs on the different vms/hosts
treafiek and kop runs on the same vms/hosts

The kop docker-compose.yml for same host case:

version: "3.2"
services:
  traefik-kop:
    image: "ghcr.io/jittering/traefik-kop:latest"
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - "REDIS_ADDR=${GATEWAY_VM_IP}:63792"
      - "REDIS_PASS=${TRAEFIK_REDIS_PASS}"
      - "BIND_IP=${GATEWAY_VM_IP}"
      - "DEBUG=1"
    networks:
      - internal
  portainer:
    image: portainer/portainer-ce:2.19.0
    ports:
      - "8080:9000"
    volumes:
      - portainer_data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped
    networks:
      - internal
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer-https.rule=Host(`portainer.example.com`)"
      - "traefik.http.routers.portainer-https.entrypoints=websecure"
      - "traefik.http.routers.portainer-https.tls.certresolver=letsentcrypt"
      - "traefik.http.routers.portainer-http.rule=Host(`portainer.example.com`)"
      - "traefik.http.routers.portainer-http.entrypoints=web"
      - "traefik.http.routers.portainer-http.middlewares=https-redirect"
      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
      - "traefik.http.routers.portainer-https.service=portainer"
      - "traefik.http.services.portainer.loadbalancer.server.port=8080"
      - "kop.bind.ip=2.2.2.2"
  ldap-user-manager:
    image: 'wheelybird/ldap-user-manager:v1.6'
    ports:
      - "8081:80"
    environment:
      - SERVER_HOSTNAME=lum.example.com
      - 'LDAP_URI=ldap://${GATEWAY_VM_IP}'
      - 'LDAP_BASE_DN=dc=example,dc=com'
      - LDAP_REQUIRE_STARTTLS=FALSE
      - FORCE_RFC2307BIS=FALSE
      - NO_HTTPS=TRUE
      - LDAP_ADMINS_GROUP=admins
      - 'LDAP_ADMIN_BIND_DN=cn=admin,dc=example,dc=com'
      - LDAP_ADMIN_BIND_PWD=185183b7_fe9d_45a4_a231_e33edd88f242
      - LDAP_IGNORE_CERT_ERRORS=true
      - EMAIL_DOMAIN=example.com
    restart: unless-stopped
    networks:
      - internal
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.ldap-user-manager-https.rule=Host(`lum.example.com`)"
      - "traefik.http.routers.ldap-user-manager-https.entrypoints=websecure"
      - "traefik.http.routers.ldap-user-manager-https.tls.certresolver=letsentcrypt"
      - "traefik.http.routers.ldap-user-manager-http.rule=Host(`lum.example.com`)"
      - "traefik.http.routers.ldap-user-manager-http.entrypoints=web"
      - "traefik.http.routers.ldap-user-manager-http.middlewares=https-redirect"
      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
      - "traefik.http.routers.ldap-user-manager-https.service=ldap-user-manager"
      - "traefik.http.services.ldap-user-manager.loadbalancer.server.port=8081"
volumes:
  portainer_data:
networks:
  internal:

The kop .env:

GATEWAY_VM_IP=192.168.0.86
TRAEFIK_REDIS_PASS=0211680c-4b6b-111e-be56-0242ac120002

The kop log is

vm-user@gateway-vm:~/stacks/admin$ sudo docker logs admin_traefik-kop_1
time="2023-09-05T18:41:01Z" level=debug msg="using traefik-kop config: {DockerConfig: DockerHost:unix:///var/run/docker.sock Hostname:6de8854d1ccb BindIP:192.168.0.86 Addr:192.168.0.86:63792 Pass:0215680c-4b6b-11ee-be56-0242ac120002 DB:0 PollInterval:60}"
time="2023-09-05T18:41:01Z" level=info msg="creating new redis store at 192.168.0.86:63792 for hostname 6de8854d1ccb"
time="2023-09-05T18:41:01Z" level=info msg="Starting provider aggregator *traefikkop.MultiProvider"
time="2023-09-05T18:41:01Z" level=info msg="starting polling provider with 1m0s interval"
time="2023-09-05T18:41:01Z" level=info msg="Starting provider *docker.Provider"
time="2023-09-05T18:41:01Z" level=debug msg="*docker.Provider provider configuration: {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"swarmModeRefreshSeconds\":\"15s\"}"
time="2023-09-05T18:41:01Z" level=debug msg="Provider connection established with docker 24.0.5 (API 1.43)" providerName=docker
time="2023-09-05T18:41:01Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-kop-admin-6de8854d1ccb1d2c10dfc604cfc4ede10b3556502470eff22fdd0b19d8f57e29
time="2023-09-05T18:41:01Z" level=debug msg="Filtering disabled container" providerName=docker container=openldap-gateway-5e38cd41b2c630039ec9dcbc30138524e1b6cf2084abea5abcff24f51ac9bdb9
time="2023-09-05T18:41:01Z" level=debug msg="Filtering disabled container" providerName=docker container=authelia-redis-gateway-225a26a9e9fdededd1fbc180f1f6d67fced9b30117bd55bc81c043d100584f0f
time="2023-09-05T18:41:01Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-redis-gateway-6c3930a5a6b3c551760a4062084dbe3615678bedb0b1f709b66a74fc8a34093c
time="2023-09-05T18:41:01Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"authelia\":{\"entryPoints\":[\"websecure\"],\"service\":\"authelia\",\"rule\":\"Host(`auth.larin.center`)\",\"tls\":{\"certResolver\":\"letsentcrypt\"}},\"ldap-user-manager-http\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"https-redirect\"],\"service\":\"ldap-user-manager\",\"rule\":\"Host(`lum.larin.center`)\"},\"ldap-user-manager-https\":{\"entryPoints\":[\"websecure\"],\"service\":\"ldap-user-manager\",\"rule\":\"Host(`lum.larin.center`)\",\"tls\":{\"certResolver\":\"letsentcrypt\"}},\"portainer-http\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"https-redirect\"],\"service\":\"portainer\",\"rule\":\"Host(`portainer.larin.center`)\"},\"portainer-https\":{\"entryPoints\":[\"websecure\"],\"service\":\"portainer\",\"rule\":\"Host(`portainer.larin.center`)\",\"tls\":{\"certResolver\":\"letsentcrypt\"}},\"traefik-http\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"https-redirect\"],\"service\":\"traefik-gateway\",\"rule\":\"Host(`traefik.larin.center`)\"},\"traefik-https\":{\"entryPoints\":[\"websecure\"],\"middlewares\":[\"authelia@docker\"],\"service\":\"api@internal\",\"rule\":\"Host(`traefik.larin.center`)\",\"tls\":{\"certResolver\":\"letsentcrypt\"}}},\"services\":{\"authelia\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.29.0.5:9091\"}],\"passHostHeader\":true}},\"ldap-user-manager\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.16.4:8081\"}],\"passHostHeader\":true}},\"portainer\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.16.2:8080\"}],\"passHostHeader\":true}},\"traefik-gateway\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.29.0.6:80\"}],\"passHostHeader\":true}}},\"middlewares\":{\"authelia\":{\"forwardAuth\":{\"address\":\"http://authelia:9091/api/verify?rd=https://auth.larin.center\",\"trustForwardHeader\":true,\"authResponseHeaders\":[\"Remote-User\",\"Remote-Groups\",\"Remote-Name\",\"Remote-Email\"]}},\"authelia-basic\":{\"forwardAuth\":{\"address\":\"http://authelia:9091/api/verify?auth=basic\",\"trustForwardHeader\":true,\"authResponseHeaders\":[\"Remote-User\",\"Remote-Groups\",\"Remote-Name\",\"Remote-Email\"]}},\"https-redirect\":{\"redirectScheme\":{\"scheme\":\"https\",\"permanent\":true}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2023-09-05T18:41:01Z" level=info msg="refreshing traefik-kop configuration"
time="2023-09-05T18:41:01Z" level=debug msg="found http service: portainer@docker" service=portainer@docker service-type=http
time="2023-09-05T18:41:01Z" level=debug msg="found router 'portainer-http@docker' for service portainer"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/admin_portainer_1' (2b1222bc496fce7acade908d6605053e66c160d44bfbacc6991d373b6e97a751) for service 'portainer'"
time="2023-09-05T18:41:01Z" level=debug msg="found label kop.bind.ip with IP '2.2.2.2' for service portainer"
time="2023-09-05T18:41:01Z" level=debug msg="using load balancer URL for port detection: http://192.168.16.2:8080" service=portainer@docker service-type=http
time="2023-09-05T18:41:01Z" level=debug msg="found router 'portainer-http@docker' for service portainer"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/admin_portainer_1' (2b1222bc496fce7acade908d6605053e66c160d44bfbacc6991d373b6e97a751) for service 'portainer'"
time="2023-09-05T18:41:01Z" level=debug msg="using explicitly set port 8080 for portainer@docker" service-type=http service=portainer@docker
time="2023-09-05T18:41:01Z" level=info msg="publishing http://2.2.2.2:8080" service=portainer@docker service-type=http
time="2023-09-05T18:41:01Z" level=debug msg="found http service: traefik-gateway@docker" service-type=http service=traefik-gateway@docker
time="2023-09-05T18:41:01Z" level=debug msg="found router 'traefik-http@docker' for service traefik-gateway"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/gateway_traefik_1' (0b0f005b646af94a8c930161983cbc0ea17e06d2877d994e953af06b74217460) for service 'traefik-gateway'"
time="2023-09-05T18:41:01Z" level=debug msg="found router 'traefik-http@docker' for service traefik-gateway"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/gateway_traefik_1' (0b0f005b646af94a8c930161983cbc0ea17e06d2877d994e953af06b74217460) for service 'traefik-gateway'"
time="2023-09-05T18:41:01Z" level=debug msg="no network label set for traefik-gateway@docker"
time="2023-09-05T18:41:01Z" level=debug msg="using load balancer URL for port detection: http://172.29.0.6:80" service-type=http service=traefik-gateway@docker
time="2023-09-05T18:41:01Z" level=debug msg="found router 'traefik-http@docker' for service traefik-gateway"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/gateway_traefik_1' (0b0f005b646af94a8c930161983cbc0ea17e06d2877d994e953af06b74217460) for service 'traefik-gateway'"
time="2023-09-05T18:41:01Z" level=warning msg="found more than one host-port binding for container '/gateway_traefik_1' (80:80, 443:443)" service=traefik-gateway@docker service-type=http
time="2023-09-05T18:41:01Z" level=debug msg="using existing port 80" service-type=http service=traefik-gateway@docker
time="2023-09-05T18:41:01Z" level=info msg="publishing http://192.168.0.86:80" service=traefik-gateway@docker service-type=http
time="2023-09-05T18:41:01Z" level=debug msg="found http service: authelia@docker" service=authelia@docker service-type=http
time="2023-09-05T18:41:01Z" level=debug msg="found router 'authelia@docker' for service authelia"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/gateway_authelia_1' (e64e4018a8eac24a6490bddaf60f4dc1249e05a65f90cc03a5dae35e2d1336c0) for service 'authelia'"
time="2023-09-05T18:41:01Z" level=debug msg="found router 'authelia@docker' for service authelia"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/gateway_authelia_1' (e64e4018a8eac24a6490bddaf60f4dc1249e05a65f90cc03a5dae35e2d1336c0) for service 'authelia'"
time="2023-09-05T18:41:01Z" level=debug msg="no network label set for authelia@docker"
time="2023-09-05T18:41:01Z" level=debug msg="using load balancer URL for port detection: http://172.29.0.5:9091" service-type=http service=authelia@docker
time="2023-09-05T18:41:01Z" level=debug msg="found router 'authelia@docker' for service authelia"
time="2023-09-05T18:41:02Z" level=debug msg="found container '/gateway_authelia_1' (e64e4018a8eac24a6490bddaf60f4dc1249e05a65f90cc03a5dae35e2d1336c0) for service 'authelia'"
time="2023-09-05T18:41:02Z" level=debug msg="using explicitly set port 9091 for authelia@docker" service=authelia@docker service-type=http
time="2023-09-05T18:41:02Z" level=info msg="publishing http://192.168.0.86:9091" service=authelia@docker service-type=http
time="2023-09-05T18:41:02Z" level=debug msg="found http service: ldap-user-manager@docker" service=ldap-user-manager@docker service-type=http
time="2023-09-05T18:41:02Z" level=debug msg="found router 'ldap-user-manager-http@docker' for service ldap-user-manager"
time="2023-09-05T18:41:02Z" level=debug msg="found container '/admin_ldap-user-manager_1' (2ebaafe69e36f4f2e0f28290a4687e6c339eda403b1b013d11aea886fed8cc4f) for service 'ldap-user-manager'"
time="2023-09-05T18:41:02Z" level=debug msg="found router 'ldap-user-manager-http@docker' for service ldap-user-manager"
time="2023-09-05T18:41:02Z" level=debug msg="found container '/admin_ldap-user-manager_1' (2ebaafe69e36f4f2e0f28290a4687e6c339eda403b1b013d11aea886fed8cc4f) for service 'ldap-user-manager'"
time="2023-09-05T18:41:02Z" level=debug msg="no network label set for ldap-user-manager@docker"
time="2023-09-05T18:41:02Z" level=debug msg="using load balancer URL for port detection: http://192.168.16.4:8081" service=ldap-user-manager@docker service-type=http
time="2023-09-05T18:41:02Z" level=debug msg="found router 'ldap-user-manager-https@docker' for service ldap-user-manager"
time="2023-09-05T18:41:02Z" level=debug msg="found container '/admin_ldap-user-manager_1' (2ebaafe69e36f4f2e0f28290a4687e6c339eda403b1b013d11aea886fed8cc4f) for service 'ldap-user-manager'"
time="2023-09-05T18:41:02Z" level=debug msg="using explicitly set port 8081 for ldap-user-manager@docker" service-type=http service=ldap-user-manager@docker
time="2023-09-05T18:41:02Z" level=info msg="publishing http://192.168.0.86:8081" service-type=http service=ldap-user-manager@docker
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-http/middlewares/0 = https-redirect"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-http/service = portainer"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-http/rule = Host(`traefik.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/authelia/tls/certResolver = letsentcrypt"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia-basic/forwardAuth/authResponseHeaders/0 = Remote-User"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia/forwardAuth/authResponseHeaders/0 = Remote-User"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-https/service = ldap-user-manager"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-https/tls/certResolver = letsentcrypt"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia/forwardAuth/authResponseHeaders/2 = Remote-Name"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-https/tls/certResolver = letsentcrypt"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/ldap-user-manager/loadBalancer/passHostHeader = true"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-https/entryPoints/0 = websecure"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-http/entryPoints/0 = web"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-https/entryPoints/0 = websecure"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/authelia/rule = Host(`auth.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/ldap-user-manager/loadBalancer/servers/0/url = http://192.168.0.86:8081"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/portainer/loadBalancer/servers/0/url = http://2.2.2.2:8080"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-http/middlewares/0 = https-redirect"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-http/service = ldap-user-manager"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/portainer/loadBalancer/passHostHeader = true"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/traefik-gateway/loadBalancer/passHostHeader = true"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia-basic/forwardAuth/authResponseHeaders/1 = Remote-Groups"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia/forwardAuth/authResponseHeaders/3 = Remote-Email"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/https-redirect/redirectScheme/scheme = https"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/https-redirect/redirectScheme/permanent = true"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-https/rule = Host(`lum.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/authelia/loadBalancer/passHostHeader = true"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/traefik-gateway/loadBalancer/servers/0/url = http://192.168.0.86:80"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia/forwardAuth/trustForwardHeader = true"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-https/service = portainer"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-https/rule = Host(`portainer.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-http/middlewares/0 = https-redirect"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia-basic/forwardAuth/address = http://authelia:9091/api/verify?auth=basic"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-http/entryPoints/0 = web"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-https/entryPoints/0 = websecure"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia-basic/forwardAuth/authResponseHeaders/3 = Remote-Email"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia/forwardAuth/address = http://authelia:9091/api/verify?rd=https://auth.larin.center"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-https/rule = Host(`traefik.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/authelia/service = authelia"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-http/rule = Host(`portainer.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-http/service = traefik-gateway"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-https/middlewares/0 = authelia@docker"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-https/service = api@internal"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-https/tls/certResolver = letsentcrypt"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/authelia/entryPoints/0 = websecure"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-http/rule = Host(`lum.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-http/entryPoints/0 = web"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia-basic/forwardAuth/authResponseHeaders/2 = Remote-Name"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia/forwardAuth/authResponseHeaders/1 = Remote-Groups"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/authelia/loadBalancer/servers/0/url = http://192.168.0.86:9091"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia-basic/forwardAuth/trustForwardHeader = true"

