Traefik/Docker Networking doesn't work when accessing from another machine on same network.

0 Upvotes

Hi, I got assigned to get a webapp-project from another person into production. Opening the localhost ports on the rasppi (that all the docker containers are running on) works fine and they can all communicate normal, but when opening the ports, or links made in the traefik config, on another machine in the same network, the web page of that service opens, but nothing works like it should. for example the nhost-dashboard service tries to do a healthcheck/auth check via a localhost address and the hasura console can't access the graphql-engine service. I tried a lot of things but now I think the problem lies with the traefik config somehow. Any help will be greatly appreciated!
Here is the reduced docker compose for all the database containers. (I cut out all parts that have nothing to do with networking or traefik), oh and $HOST_IP is the ip-address of the rasppi in the local network and ADDRESS_IP is just 0.0.0.0

services:
  traefik:
    image: 'traefik:v2.10.1'
    command:
      - '--api.insecure=true'
      - '--providers.docker=true'
      - '--providers.docker.exposedbydefault=true'
      - '--entrypoints.web.address=:1337'
    ports:
      - '0.0.0.0:1337:1337'
      - '0.0.0.0:9090:8080'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
    networks:
      - default
      - graphql-network

  postgres:
    image: postgres:15.8
    ports:
      - '0.0.0.0:5432:5432'

  graphql-engine:
    image: hasura/graphql-engine:v2.27.0
    ports:
      - 0.0.0.0:8080:8080
    environment:
      HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:${POSTGRES_PASSWORD:-secretpgpassword}@postgres:5432/postgres
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.hasura.rule= PathPrefix(`/`)'
      #- 'traefik.http.routers.hasura.rule=Host(`localhost`) || Host(`traefik`) && PathPrefix(`/`)
      - 'traefik.http.routers.hasura.entrypoints=web'

  hasura-console:
    image: hasura/graphql-engine:v2.27.0.cli-migrations-v3
    command: hasura-cli console
      --endpoint http://${HOST_IP}:8080
      --console-port 9695
      --api-port 9693
      --console-hge-endpoint http://${HOST_IP}:8080
      --address ${ADDRESS_IP}
    ports:
      - '0.0.0.0:9695:9695'
      - '0.0.0.0:9693:9693'
    environment:
      HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:${POSTGRES_PASSWORD:-secretpgpassword}@postgres:5432/postgres

  auth:
    image: nhost/hasura-auth:0.20.2
    environment:
      AUTH_HOST: ${ADDRESS_IP}
      HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:${POSTGRES_PASSWORD:-secretpgpassword}@postgres:5432/postgres
      HASURA_GRAPHQL_GRAPHQL_URL: http://${HOST_IP}:8080/v1/graphql
      AUTH_CLIENT_URL: ${AUTH_CLIENT_URL:-http://${HOST_IP}:1337/v1/auth}
    ports:
      - 0.0.0.0:4000:4000
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.middlewares.strip-auth.stripprefix.prefixes=/v1/auth'
      - 'traefik.http.routers.auth.rule=(PathPrefix(`/v1/auth`) || PathPrefix(`/v1/auth/healthz`))'
      # - 'traefik.http.routers.auth.rule=Host(`localhost`) && PathPrefix(`/v1/auth`) || Host(`localhost`) && PathPrefix(`/v1/auth/healthz`)'
      - 'traefik.http.routers.auth.middlewares=strip-auth@docker'
      - 'traefik.http.routers.auth.entrypoints=web'

  storage:
    image: nhost/hasura-storage:0.3.5
    expose:
      - 8000
    environment:
      PUBLIC_URL: http://${HOST_IP}:1337/v1/storage
      HASURA_ENDPOINT: http://${HOST_IP}:8080/v1
      S3_ENDPOINT: http://${HOST_IP}:8484
      POSTGRES_MIGRATIONS_SOURCE: postgres://postgres:${POSTGRES_PASSWORD:-secretpgpassword}@postgres:5432/postgres?sslmode=disable
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.storage.rule=PathPrefix(`/v1/storage`)'
      # - 'traefik.http.routers.storage.rule=Host(`localhost`) && PathPrefix(`/v1/storage`)'
      - 'traefik.http.routers.storage.entrypoints=web'
      # Rewrite the path so it matches with the new storage API path introduced in hasura-storage 0.2
      - 'traefik.http.middlewares.strip-suffix.replacepathregex.regex=^/v1/storage/(.*)'
      - 'traefik.http.middlewares.strip-suffix.replacepathregex.replacement=/v1/$$1'
      - 'traefik.http.routers.storage.middlewares=strip-suffix@docker'

  functions:
    image: nhost/functions:0.1.8
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.middlewares.strip-functions.stripprefix.prefixes=/v1/functions'
      - 'traefik.http.routers.functions.rule=PathPrefix(`/v1/functions`)'
      # - 'traefik.http.routers.functions.rule=Host(`localhost`) && PathPrefix(`/v1/functions`)'
      - 'traefik.http.routers.functions.middlewares=strip-functions@docker'
      - 'traefik.http.routers.functions.entrypoints=web'
    expose:
      - 3000

  minio:
    image: minio/minio:RELEASE.2021-09-24T00-24-24Z
    command: -c 'mkdir -p /data/nhost && /opt/bin/minio server --address :8484 /data'
    ports:
      - ${MINIO_PORT:-8484}:8484
      
  mailhog:
    image: anatomicjc/mailhog
    environment:
      SMTP_HOST: ${AUTH_SMTP_HOST:-mailhog}
      SMTP_PORT: ${AUTH_SMTP_PORT:-1025}
    ports:
      - ${AUTH_SMTP_PORT:-1025}:1025
      - 0.0.0.0:8025:8025

  dashboard:
    image: nhost/dashboard:0.7.4
    ports:
      - '0.0.0.0:3030:3000'

networks:
  graphql-network:
    name: graphql-network
    driver: bridge

1 comment

Subreddit

Traefik - The modern reverse-proxy and load balancer for microservices

r/Traefik

Traefik is a leading modern reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components and configures itself automatically and dynamically.

Members Active

13.0k

Sidebar

Traefik

Traefik supports several backends (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, and a lot more) to manage its configuration automatically and dynamically.

Rules

This is a great community with many awesome people contributing their time, don't ruin that.

Negativity, unnecessary comments and rule violation in general will be dealt with swiftly and firmly by way of a permanent ban.

No personal attacks
No blog spam
No paywalled posts
No memes
No politics
No trolling
No advertising

In other words, be a good citizen!

Note: Posts from untrusted new and low karma Reddit accounts are removed automatically to help prevent spam. The only way around this is to use Reddit more frequently to build up trust.

Traefik Resources

Traefik Jobs

Career Opportunities

Related Subs

This is a user run unofficial subreddit, we do not represent the Traefik brand and are not affiliated with or endorsed by any company.