The proof of ip binding is

Expected IP is host 192.168.0.86

traefik.http.routers.example.rule: 'Host(`example.com`) && Path(`/example/`)' does not work

The label:

traefik.http.routers.example.rule: 'Host(`example.com`) && Path(`/example/`)'

does not work, but:

traefik.http.routers.example.rule: 'Host(`example.com`)'

does work.

Go runtime error

    You can also try the very latest build here, just to ensure you got the write image: `ghcr.io/jittering/traefik-kop:0.12.2-next-22aaa3b-amd64`

Originally posted by @chetan in #18 (comment)

Same error.

Error with DEBUG=1 ENV:

time="2022-10-13T14:59:26Z" level=debug msg="found container '/pwm-bitwarden-1' (925f5dbfc0dd96bad4fa68766eb4e3223cfad35c57206bb2661fa5b2798e52e5) for service 'bitwarden'"
time="2022-10-13T14:59:26Z" level=debug msg="found label kop.bitwarden.bind.ip with IP '172.16.0.13' for service bitwarden"
time="2022-10-13T14:59:26Z" level=debug msg="using load balancer URL for port detection: http://10.10.2.7:80" service=bitwarden@docker service-type=http
time="2022-10-13T14:59:26Z" level=debug msg="found router 'bitwarden@docker' for service bitwarden"
time="2022-10-13T14:59:26Z" level=debug msg="found container '/pwm-bitwarden-1' (925f5dbfc0dd96bad4fa68766eb4e3223cfad35c57206bb2661fa5b2798e52e5) for service 'bitwarden'"
time="2022-10-13T14:59:26Z" level=debug msg="using explicitly set port 80 for bitwarden@docker" service=bitwarden@docker service-type=http
time="2022-10-13T14:59:26Z" level=info msg="publishing http://172.16.0.13:80" service=bitwarden@docker service-type=http
time="2022-10-13T14:59:26Z" level=debug msg="found http service: guacamole@docker" service=guacamole@docker service-type=http
time="2022-10-13T14:59:26Z" level=debug msg="found router 'guacamole@docker' for service guacamole"
time="2022-10-13T14:59:26Z" level=debug msg="found container '/rmt-guacamole-1' (5071b739781c84896aa494b5b69a4770a73478798ab77310c589616f61c1a54a) for service 'guacamole'"
time="2022-10-13T14:59:26Z" level=debug msg="found label kop.guacamole.bind.ip with IP '172.16.0.17' for service guacamole"
time="2022-10-13T14:59:26Z" level=debug msg="using load balancer URL for port detection: http://10.10.2.8:8080" service=guacamole@docker service-type=http
time="2022-10-13T14:59:26Z" level=debug msg="found router 'guacamole@docker' for service guacamole"
time="2022-10-13T14:59:26Z" level=debug msg="found container '/rmt-guacamole-1' (5071b739781c84896aa494b5b69a4770a73478798ab77310c589616f61c1a54a) for service 'guacamole'"
time="2022-10-13T14:59:26Z" level=debug msg="using explicitly set port 8080 for guacamole@docker" service=guacamole@docker service-type=http
time="2022-10-13T14:59:26Z" level=info msg="publishing http://172.16.0.17:8080" service-type=http service=guacamole@docker
time="2022-10-13T14:59:26Z" level=debug msg="found http service: jellyfin@docker" service=jellyfin@docker service-type=http
time="2022-10-13T14:59:26Z" level=debug msg="found router 'jellyfin@docker' for service jellyfin"
time="2022-10-13T14:59:26Z" level=debug msg="found container '/jf-jellyfin-1' (0249cede9cfb095c6dda3e03c4080e93ab278cb9ad10f25003ab18b225f67b09) for service 'jellyfin'"
time="2022-10-13T14:59:26Z" level=debug msg="found label kop.jellyfin.bind.ip with IP '172.16.0.15' for service jellyfin"
time="2022-10-13T14:59:26Z" level=debug msg="using load balancer URL for port detection: http://172.16.0.15:80" service=jellyfin@docker service-type=http
time="2022-10-13T14:59:26Z" level=debug msg="found router 'jellyfin@docker' for service jellyfin"
time="2022-10-13T14:59:26Z" level=debug msg="found container '/jf-jellyfin-1' (0249cede9cfb095c6dda3e03c4080e93ab278cb9ad10f25003ab18b225f67b09) for service 'jellyfin'"
time="2022-10-13T14:59:26Z" level=debug msg="using explicitly set port 80 for jellyfin@docker" service=jellyfin@docker service-type=http
time="2022-10-13T14:59:26Z" level=info msg="publishing http://172.16.0.15:80" service=jellyfin@docker service-type=http
time="2022-10-13T14:59:26Z" level=debug msg="found http service: nextcloud@docker" service-type=http service=nextcloud@docker
time="2022-10-13T14:59:26Z" level=debug msg="found router 'nextcloud@docker' for service nextcloud"
time="2022-10-13T14:59:26Z" level=debug msg="found container '/nc-nextcloud-1' (1bcaf17d22b671f70955b2c5e287d754612b171c44e9f8476cedd23ee7f6d1c8) for service 'nextcloud'"
time="2022-10-13T14:59:26Z" level=debug msg="found label kop.nextcloud.bind.ip with IP '172.16.0.14' for service nextcloud"
time="2022-10-13T14:59:26Z" level=debug msg="using load balancer URL for port detection: https://172.16.0.14:443" service=nextcloud@docker service-type=http
time="2022-10-13T14:59:26Z" level=debug msg="found router 'nextcloud@docker' for service nextcloud"
time="2022-10-13T14:59:26Z" level=debug msg="found container '/nc-nextcloud-1' (1bcaf17d22b671f70955b2c5e287d754612b171c44e9f8476cedd23ee7f6d1c8) for service 'nextcloud'"
time="2022-10-13T14:59:26Z" level=debug msg="using explicitly set port 443 for nextcloud@docker" service-type=http service=nextcloud@docker
time="2022-10-13T14:59:26Z" level=info msg="publishing https://172.16.0.14:443" service=nextcloud@docker service-type=http
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/jellyfin/service = jellyfin"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/onlyoffice/entryPoints/0 = https"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/services/bitwarden/loadBalancer/passHostHeader = true"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/bitwarden/entryPoints/0 = https"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/bitwarden/service = bitwarden"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/nextcloud/entryPoints/0 = https"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/nextcloud/rule = Host(`srv-nextcloud.intra.holypenguin.net`)"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/onlyoffice/rule = Host(`srv-onlyoffice.intra.holypenguin.net`)"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/services/onlyoffice/loadBalancer/servers/0/url = http://172.16.0.16:80"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/services/onlyoffice/loadBalancer/passHostHeader = true"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/services/jellyfin/loadBalancer/passHostHeader = true"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/guacamole/entryPoints/0 = https"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/jellyfin/rule = Host(`srv-jellyfin.intra.holypenguin.net`)"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/onlyoffice/service = onlyoffice"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/services/guacamole/loadBalancer/passHostHeader = true"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/services/jellyfin/loadBalancer/servers/0/url = http://172.16.0.15:80"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/services/nextcloud/loadBalancer/servers/0/url = https://172.16.0.14:443"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/bitwarden/rule = Host(`srv-bitwarden.intra.holypenguin.net`)"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/guacamole/rule = Host(`srv-guacamole.intra.holypenguin.net`)"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/nextcloud/service = nextcloud"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/services/bitwarden/loadBalancer/servers/0/url = http://172.16.0.13:80"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/services/guacamole/loadBalancer/servers/0/url = http://172.16.0.17:8080"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/services/nextcloud/loadBalancer/passHostHeader = true"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/guacamole/service = guacamole"
time="2022-10-13T14:59:26Z" level=debug msg="writing traefik/http/routers/jellyfin/entryPoints/0 = https"
time="2022-10-13T15:00:26Z" level=debug msg=tick
time="2022-10-13T15:00:26Z" level=debug msg="Provider connection established with docker 20.10.18 (API 1.41)" providerName=docker
time="2022-10-13T15:00:26Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-kop-proxy-66c5783c4e39e730be9b93ded5d6d3eb150c43195247c57385e734bdba2909d8
time="2022-10-13T15:00:26Z" level=error msg="Error in Go routine: runtime error: invalid memory address or nil pointer dereference"
time="2022-10-13T15:00:26Z" level=error msg="Stack: goroutine 23 [running]:\nruntime/debug.Stack()\n\t/opt/hostedtoolcache/go/1.19.1/x64/src/runtime/debug/stack.go:24 +0x65\ngithub.com/traefik/traefik/v2/pkg/safe.defaultRecoverGoroutine({0x247d900?, 0x41cbaa0})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:66 +0xa5\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:74 +0x35\npanic({0x247d900, 0x41cbaa0})\n\t/opt/hostedtoolcache/go/1.19.1/x64/src/runtime/panic.go:884 +0x212\ntext/template.errRecover(0xc000fef230)\n\t/opt/hostedtoolcache/go/1.19.1/x64/src/text/template/exec.go:164 +0x165\npanic({0x247d900, 0x41cbaa0})\n\t/opt/hostedtoolcache/go/1.19.1/x64/src/runtime/panic.go:884 +0x212\ntext/template.(*Template).execute(0x0, {0x2e184e0?, 0xc00027de30?}, {0x253f740?, 0xc0011cc228?})\n\t/opt/hostedtoolcache/go/1.19.1/x64/src/text/template/exec.go:215 +0x22c\ntext/template.(*Template).Execute(...)\n\t/opt/hostedtoolcache/go/1.19.1/x64/src/text/template/exec.go:201\ngithub.com/traefik/traefik/v2/pkg/provider.BuildRouterConfiguration({0x2e3bb00, 0xc000160540}, 0xc00027dbc0, {0xc000a577a0?, 0xc0002f3b90?}, 0x10?, {0x253f740, 0xc0011cc228})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/configuration.go:404 +0x2d1\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).buildConfiguration(0xc0001d63f0, {0x2e3bb00, 0xc000160540}, {0xc0009a4000, 0x8, 0xc0012fd8a0?})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/config.go:83 +0x765\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:231 +0x6fc\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:78 +0x63\ngithub.com/cenkalti/backoff/v4.RetryNotifyWithTimer(0xc000fc2480, {0x14bf9b1f4d98, 0xc0013c8020}, 0xc000feff20, {0x0?, 0x0?})\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:55 +0x12a\ngithub.com/cenkalti/backoff/v4.RetryNotify(...)\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:34\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1({0x2e3ba58?, 0xc00028e340?})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:331 +0x2fb\ngithub.com/traefik/traefik/v2/pkg/safe.(*Pool).GoCtx.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:36 +0x66\ngithub.com/traefik/traefik/v2/pkg/safe.GoWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:59 +0x5b\ncreated by github.com/traefik/traefik/v2/pkg/safe.GoWithRecover\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:53 +0x72\n"
time="2022-10-13T15:00:26Z" level=error msg="Provider connection error panic in operation: %!w(<nil>), retrying in 579.272613ms" providerName=docker

Handle containers with static IPs

I Just came across your very handy service. I have several containers that use a macvlan type network and statically defined IPs on the same vlan as the docker host(s). Example, a docker host has an IP of 192.168.1.10, the pihole container on that host is using 192.168.1.50:80|53. In this case, your service is reporting the pihole admin web service is at http://192.168.1.10:80 (docker host) instead of the container static IP of http://192.168.1.50:80. It seems that there my be additional information that needs to be parsed to account for containers that use static, bridge, and external DHCP container networks.

Thanks!

Multiple instances?

I'd like to have this running on 2 different servers (A & B), feeding data to a traefik instance running on a third (C). It seems. however, that whenever I publish a container to "B" it blats all of the "A" configuration currently registered on "C" (and vice-versa). I'm sharing the redis instance, is this the issue ? Can traefik support multiple redis sources in any case? Thoughts?

Possibility to ignoring specific containers

Hi there!

Is it possible to add a label to indicate the names of those containers that should not be monitored?

I encountered on one of my hosts the fact that there was already a kop there, and I needed to add several new services that had to be monitored by another (new) kop to another traefik, and it turns out that I can't ignore the old containers that work in conjunction with old kop instance, and the wrong entries still end up on my other traffic...

Troubleshooting Setup

Hi Cheten,

Thank you for creating this agent!

I've attempted to install and use Traefik-kop but so far I've been unable to make Traefik detect the remote service. I suspect a configuration issue somewhere so I've copied below my setup in case you can spot an issue. Could you suggest any methods to test connectivity between the hosts please?

So far I have two physical Docker hosts - dnuca with Traefik and dnucb with a Firefox container.

dnuca has the following Traefik and redis conatainer config (I use labels for Traefik configuration)
(Host IP: 192.168.1.107)

version: "3.8"

networks:
  t2_proxy:
    external:
      name: t2_proxy
  default:
    driver: bridge
  socket_proxy:
    external:
      name: socket_proxy

 traefik:
    container_name: traefik
    image: traefik
    restart: unless-stopped
    command: # CLI arguments
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
        # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
      - --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22
      - --entryPoints.traefik.address=:8080
      - --api=true
      - --api.dashboard=true
      - --log=true
      - --log.level=INFO # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=/traefik.log
      - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      - --accessLog.filters.statusCodes=400-499
      - --providers.docker=true
      - --providers.docker.endpoint=tcp://socket-proxy:2375
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=t2_proxy
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory
      - --providers.file.watch=true # Only works on top level files in the rules folder
      - --providers.providersThrottleDuration=2s
      - --providers.redis.endpoints=redis:6379
      - --entrypoints.https.http.tls.options=tls-opts@file
      - --entrypoints.https.http.tls.certresolver=dns-cloudflare
      - --entrypoints.https.http.tls.domains[0].main=$DOMAINNAME # Pulls main cert for second domain
      - --entrypoints.https.http.tls.domains[0].sans=*.$DOMAINNAME # Pulls wildcard cert for second domain
      # - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
      - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
      - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate
    networks:
      t2_proxy:
        ipv4_address: 192.168.90.254 # You can specify a static IP
      socket_proxy:
    depends_on:
      - socket-proxy
      - oauth
    security_opt:
      - no-new-privileges:true
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    volumes:
      - $DOCKERDIR/traefik2/rules:/rules # file provider directory
      # - /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security
      - $DOCKERDIR/traefik2/acme/acme.json:/acme.json # cert location - you must touch this file and change permissions to 600
      - $DOCKERDIR/traefik2/traefik.log:/traefik.log # for fail2ban - make sure to touch file before starting container
      - $DOCKERDIR/shared:/shared
    environment:
      - CF_API_EMAIL_FILE=/run/secrets/cloudflare_email
      - CF_API_KEY_FILE=/run/secrets/cloudflare_api_key
    secrets:
      - cloudflare_email
      - cloudflare_api_key
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
      - "traefik.enable=true"
      # HTTP-to-HTTPS Redirect
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
      - "traefik.http.routers.traefik-rtr.tls=true"
      ## Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"
      ## Middlewares
      - "traefik.http.routers.traefik-rtr.middlewares=chain-authelia@file"

  redis:
    image: redis
    container_name: redis
    restart: always
    ports:
      - "6379:6379"
    environment:
      - REDIS_REPLICATION_MODE=master
    volumes:
      - $DOCKERDIR/redis:/data
    networks:
      t2_proxy:

dnucb host (Host IP 192.168.1.32):

version: "3.8"

networks:
  t2_proxy:
    external:
      name: t2_proxy
  default:
    driver: bridge

services:
  firefox:
    image: jlesage/firefox:latest
    container_name: firefox
    restart: unless-stopped
    networks:
      - t2_proxy
    security_opt:
      - no-new-privileges:true
      - seccomp:unconfined 
    ports:
      - "9007:5800"
    volumes:
      - $DOCKERDIR/firefox:/config
      - /dev/shm:/dev/shm
      - $DOCKERDIR/shared:/shared
    environment:
      USER_ID: $PUID
      GROUP_ID: $PGID
      TZ: $TZ
      UMASK: 002
      KEEP_APP_RUNNING: 1
      CLEAN_TMP_DIR: 1
      DISPLAY_WIDTH: 1440
      DISPLAY_HEIGHT: 900
      VNC_PASSWD: $FIREFOX_VNC_PASSWD
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.firefox-rtr.entrypoints=https"
      - "traefik.http.routers.firefox-rtr.rule=Host(`firefox.$DOMAINNAME`)"
      - "traefik.http.routers.firefox-rtr.tls=true"
      ## Middlewares
      - "traefik.http.routers.firefox-rtr.middlewares=chain-authelia@file"
      ## HTTP Services
      - "traefik.http.routers.firefox-rtr.service=firefox-svc"
      - "traefik.http.services.firefox-svc.loadbalancer.server.port=9007"

  traefik-kop:
    image: "ghcr.io/jittering/traefik-kop:latest"
    container_name: traefik-kop
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - "REDIS_ADDR=192.168.1.107:6379"
      - "BIND_IP=192.168.1.32"

Verbose logs from Traefik-top:

today at 19:23:50time="2022-01-23T19:23:50Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
today at 19:23:50time="2022-01-23T19:23:50Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"swarmModeRefreshSeconds\":\"15s\"}"
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="Provider connection established with docker 20.10.12 (API 1.41)" providerName=docker
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="Filtering disabled container" container=traefik-kop-docker-c51df9724828ba18f2add6b70644cf8f5781f6da7272c0e5eb459a0bde83032b providerName=docker
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="Filtering disabled container" providerName=docker container=dozzle-docker-422c096b8822c83fbb62785969680a64c31a071dd1a6f701e66b83bb26182b44
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="Configuration received from provider docker: {\"http\":{\"routers\":{\"firefox-rtr\":{\"entryPoints\":[\"https\"],\"middlewares\":[\"chain-authelia@file\"],\"service\":\"firefox-svc\",\"rule\":\"Host(`firefox.mydomain.com`)\",\"tls\":{}}},\"services\":{\"firefox-svc\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.2:9007\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
today at 19:23:50time="2022-01-23T19:23:50Z" level=info msg="refreshing configuration"
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="found http service: firefox-svc@docker"
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="found router firefox-rtr for service firefox-svc"
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="found container '/firefoxdsrv2' (d8f4504b5cb862c596eb54a0004d2cc4a8174b2c303f15f38812969f61e11fa1) for service 'firefox-svc'"
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="using explicitly set port 9007 for firefox-svc"
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="writing traefik/http/routers/firefox-rtr/service = firefox-svc"
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="writing traefik/http/routers/firefox-rtr/rule = Host(`firefox.mydomain.com`)"
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="writing traefik/http/services/firefox-svc/loadBalancer/servers/0/url = http://192.168.1.32:9007"
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="writing traefik/http/services/firefox-svc/loadBalancer/passHostHeader = true"
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="writing traefik/http/routers/firefox-rtr/entryPoints/0 = https"
today at 19:23:50time="2022-01-23T19:23:50Z" level=debug msg="writing traefik/http/routers/firefox-rtr/middlewares/0 = chain-authelia@file"

Logs from Redis:

yesterday at 19:28:591:C 22 Jan 2022 19:28:59.763 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
yesterday at 19:28:591:C 22 Jan 2022 19:28:59.763 # Redis version=6.2.6, bits=64, commit=00000000, modified=0, pid=1, just started
yesterday at 19:28:591:C 22 Jan 2022 19:28:59.763 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
yesterday at 19:28:591:M 22 Jan 2022 19:28:59.763 * monotonic clock: POSIX clock_gettime
yesterday at 19:28:591:M 22 Jan 2022 19:28:59.764 * Running mode=standalone, port=6379.
yesterday at 19:28:591:M 22 Jan 2022 19:28:59.764 # Server initialized
yesterday at 19:28:591:M 22 Jan 2022 19:28:59.764 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
yesterday at 19:28:591:M 22 Jan 2022 19:28:59.764 * Ready to accept connections
yesterday at 20:29:001:M 22 Jan 2022 20:29:00.029 * 1 changes in 3600 seconds. Saving...
yesterday at 20:29:001:M 22 Jan 2022 20:29:00.029 * Background saving started by pid 20
yesterday at 20:29:0020:C 22 Jan 2022 20:29:00.034 * DB saved on disk
yesterday at 20:29:0020:C 22 Jan 2022 20:29:00.034 * RDB: 0 MB of memory used by copy-on-write
yesterday at 20:29:001:M 22 Jan 2022 20:29:00.130 * Background saving terminated with success
today at 18:41:031:M 23 Jan 2022 18:41:03.620 * 1 changes in 3600 seconds. Saving...
today at 18:41:031:M 23 Jan 2022 18:41:03.620 * Background saving started by pid 21
today at 18:41:0321:C 23 Jan 2022 18:41:03.630 * DB saved on disk
today at 18:41:0321:C 23 Jan 2022 18:41:03.631 * RDB: 0 MB of memory used by copy-on-write
today at 18:41:031:M 23 Jan 2022 18:41:03.722 * Background saving terminated with success
today at 18:41:031:M 23 Jan 2022 18:41:03.722 * Background saving terminated with success
today at 18:41:031:M 23 Jan 2022 18:41:03.722 * Background saving terminated with success
today at 18:41:031:M 23 Jan 2022 18:41:03.722 * Background saving terminated with success

Traefik logs gave an error saying "Key not found in store" - is this part of the problem?

yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="Configuration loaded from flags."
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="Traefik version 2.5.7 built on 2022-01-20T16:16:23Z"
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="Stats collection is enabled."
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration."
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="Help us improve Traefik by leaving this feature on :)"
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="More details on: https://doc.traefik.io/traefik/contributing/data-collection/"
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="Starting provider *file.Provider {\"directory\":\"/rules\",\"watch\":true}"
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="Starting provider *traefik.Provider {}"
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="Starting provider *acme.Provider {\"email\":\"[email protected]\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"cloudflare\",\"delayBeforeCheck\":\"1m30s\",\"resolvers\":[\"1.1.1.1:53\",\"1.0.0.1:53\"]},\"ResolverName\":\"dns-cloudflare\",\"store\":{},\"TLSChallengeProvider\":{\"Timeout\":4000000000},\"HTTPChallengeProvider\":{}}"
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"tcp://socket-proxy:2375\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"t2_proxy\",\"swarmModeRefreshSeconds\":\"15s\"}"
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="Testing certificate renew..." providerName=dns-cloudflare.acme
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="Starting provider *redis.Provider {\"rootKey\":\"traefik\",\"endpoints\":[\"redis:6379\"]}"
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=info msg="Starting provider *acme.ChallengeTLSALPN {\"Timeout\":4000000000}"
yesterday at 19:46:35time="2022-01-22T19:46:35Z" level=error msg="Cannot build the configuration: Key not found in store" providerName=redis
yesterday at 19:46:352022/01/22 19:46:35 redis.go:310: watchLoop in WatchTree err:Key not found in store

Thanks.

TCP rules not being published

Hi,

I'm trying to create a TCP router alongside my http router for a container.
It looks like the http rule gets published, but the tcp one does not:

time="2024-05-03T05:30:46Z" level=info msg="publishing http://192.168.22.10:9001" service=mqtt@docker service-type=http

Here's the config from the container's compose.yml:

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mqtt.rule=Host(`mqtt.local`)"
      - "traefik.http.services.mqtt.loadbalancer.server.port=9001"
      # MQTT routing
      - "traefik.tcp.routers.mqtt.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.mqtt.entrypoints=mqtt"
      - "traefik.tcp.routers.mqtt.service=service-broker-mqtt"
      - "traefik.tcp.services.mqtt.loadbalancer.server.port=1883"

Is this expected or is there some configuration I am missing?

Cheers

--health-cmd ?

I (wherever possible) monitor my containers with the excellent willfarrell/autoheal docker container. What would be a suitable --health-cmd for traefik-cop to test it's state of health?

Existing Redis Keys Removed Upon Adding New Server's Redis Keys

Hello,

Thanks for making this project. I am experiencing a strange behaviour of a relatively trivial implementation. I have 3 servers:

1. proxy: Traefik & Redis

docker-compose.yml

networks:
  wan:
    name: wan
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 10.0.100.0/24

  docker_proxy:
    name: docker_proxy
    external: false

  traefik-kop:
    name: traefik-kop
    external: false

volumes:
  traefik-acme:

services:
  traefik:
    image: traefik
    hostname: traefik
    container_name: traefik
    restart: unless-stopped
    command:
      - --global.sendAnonymousUsage=false
      - --entryPoints.web.address=:80
      - --entryPoints.websecure.address=:443
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
      - --entrypoints.websecure.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
      - --api
      - --log
      - --metrics.influxdb2=true
      - --metrics.influxdb2.address=http://influx:8086
      - --metrics.influxdb2.token=${INFLUX_TOKEN}
      - --metrics.influxdb2.org=${INFLUX_ORG}
      - --metrics.influxdb2.bucket=${INFLUX_BUCKET}
      - --metrics.influxdb2.addEntryPointsLabels=true
      - --metrics.influxdb2.addrouterslabels=true
      - --metrics.influxdb2.addServicesLabels=true
      - --metrics.influxdb2.additionallabels.host=proxy
      - --metrics.influxdb2.additionallabels.environment=local
      - --log.level=DEBUG # DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --providers.providersThrottleDuration=2s
      - --providers.redis
      - --providers.redis.endpoints=traefik-redis:6379
      - --providers.redis.password=${REDIS_PASS}
      - --providers.docker
      - --providers.docker.watch=true
      - --providers.docker.endpoint=tcp://docker_proxy:2375 #unix:///var/run/docker.sock
      - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}`)
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=wan
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/etc/traefik/dynamic-conf/
      - --providers.file.watch=true
      - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
      #- --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
      - --certificatesResolvers.dns-cloudflare.acme.storage=/acme/acme.json
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90
    networks:
      - wan
      - docker_proxy
      - traefik-kop
    security_opt:
      - no-new-privileges:true
    ports:
      - 80:80
      - 443:443
    volumes:
      - traefik-acme:/acme
      - ${DOCKERDIR}/traefik/dynamic/:/etc/traefik/dynamic-conf/
    environment:
      - CF_API_EMAIL=${CLOUDFLARE_EMAIL}
      - CF_API_KEY=${CLOUDFLARE_API_KEY}
      - TZ=${TZ}
    labels:
      - traefik.enable=true
      # Middleware Rules
      # # Basic Authentication
      - traefik.http.middlewares.basic-auth.basicAuth.realm=Traefik Basic Authentication
      - traefik.http.middlewares.basic-auth.basicAuth.users=${BASIC_AUTH_USER}:${BASIC_AUTH_PASS}
      # # Rate Limit
      - traefik.http.middlewares.rate-limit.rateLimit.average=100
      - traefik.http.middlewares.rate-limit.rateLimit.burst=50
      # # Secure Headers
      - traefik.http.middlewares.security-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT
      - traefik.http.middlewares.security-headers.headers.accesscontrolmaxage=100
      - traefik.http.middlewares.security-headers.headers.addvaryheader=true
      - traefik.http.middlewares.security-headers.headers.hostsproxyheaders=X-Forwarded-Host
      - traefik.http.middlewares.security-headers.headers.sslredirect=true
      - traefik.http.middlewares.security-headers.headers.sslproxyheaders.X-Forwarded-Proto=https
      - traefik.http.middlewares.security-headers.headers.stsseconds=63072000
      - traefik.http.middlewares.security-headers.headers.stsincludesubdomains=true
      - traefik.http.middlewares.security-headers.headers.stspreload=true
      - traefik.http.middlewares.security-headers.headers.forcestsheader=true
      - traefik.http.middlewares.security-headers.headers.framedeny=true
      - traefik.http.middlewares.security-headers.headers.contenttypenosniff=true
      - traefik.http.middlewares.security-headers.headers.browserxssfilter=true
      - traefik.http.middlewares.security-headers.headers.referrerpolicy=same-origin
      # Middleware Chains
      - traefik.http.middlewares.no-auth.chain.middlewares=rate-limit,security-headers
      - traefik.http.middlewares.basic-auth.chain.middlewares=rate-limit,security-headers,basic-auth
      ## Middlewares
      - traefik.http.routers.traefik-rtr.middlewares=no-auth@docker
      # Services - API
      - traefik.http.routers.traefik-rtr.service=api@internal
      # HTTP Routers
      - traefik.http.routers.traefik-rtr.entrypoints=websecure
      - traefik.http.routers.traefik-rtr.rule=Host(`traefik.$MAIN_DOMAIN`)
      - traefik.http.routers.traefik-rtr.tls=true
      # Setting TLS to $DOMAIN#
      - traefik.http.routers.traefik-rtr.tls.certResolver=dns-cloudflare
      - traefik.http.routers.traefik-rtr.tls.domains[0].main=$MAIN_DOMAIN
      - traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$MAIN_DOMAIN

  traefik-redis:
    hostname: traefik-redis
    container_name: traefik-redis
    image: redis:alpine
    restart: always
    command: redis-server --requirepass ${REDIS_PASS}
    networks:
      - traefik-kop
    healthcheck:
      test: ["CMD", "redis-cli", "-p", "6379", "ping"]
      interval: 30s
      timeout: 10s
      retries: 3
    ports:
      - 6379:6379
    volumes:
      - ${DOCKERDIR}/traefik/redis/config:/usr/local/etc/redis
      - ${DOCKERDIR}/traefik/redis/data:/data

env file

DOCKERDIR=/srv/docker
...
MAIN_DOMAIN=lued.tech
...

# traefik-kop
REDIS_ADDR=[REDIS FQDN]:6379
REDIS_PASS=[REDIS PASSWORD]

relevant traefik container log:

Only showing this log as there is nothing relevant in Traefik besides it working as expected and finding the dynamic rule provided by redis upon traefik-kop reading the container labels on other servers.

2. security: traefik-kop & VaultWarden (A compose container)

docker-compose.yml

networks:
  docker_proxy:
    name: docker_proxy
    external: false

services:
  traefik-kop:
    image: ghcr.io/jittering/traefik-kop:latest
    hostname: traefik-kop
    container_name: traefik-kop
    restart: always
    networks:
      - docker_proxy
    environment:
      - REDIS_ADDR=${REDIS_ADDR}
      - REDIS_PASS=${REDIS_PASS}
      - BIND_IP=${HOST_IP}
      - DOCKER_HOST=tcp://docker_proxy:2375
      - POLL_INTERVAL=10
      - DEBUG=1

env file

# traefik-kop
REDIS_ADDR=[REDIS FQDN]:6379
REDIS_PASS=[REDIS PASSWORD]
HOST_IP=[HOST IP]

docker-compose.yml for vaultwarden

networks:
  wan:
    name: wan
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 10.0.100.0/24
 
services:
  vaultwarden:
    image: vaultwarden/server
    container_name: vaultwarden
    hostname: vault
    restart: always
    networks:
      - wan
    ports:
      - 2122:80
      - 3012:3012
    environment:
      - ADMIN_TOKEN=${ADMIN_TOKEN}
      - WEBSOCKET_ENABLED=true
      - PASSWORD_ITERATIONS=600000
      - SIGNUPS_ALLOWED=false
      - LOG_FILE=/data/vaultwarden.log
      - LOG_LEVEL=warn
      - EXTENDED_LOGGING=true
      - TZ=$TZ
      - SMTP_HOST=${SMTP_SERVER}
      - SMTP_FROM=vault@${MAIN_DOMAIN}
      - SMTP_FROM_NAME=${FROM_NAME}
      - SMTP_SECURITY=${SMTP_SECURITY}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USER}
      - SMTP_PASSWORD=${SMTP_PASS}
      - SMTP_TIMEOUT=15
      - DOMAIN=https://vault.${MAIN_DOMAIN}
    volumes:
      - ${DOCKERDIR}/vaultwarden:/data
    labels:
      - "traefik.enable=true"
      # routers & services
      - "traefik.http.routers.vaultwarden.tls=true"
      - "traefik.http.routers.vaultwarden.entrypoints=websecure"
      - "traefik.http.routers.vaultwarden.tls.certresolver=dns-cloudflare"
      - "traefik.http.routers.vaultwarden.rule=Host(`vault.${MAIN_DOMAIN}`)"
      - "traefik.http.routers.vaultwarden.service=vaultwarden"
      - "traefik.http.services.vaultwarden.loadbalancer.server.scheme=http"
      - "traefik.http.services.vaultwarden.loadbalancer.server.port=2122"
      # websocket
      - "traefik.http.routers.vaultwarden-ws.tls=true"
      - "traefik.http.routers.vaultwarden-ws.entrypoints=websecure"
      - "traefik.http.routers.vaultwarden-ws.tls.certresolver=dns-cloudflare"
      - "traefik.http.routers.vaultwarden-ws.rule=Host(`vault.${MAIN_DOMAIN}`) && Path(`/notifications/hub`)"
      - "traefik.http.routers.vaultwarden-ws.service=vaultwarden-ws"
      - "traefik.http.services.vaultwarden-ws.loadbalancer.server.scheme=http"
      - "traefik.http.services.vaultwarden-ws.loadbalancer.server.port=3012"

env file for vaultwarden

DOCKERDIR=/srv/docker
TZ=[my timezone]
MAIN_DOMAIN=[my domain]
...

3. business: traefik-kop & freescout (Another compose container)

traefik-kop docker-compose.yml

networks:
  docker_proxy:
    name: docker_proxy
    external: false

services:
  traefik-kop:
    image: ghcr.io/jittering/traefik-kop:latest
    hostname: traefik-kop
    container_name: traefik-kop
    restart: always
    networks:
      - docker_proxy
    environment:
      - REDIS_ADDR=${REDIS_ADDR}
      - REDIS_PASS=${REDIS_PASS}
      - BIND_IP=${HOST_IP}
      - DOCKER_HOST=tcp://docker_proxy:2375
      - POLL_INTERVAL=10
      - DEBUG=1

env file for traefik-kop

# traefik-kop
REDIS_ADDR=[REDIS FQDN]:6379
REDIS_PASS=[REDIS PASSWORD]
HOST_IP=[HOST IP]

docker-compose.yml for freescout

networks:
  wan:
    name: wan
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 10.0.100.0/24

services:
  freescout-app:
    image: tiredofit/freescout
    hostname: freescout-app
    container_name: freescout-app
    links:
    - freescout-db
    volumes:
      ...
    environment:
      ...
    networks:
      - wan
    ports:
      - 2140:80
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.freescout.tls=true"
      - "traefik.http.routers.freescout.entrypoints=websecure"
      - "traefik.http.routers.freescout.tls.certresolver=dns-cloudflare"
      - "traefik.http.routers.freescout.rule=Host(`it.${MAIN_DOMAIN}`)"
      - "traefik.http.routers.freescout.service=freescout"
      - "traefik.http.services.freescout.loadbalancer.server.scheme=http"
      - "traefik.http.services.freescout.loadbalancer.server.port=2140"

  freescout-db:
    image: tiredofit/mariadb
    container_name: freescout-db
    volumes:
      ...
    environment:
      ...
    networks:
      - wan
    restart: unless-stopped

env file for freescout

DOCKERDIR=/srv/docker
TZ=[tz]
MAIN_DOMAIN=[my domain]
...

Behaviour:

Server 1's traefik is functioning as expected with Server 3's freescout service being the only labels as keys in redis via traefik-kop.
Server 2's traefik-kop is restarted with the vaultwarden container already running.
Server 1's redis keys are seemingly dropped and replaced with new server 2 container labels, breaking routing for server 3 as the dynamic rules are removed.

It appears redis is purging upon key ingestion. Am I missing something here?

Thanks

Error invalid syntax providerName=docker

Hello,

I have a problem. I have Traefik running in my HomeLab on a Docker Swarm cluster. Traefik of course uses the Docker provider for this.

For this I then did the configuration as described for traefik-kop. Redis with on the Docker cluster.

The container mut the docker-kop runs on my Synology NAS. Now when I start another container with NGINX and traefik label on the Synology NAS, I get the following error message.

Any idea what can be wrong? You can't really do much wrong with the syntax.

time="2022-04-30T22:52:32Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2022-04-30T22:52:32Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"swarmModeRefreshSeconds\":\"15s\"}"
time="2022-04-30T22:52:32Z" level=error msg="Skip container nginx-traefik-central: strconv.ParseBool: parsing \"true\\\"\": invalid syntax" providerName=docker
time="2022-04-30T22:52:32Z" level=info msg="refreshing configuration"
time="2022-04-30T22:54:54Z" level=info msg="Skipping same configuration" providerName=docker
time="2022-04-30T22:56:55Z" level=error msg="Skip container nginx01-traefik-central: strconv.ParseBool: parsing \"true\\\"\": invalid syntax" providerName=docker
time="2022-04-30T22:56:55Z" level=info msg="Skipping same configuration" providerName=docker
time="2022-04-30T23:03:15Z" level=error msg="Skip container nginx01-traefik-central: strconv.ParseBool: parsing \"true\\\"\": invalid syntax" providerName=docker
time="2022-04-30T23:03:19Z" level=info msg="Skipping same configuration" providerName=docker
time="2022-04-30T23:04:31Z" level=info msg="Skipping same configuration" providerName=docker
time="2022-04-30T23:05:18Z" level=error msg="Skip container nginx01-test: strconv.ParseBool: parsing \"true\\\"\": invalid syntax" providerName=docker
time="2022-04-30T23:05:18Z" level=info msg="Skipping same configuration" providerName=docker

Thank you

best regards

Running traefik-kop on the same host running traefik

Hi,

When traefik-kop is running on the same host running traefik, sometimes it works and sometimes it doesn't. The services are successfully discovered, but they are, with the routers, duplicated because they are provided both by the Docker provider and the Redis providers. When I want to access a service and the router used is the one from Docker, it doesn't work because the router routes to the IP of the container (and I don't want the service container to belong to the traefik network so the gateway timeout error is expected). Else, it works. Is there any way to give a higher priority to the Redis routers, or is there any other workaround?

For context, I'm using Ansible to deploy my applications on several nodes. But I don't want the docker compose files to be dependent on the node where the corresponding containers are hosted, which happens without traefik-kop because I have to modify the docker compose files of the node running traefik to connect the containers to the traefik network, which is what I'm doing for now and it works, but it is not what I want. Ideally, I just want to deploy traefik-kop on all the nodes, included the one running traefik, and don't have to modify the docker compose files of the node running traefik. I could use a VM just for traefik, but I think it's a bit overkill and not very convenient.

multiple servers behind one service

Hello there,

got a question which is based on a service which has multiple servers in background.
With the docker deamon it works like charme. But i ran into this issue with traefik-kop.

I want to publish multiple instances behind one router and one service (load balancing in fact).

Here are my labels for the container1 and the same on container2:

 - "traefik.enable=true"
  - "traefik.http.services.test.loadbalancer.server.port=8080"
  - "traefik.docker.network=q-srv"
  - "traefik.http.routers.test.entrypoints=web"
  - "traefik.http.services.test.loadbalancer.server.scheme=http"
  - "traefik.http.routers.test.rule=Host(`test.local`)"

But everytime i start the other container, the IP will bei overwritten on both servers with the latest discovered ip from traefik-kop.
So is it possible to do that?

Can you give me a hint how to publish both IPs to this service as servers? Would be great :)

Choose default port

Hey there,

Thank you so much for creating this! It is exactly what I've been looking for :D

I just have one small feature request: When there is only one exposed port on a container, could you automatically assign that port as the bind port?

Regards,
Dorian

Docker automatic port map not recognized

When a port is automatically assigned by the docker, Traefik Kop does not recognize the port and uses the image port

Option "Publish all exposed network ports to random host ports"

Test is manualy set, Test2 is set by docker
traefik/http/services/test/loadBalancer/servers/0/urls: http://10.0.10.20:49154
traefik/http/services/test2/loadBalancer/servers/0/url: http://10.0.10.20:80

Bug: Index out of range

Description

A bug is currently occurring under two circumstances in the provided configuration:

~~1. When publishing multiple ports of a single container.~~
2. When using Traefik labels without specifying the port explicitly.

Environment:

Operating System: Debian 12
Podman Version: 4.3.1
Traefik Version: 0.13

Context:

The issue is not caused by using Podman, as Traefik-kop worked flawlessly on an Alpine machine with Podman.

Configuration

Traefik Docker Compose:

version: 3
services:
  redis:
    image: docker.io/redis:alpine
    restart: always
    healthcheck:
      test: ["CMD", "redis-cli", "-p", "6379", "ping"]
      interval: 30s
      timeout: 10s
      retries: 3
    ports:
      - 10010:6379
    volumes:
      - redis:/data
  traefik:
    image: docker.io/traefik:latest
    restart: always
    env_file: .env
    stop_grace_period: 30s
    depends_on: redis
    healthcheck:
      test: ["CMD", "traefik", "healthcheck", "--ping"]
      interval: 30s
      timeout: 10s
      retries: 3
    command:
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls=true"
      - "--experimental.http3=true"
      - "--log.level=DEBUG"
      - "--ping=true"
      #- "--ping.entrypoint=websecure"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.redis.endpoints=redis:6379"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`proxy.domain.test`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.service=api@internal"
    ports:
      - 80:80
      - 443:443
    volumes:
      - data:/data
      - /run/user/1000/podman/podman.sock:/var/run/docker.sock:ro
  whoami:
    image: docker.io/traefik/whoami:latest
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`domain.test`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
volumes:
  redis:
  data:

Traefik-Kop Docker Compose:

version: 3
services:
  traefik-kop:
    image: ghcr.io/jittering/traefik-kop:latest
    restart: always
    env_file: .env
    command:
      - "--verbose"
    volumes:
      - /run/user/1000/podman/podman.sock:/var/run/docker.sock:ro

~~4. Service Docker Compose(Case 1):~~

version: 3
services:
  portainer:
    image: docker.io/portainer/portainer-ee:alpine
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.rule=Host(`port.domain.test`)"
      - "traefik.http.routers.portainer.entrypoints=websecure"
      - "traefik.http.services.portainer.loadbalancer.server.port=10020"
      - "traefik.tcp.routers.portainer-edge.rule=HostSNI(`edge.port.domain.test`)"
      - "traefik.tcp.routers.portainer-edge.entrypoints=websecure"
      - "trarfik.tcp.services.portainer-edge.loadbalancer.server.port=10022"
    ports:
      - 10020:9000
      - 10022:8000
    volumes:
      - data:/data
  portainer_agent:
    image: docker.io/portainer/agent:alpine
    restart: always
    volumes:
      - /run/user/1000/podman/podman.sock:/var/run/docker.sock
      - /home/debian/.local/share/containers/storage/volumes:/var/lib/docker/volumes
volumes:
  data:

Service Docker Compose (Case 2)

version: 3
services:
  portainer:
    image: docker.io/portainer/portainer-ee:alpine
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.rule=Host(`port.domain.test`)"
      - "traefik.http.routers.portainer.entrypoints=websecure"
    ports:
      - 10020:9000
    volumes:
      - data:/data
  portainer_agent:
    image: docker.io/portainer/agent:alpine
    restart: always
    volumes:
      - /run/user/1000/podman/podman.sock:/var/run/docker.sock
      - /home/debian/.local/share/containers/storage/volumes:/var/lib/docker/volumes
volumes:
  data:

Logs:

traefik-kop log:

time="2023-08-11T17:54:55Z" level=debug msg="using traefik-kop config: {DockerConfig: DockerHost:unix:///var/run/docker.sock Hostname:7069efcc96de BindIP:cloud-1.int.domain.test Addr:traefik.int.domain.test:10010 Pass: DB:0 PollInterval:60}"
time="2023-08-11T17:54:55Z" level=info msg="creating new redis store at traefik.int.domain.test:10010 for hostname 7069efcc96de"
time="2023-08-11T17:54:55Z" level=info msg="Starting provider aggregator *traefikkop.MultiProvider"
time="2023-08-11T17:54:55Z" level=info msg="starting polling provider with 1m0s interval"
time="2023-08-11T17:54:55Z" level=info msg="Starting provider *docker.Provider"
time="2023-08-11T17:54:55Z" level=debug msg="*docker.Provider provider configuration: {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"swarmModeRefreshSeconds\":\"15s\"}"
time="2023-08-11T17:54:56Z" level=debug msg="Provider connection established with docker 4.3.1 (API 1.41)" providerName=docker
time="2023-08-11T17:54:56Z" level=debug msg="Filtering disabled container" container=portainer-agent-portainer-0cf69d34adede649d8b46445870df8836c8c238763a1e0a13a3e9c0920834e8c providerName=docker
time="2023-08-11T17:54:56Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-kop-traefik-kop-7069efcc96deefd61e44d4a6665c5724b1c011a5f748d1609cac09ca2797a274
time="2023-08-11T17:54:56Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"portainer\":{\"entryPoints\":[\"websecure\"],\"service\":\"portainer\",\"rule\":\"Host(`port.domain.test`)\"}},\"services\":{\"portainer\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://10.89.0.139:10020\"}],\"passHostHeader\":true}}}},\"tcp\":{\"routers\":{\"portainer-edge\":{\"entryPoints\":[\"websecure\"],\"service\":\"portainer-portainer\",\"rule\":\"HostSNI(`edge.port.domain.test`)\"}},\"services\":{\"portainer-portainer\":{\"loadBalancer\":{\"terminationDelay\":100,\"servers\":[{\"address\":\"10.89.0.139:8000\"}]}}}},\"udp\":{}}" providerName=docker
time="2023-08-11T17:54:56Z" level=info msg="refreshing traefik-kop configuration"
time="2023-08-11T17:54:56Z" level=debug msg="found http service: portainer@docker" service=portainer@docker service-type=http
time="2023-08-11T17:54:56Z" level=debug msg="found router 'portainer@docker' for service portainer"
time="2023-08-11T17:54:56Z" level=debug msg="found container '/portainer_portainer_1' (b73d5d826b41671e438be21ee51b11a415b2a5c5980f8a147f287b65a1eabe35) for service 'portainer'"
time="2023-08-11T17:54:56Z" level=debug msg="found router 'portainer@docker' for service portainer"
time="2023-08-11T17:54:56Z" level=debug msg="found container '/portainer_portainer_1' (b73d5d826b41671e438be21ee51b11a415b2a5c5980f8a147f287b65a1eabe35) for service 'portainer'"
time="2023-08-11T17:54:56Z" level=debug msg="no network label set for portainer@docker"
time="2023-08-11T17:54:56Z" level=debug msg="using load balancer URL for port detection: http://10.89.0.139:10020" service=portainer@docker service-type=http
time="2023-08-11T17:54:56Z" level=debug msg="found router 'portainer@docker' for service portainer"
time="2023-08-11T17:54:56Z" level=debug msg="found container '/portainer_portainer_1' (b73d5d826b41671e438be21ee51b11a415b2a5c5980f8a147f287b65a1eabe35) for service 'portainer'"
time="2023-08-11T17:54:56Z" level=debug msg="using explicitly set port 10020 for portainer@docker" service=portainer@docker service-type=http
time="2023-08-11T17:54:56Z" level=info msg="publishing http://cloud-1.int.domain.test:10020" service=portainer@docker service-type=http
time="2023-08-11T17:54:56Z" level=debug msg="found tcp service: portainer-portainer@docker"
time="2023-08-11T17:54:56Z" level=debug msg="found router 'portainer-edge@docker' for service portainer-portainer"
time="2023-08-11T17:54:56Z" level=debug msg="found container '/portainer_portainer_1' (b73d5d826b41671e438be21ee51b11a415b2a5c5980f8a147f287b65a1eabe35) for service 'portainer-portainer'"
time="2023-08-11T17:54:56Z" level=debug msg="no network label set for portainer-portainer@docker"
time="2023-08-11T17:54:56Z" level=debug msg="found router 'portainer-edge@docker' for service portainer-portainer"
time="2023-08-11T17:54:56Z" level=debug msg="found container '/portainer_portainer_1' (b73d5d826b41671e438be21ee51b11a415b2a5c5980f8a147f287b65a1eabe35) for service 'portainer-portainer'"
time="2023-08-11T17:54:56Z" level=error msg="Error in Go routine: runtime error: index out of range [0] with length 0"
time="2023-08-11T17:54:56Z" level=error msg="Stack: goroutine 15 [running]:\nruntime/debug.Stack()\n\t/opt/hostedtoolcache/go/1.19.2/x64/src/runtime/debug/stack.go:24 +0x65\ngithub.com/traefik/traefik/v2/pkg/safe.defaultRecoverGoroutine({0x26c73c0?, 0xc0007710f8})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:66 +0xa5\ngithub.com/traefik/traefik/v2/pkg/safe.GoWithRecover.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:56 +0x36\npanic({0x26c73c0, 0xc0007710f8})\n\t/opt/hostedtoolcache/go/1.19.2/x64/src/runtime/panic.go:884 +0x212\ngithub.com/jittering/traefik-kop.portBindingString(0x41d5c00?)\n\t/home/runner/work/traefik-kop/traefik-kop/docker.go:135 +0x339\ngithub.com/jittering/traefik-kop.getPortBinding({0xc000888840, {0xc00088e960, 0x1, 0x4}, 0xc0003fb2c0, 0xc000892900})\n\t/home/runner/work/traefik-kop/traefik-kop/docker.go:102 +0x236\ngithub.com/jittering/traefik-kop.getContainerPort({0x2e69590, 0xc000422100}, 0x28988dc?, {0x2863c9e, 0x3}, {0xc00071b300, 0x1a}, {0x0, 0x0})\n\t/home/runner/work/traefik-kop/traefik-kop/traefik_kop.go:260 +0x3a5\ngithub.com/jittering/traefik-kop.replaceIPs({0x2e69590, 0xc000422100}, 0xc00021be88, {0xc00005a008, 0x14})\n\t/home/runner/work/traefik-kop/traefik-kop/traefik_kop.go:185 +0x65e\ngithub.com/jittering/traefik-kop.Start.func1({0xc0007cc090, 0xc0007aaa98, 0xc0001ef8e0, 0xc0007cc0c0})\n\t/home/runner/work/traefik-kop/traefik-kop/traefik_kop.go:85 +0xc6\ngithub.com/traefik/traefik/v2/pkg/server.(*ConfigurationWatcher).applyConfigurations(0xc000b5c8c0, {0x2e3cd18, 0xc0001d4180})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/server/configurationwatcher.go:172 +0x21d\ngithub.com/traefik/traefik/v2/pkg/safe.(*Pool).GoCtx.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:36 +0x66\ngithub.com/traefik/traefik/v2/pkg/safe.GoWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:59 +0x5b\ncreated by github.com/traefik/traefik/v2/pkg/safe.GoWithRecover\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:53 +0x72\n"

Additional Notes:

Feel free to reach out for further assistance. Please note that my response time might be slower over the next four weeks.

Use traefik-kop on multiple docker server to a unique traefik

Hi,

I got serv1 = dockerserver with traefik
serv2 = dockerserver with traefik-kop
serv3 = dockerserver with traefik-kop

I'd like to connect serv2 and serv3 with traefik-kop to serv1-traefik.
It is possible ?

Actually, it seems like the traefik-redis database on serv1 got uptaded well because I can see the host on traefik-dashboard. It is all green.

from serv2
traefik-kop | time="2023-12-21T09:30:12Z" level=info msg="publishing http://172.18.0.11:8080" service=draw@docker service-type=http
from serv3 traefik-kop's log
traefik-kop | time="2023-12-21T09:23:59Z" level=info msg="publishing http://172.18.0.7:5231" service=memos@docker service-type=http

So, serv2 is working perfectly with traefik-kop. Serv3 seems to send entries to serv1's traefik-redis database but i can't resolv the URLs of serv3.

I can share any configuration if needed, I just want to confirm i can use 2 traefik-kop to a single traefik node.

Provide IP for each docker via label

It would be nice to add for each docker a own "bind_ip". Maybe via label. So that you can multiple IPs.
example:

labels:
    kop.bind.ip: 10.10.10.16
    ...

If you don't have this feature you need a second reverse-proxy, or not?

Default Rule

Is it possible to add a defaultRule?
Like the docker provider:

defaultRule: "Host(`srv-{{ index .Labels \"com.docker.compose.service\"}}.example.com`)"

Would be very helpfull.

setting port for tcp service does not work

Hey :)

I have this configuration

version: "3"

services:
  gitea:
    image: gitea/gitea
    ports:
      - "20080:3000"
      - "20022:22"
    labels:
      traefik.enable: true
      traefik.http.routers.gitea.rule: "Host(`git.domain`)"
      traefik.http.routers.gitea.entrypoints: webs
      traefik.http.routers.gitea.service: gitea@redis
      traefik.http.services.gitea.loadbalancer.server.port: 20080

      traefik.tcp.routers.gitea-ssh.rule: "HostSNI(`*`)"
      traefik.tcp.routers.gitea-ssh.entrypoints: ssh
      traefik.tcp.routers.gitea-ssh.service: gitea-ssh@redis
      traefik.tcp.services.gitea-ssh.loadbalancer.server.port: 20022

The port of the gitea-ssh service is not detected correctly:

And this is the log:

traefik-kop-traefik-kop-1  | time="2022-09-28T12:37:14Z" level=warning msg="found more than one host-port binding for container '/gitea-gitea-1' (20022:22, 20080:3000)" service-type=tcp service=gitea-ssh@docker

KV connection error

Hey guys,
as the title says i´ll get:
level=error msg="KV connection error: KV store connection error: dial tcp: lookup redis: i/o timeout, retrying in 324.987404ms" providerName=redis
For my understanding ;-) i got two server: Master (192.168.2.182) and Slave (192.168.2.55) i put redis: endpoints: -"redis:6379" in the traefik.yml on the Master and start the traefik container.
Then i create a new container on the Slave, where i put as REDIS_ADDR=192.168.2.182:6379 and BIND_IP=192.168.2.55
then when i start both containers i´ll get above error. Maybe i´m on the wrong path here ;-)
thanks

Go Crash in hostedtoolcache

I'm getting the following crash:

time="2022-09-09T04:17:55Z" level=info msg="creating new redis store at 10.0.0.1:6379 for hostname solarflare"
time="2022-09-09T04:17:55Z" level=info msg="Starting provider aggregator *traefikkop.MultiProvider"
time="2022-09-09T04:17:55Z" level=info msg="starting polling provider with 15s interval"
time="2022-09-09T04:17:55Z" level=info msg="Starting provider *docker.Provider"
time="2022-09-09T04:17:55Z" level=error msg="Undefined rule" providerName=docker routerName=jellyfin
time="2022-09-09T04:17:55Z" level=info msg="refreshing traefik-kop configuration"
time="2022-09-09T04:17:55Z" level=warning msg="found more than one host-port binding for container '/jellyfin'"
time="2022-09-09T04:18:10Z" level=error msg="Error in Go routine: runtime error: invalid memory address or nil pointer dereference"
time="2022-09-09T04:18:10Z" level=error msg="Stack: goroutine 51 [running]:\nruntime/debug.Stack()\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/debug/stack.go:24 +0x65\ngithub.com/traefik/traefik/v2/pkg/safe.defaultRecoverGoroutine({0x22e8360, 0x3f34520})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:66 +0xa5\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:74 +0x35\npanic({0x22e8360, 0x3f34520})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/panic.go:1038 +0x215\ntext/template.errRecover(0xc0005672c0)\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:163 +0x15b\npanic({0x22e8360, 0x3f34520})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/panic.go:1038 +0x215\ntext/template.(*Template).execute(0x0, {0x2b022e0, 0xc000c4acc0}, {0x239f960, 0xc000c47500})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:214 +0x239\ntext/template.(*Template).Execute(...)\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:200\ngithub.com/traefik/traefik/v2/pkg/provider.BuildRouterConfiguration({0x2b4c9e8, 0xc000c35f80}, 0xc000c4aab0, {0xc000c36978, 0xc000c3db80}, 0x9, {0x239f960, 0xc000c47500})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/configuration.go:404 +0x2d1\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).buildConfiguration(0xc00034e000, {0x2b4c9e8, 0xc000c35f80}, {0xc000c507e0, 0x2, 0xc000c3d860})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/config.go:83 +0x7a5\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:230 +0x69a\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:78 +0x63\ngithub.com/cenkalti/backoff/v4.RetryNotifyWithTimer(0xc000412890, {0x7fad5b3e2258, 0xc000092200}, 0xc000567f20, {0x0, 0x0})\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:55 +0x12a\ngithub.com/cenkalti/backoff/v4.RetryNotify(...)\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:34\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1({0x2b4c940, 0xc0000585c0})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:330 +0x305\ngithub.com/traefik/traefik/v2/pkg/safe.(*Pool).GoCtx.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:36 +0x66\ngithub.com/traefik/traefik/v2/pkg/safe.GoWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:59 +0x5b\ncreated by github.com/traefik/traefik/v2/pkg/safe.GoWithRecover\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:53 +0x77\n"
time="2022-09-09T04:18:10Z" level=error msg="Provider connection error panic in operation: %!w(<nil>), retrying in 688.725732ms" providerName=docker
time="2022-09-09T04:18:11Z" level=error msg="Error in Go routine: runtime error: invalid memory address or nil pointer dereference"
time="2022-09-09T04:18:11Z" level=error msg="Stack: goroutine 51 [running]:\nruntime/debug.Stack()\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/debug/stack.go:24 +0x65\ngithub.com/traefik/traefik/v2/pkg/safe.defaultRecoverGoroutine({0x22e8360, 0x3f34520})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:66 +0xa5\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:74 +0x35\npanic({0x22e8360, 0x3f34520})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/panic.go:1038 +0x215\ntext/template.errRecover(0xc0005672c0)\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:163 +0x15b\npanic({0x22e8360, 0x3f34520})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/panic.go:1038 +0x215\ntext/template.(*Template).execute(0x0, {0x2b022e0, 0xc000c4b890}, {0x239f960, 0xc000c76498})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:214 +0x239\ntext/template.(*Template).Execute(...)\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:200\ngithub.com/traefik/traefik/v2/pkg/provider.BuildRouterConfiguration({0x2b4c9e8, 0xc000c35f80}, 0xc000c4b680, {0xc000c36e58, 0xc000c5c6b5}, 0x9, {0x239f960, 0xc000c76498})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/configuration.go:404 +0x2d1\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).buildConfiguration(0xc00034e000, {0x2b4c9e8, 0xc000c35f80}, {0xc000c7a000, 0x2, 0xc00081bd40})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/config.go:83 +0x7a5\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:230 +0x69a\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:78 +0x63\ngithub.com/cenkalti/backoff/v4.RetryNotifyWithTimer(0xc000412890, {0x7fad5b3e2258, 0xc000092200}, 0xc000567f20, {0x0, 0x0})\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:55 +0x12a\ngithub.com/cenkalti/backoff/v4.RetryNotify(...)\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:34\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1({0x2b4c940, 0xc0000585c0})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:330 +0x305\ngithub.com/traefik/traefik/v2/pkg/safe.(*Pool).GoCtx.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:36 +0x66\ngithub.com/traefik/traefik/v2/pkg/safe.GoWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:59 +0x5b\ncreated by github.com/traefik/traefik/v2/pkg/safe.GoWithRecover\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:53 +0x77\n"
time="2022-09-09T04:18:11Z" level=error msg="Provider connection error panic in operation: %!w(<nil>), retrying in 428.49889ms" providerName=docker
time="2022-09-09T04:18:11Z" level=error msg="Error in Go routine: runtime error: invalid memory address or nil pointer dereference"
time="2022-09-09T04:18:11Z" level=error msg="Stack: goroutine 51 [running]:\nruntime/debug.Stack()\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/debug/stack.go:24 +0x65\ngithub.com/traefik/traefik/v2/pkg/safe.defaultRecoverGoroutine({0x22e8360, 0x3f34520})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:66 +0xa5\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:74 +0x35\npanic({0x22e8360, 0x3f34520})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/panic.go:1038 +0x215\ntext/template.errRecover(0xc0005672c0)\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:163 +0x15b\npanic({0x22e8360, 0x3f34520})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/panic.go:1038 +0x215\ntext/template.(*Template).execute(0x0, {0x2b022e0, 0xc000c8c6f0}, {0x239f960, 0xc000c77380})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:214 +0x239\ntext/template.(*Template).Execute(...)\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:200\ngithub.com/traefik/traefik/v2/pkg/provider.BuildRouterConfiguration({0x2b4c9e8, 0xc000c35f80}, 0xc000c8c4e0, {0xc000c37428, 0xc000c5d1f0}, 0x9, {0x239f960, 0xc000c77380})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/configuration.go:404 +0x2d1\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).buildConfiguration(0xc00034e000, {0x2b4c9e8, 0xc000c35f80}, {0xc000c7bc20, 0x2, 0xc000c5ced0})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/config.go:83 +0x7a5\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:230 +0x69a\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:78 +0x63\ngithub.com/cenkalti/backoff/v4.RetryNotifyWithTimer(0xc000412890, {0x7fad5b3e2258, 0xc000092200}, 0xc000567f20, {0x0, 0x0})\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:55 +0x12a\ngithub.com/cenkalti/backoff/v4.RetryNotify(...)\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:34\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1({0x2b4c940, 0xc0000585c0})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:330 +0x305\ngithub.com/traefik/traefik/v2/pkg/safe.(*Pool).GoCtx.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:36 +0x66\ngithub.com/traefik/traefik/v2/pkg/safe.GoWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:59 +0x5b\ncreated by github.com/traefik/traefik/v2/pkg/safe.GoWithRecover\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:53 +0x77\n"
time="2022-09-09T04:18:11Z" level=error msg="Provider connection error panic in operation: %!w(<nil>), retrying in 1.26916156s" providerName=docker
time="2022-09-09T04:18:12Z" level=error msg="Error in Go routine: runtime error: invalid memory address or nil pointer dereference"
time="2022-09-09T04:18:12Z" level=error msg="Stack: goroutine 51 [running]:\nruntime/debug.Stack()\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/debug/stack.go:24 +0x65\ngithub.com/traefik/traefik/v2/pkg/safe.defaultRecoverGoroutine({0x22e8360, 0x3f34520})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:66 +0xa5\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:74 +0x35\npanic({0x22e8360, 0x3f34520})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/panic.go:1038 +0x215\ntext/template.errRecover(0xc0005672c0)\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:163 +0x15b\npanic({0x22e8360, 0x3f34520})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/panic.go:1038 +0x215\ntext/template.(*Template).execute(0x0, {0x2b022e0, 0xc000c8d530}, {0x239f960, 0xc000cb8270})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:214 +0x239\ntext/template.(*Template).Execute(...)\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:200\ngithub.com/traefik/traefik/v2/pkg/provider.BuildRouterConfiguration({0x2b4c9e8, 0xc000c35f80}, 0xc000c8d320, {0xc000c379f8, 0xc000c5dd20}, 0x9, {0x239f960, 0xc000cb8270})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/configuration.go:404 +0x2d1\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).buildConfiguration(0xc00034e000, {0x2b4c9e8, 0xc000c35f80}, {0xc000c957a0, 0x2, 0xc000c5da00})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/config.go:83 +0x7a5\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:230 +0x69a\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:78 +0x63\ngithub.com/cenkalti/backoff/v4.RetryNotifyWithTimer(0xc000412890, {0x7fad5b3e2258, 0xc000092200}, 0xc000567f20, {0x0, 0x0})\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:55 +0x12a\ngithub.com/cenkalti/backoff/v4.RetryNotify(...)\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:34\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1({0x2b4c940, 0xc0000585c0})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:330 +0x305\ngithub.com/traefik/traefik/v2/pkg/safe.(*Pool).GoCtx.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:36 +0x66\ngithub.com/traefik/traefik/v2/pkg/safe.GoWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:59 +0x5b\ncreated by github.com/traefik/traefik/v2/pkg/safe.GoWithRecover\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:53 +0x77\n"
time="2022-09-09T04:18:12Z" level=error msg="Provider connection error panic in operation: %!w(<nil>), retrying in 1.094560521s" providerName=docker
time="2022-09-09T04:18:14Z" level=error msg="Error in Go routine: runtime error: invalid memory address or nil pointer dereference"
time="2022-09-09T04:18:14Z" level=error msg="Stack: goroutine 51 [running]:\nruntime/debug.Stack()\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/debug/stack.go:24 +0x65\ngithub.com/traefik/traefik/v2/pkg/safe.defaultRecoverGoroutine({0x22e8360, 0x3f34520})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:66 +0xa5\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:74 +0x35\npanic({0x22e8360, 0x3f34520})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/panic.go:1038 +0x215\ntext/template.errRecover(0xc0005672c0)\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:163 +0x15b\npanic({0x22e8360, 0x3f34520})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/panic.go:1038 +0x215\ntext/template.(*Template).execute(0x0, {0x2b022e0, 0xc000cc8390}, {0x239f960, 0xc000cb9158})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:214 +0x239\ntext/template.(*Template).Execute(...)\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:200\ngithub.com/traefik/traefik/v2/pkg/provider.BuildRouterConfiguration({0x2b4c9e8, 0xc000c35f80}, 0xc000cc8180, {0xc000c37fc8, 0xc000cb6870}, 0x9, {0x239f960, 0xc000cb9158})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/configuration.go:404 +0x2d1\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).buildConfiguration(0xc00034e000, {0x2b4c9e8, 0xc000c35f80}, {0xc000cbb440, 0x2, 0xc000cb6550})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/config.go:83 +0x7a5\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:230 +0x69a\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:78 +0x63\ngithub.com/cenkalti/backoff/v4.RetryNotifyWithTimer(0xc000412890, {0x7fad5b3e2258, 0xc000092200}, 0xc000567f20, {0x0, 0x0})\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:55 +0x12a\ngithub.com/cenkalti/backoff/v4.RetryNotify(...)\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:34\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1({0x2b4c940, 0xc0000585c0})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:330 +0x305\ngithub.com/traefik/traefik/v2/pkg/safe.(*Pool).GoCtx.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:36 +0x66\ngithub.com/traefik/traefik/v2/pkg/safe.GoWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:59 +0x5b\ncreated by github.com/traefik/traefik/v2/pkg/safe.GoWithRecover\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:53 +0x77\n"
time="2022-09-09T04:18:14Z" level=error msg="Provider connection error panic in operation: %!w(<nil>), retrying in 2.887338751s" providerName=docker
time="2022-09-09T04:18:16Z" level=error msg="Error in Go routine: runtime error: invalid memory address or nil pointer dereference"
time="2022-09-09T04:18:16Z" level=error msg="Stack: goroutine 51 [running]:\nruntime/debug.Stack()\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/debug/stack.go:24 +0x65\ngithub.com/traefik/traefik/v2/pkg/safe.defaultRecoverGoroutine({0x22e8360, 0x3f34520})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:66 +0xa5\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:74 +0x35\npanic({0x22e8360, 0x3f34520})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/panic.go:1038 +0x215\ntext/template.errRecover(0xc0005672c0)\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:163 +0x15b\npanic({0x22e8360, 0x3f34520})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/panic.go:1038 +0x215\ntext/template.(*Template).execute(0x0, {0x2b022e0, 0xc000d0a630}, {0x239f960, 0xc0008d9b48})\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:214 +0x239\ntext/template.(*Template).Execute(...)\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/text/template/exec.go:200\ngithub.com/traefik/traefik/v2/pkg/provider.BuildRouterConfiguration({0x2b4c9e8, 0xc000c35f80}, 0xc000d0a420, {0xc000133b90, 0xc0008f4935}, 0x9, {0x239f960, 0xc0008d9b48})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/configuration.go:404 +0x2d1\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).buildConfiguration(0xc00034e000, {0x2b4c9e8, 0xc000c35f80}, {0xc000d14240, 0x2, 0xc000918d10})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/config.go:83 +0x7a5\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1.1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:230 +0x69a\ngithub.com/traefik/traefik/v2/pkg/safe.OperationWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:78 +0x63\ngithub.com/cenkalti/backoff/v4.RetryNotifyWithTimer(0xc000412890, {0x7fad5b3e2258, 0xc000092200}, 0xc000567f20, {0x0, 0x0})\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:55 +0x12a\ngithub.com/cenkalti/backoff/v4.RetryNotify(...)\n\t/home/runner/go/pkg/mod/github.com/cenkalti/backoff/[email protected]/retry.go:34\ngithub.com/traefik/traefik/v2/pkg/provider/docker.(*Provider).Provide.func1({0x2b4c940, 0xc0000585c0})\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/provider/docker/docker.go:330 +0x305\ngithub.com/traefik/traefik/v2/pkg/safe.(*Pool).GoCtx.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:36 +0x66\ngithub.com/traefik/traefik/v2/pkg/safe.GoWithRecover.func1()\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:59 +0x5b\ncreated by github.com/traefik/traefik/v2/pkg/safe.GoWithRecover\n\t/home/runner/go/pkg/mod/github.com/traefik/traefik/[email protected]/pkg/safe/routine.go:53 +0x77\n"
time="2022-09-09T04:18:16Z" level=error msg="Provider connection error panic in operation: %!w(<nil>), retrying in 2.881082061s" providerName=docker

jittering / traefik-kop Goto Github PK

traefik-kop's Introduction

traefik-kop

Usage

Configuration

IP Binding

bind-ip

traefik-kop service labels

Container Networking

Service port binding

Namespaces

Docker API

Traefik Docker Provider Config

Releasing

License

traefik-kop's People

Contributors

Stargazers

Watchers

Forkers

traefik-kop's Issues

Environment

Traefik-Kop Configuration

Redis Configuration

Traefik Configuration

Service Configurations

Order of Operations

Traefik Entries

Problem Definition

Next Steps

Description

Environment:

Context:

Configuration

Logs:

Additional Notes:

Recommend Projects

Recommend Topics

Recommend Org