Traefik dashboard only works with overlay network created outside of stack deploy for swarm.

[tannerchung]

Do you want to request a feature or report a bug?

bug

What did you do?

I'm using stack deploy to use Traefik as a load balancer and the services are not responding to the defined networks consistently.

I have a docker compose file where I define

networks:
  proxy:
    driver: overlay

and my defined Traefik service has networks defined

    networks:
    - proxy

and under deploy

      labels:
      - traefik.enable=true
      - traefik.docker.network=proxy
      - traefik.frontend.rule=Host:traefik.example.com
      - traefik.backend.loadbalancer.sticky=true
      - traefik.frontend.passHostHeader=true
      - traefik.port=8080

You'll see below in the yml below, I have Portainer defined along side Traefik. I'm unable to reach Traefik unless I create a proxy network from the command line, even through Traefik is referring to proxy_proxy, which was created when running the docker stack deploy command.

I'm able to reach Portainer without the proxy network though

NETWORK ID          NAME                DRIVER              SCOPE
741f03949a00        bridge              bridge              local
73fca5fd4c16        docker_gwbridge     bridge              local
13e87cc1c46b        host                host                local
epaziubbr9r1        ingress             overlay             swarm
d501350a09b1        none                null                local
pr80l7ncqtca        proxy               overlay             swarm
lop97b0htl98        proxy_proxy         overlay             swarm

I tested to see maybe if proxy_proxy was a useless network but Portainer won't load with just the external proxy network defined OR if I defined the network in the yml file like:

networks:
  proxy:
    external: true

so that both services just rely on the proxy network that was created from the command line

What did you expect to see?

I expect to be able to see the Traefik dashboard at traefik.example.com OR I expect Portainer not to work either.

What did you see instead?

A Gateway Timeout error for Traefik and Portainer working

Output of traefik version: (What version of Traefik are you using?)

Version:      v1.5.1
Codename:     cancoillotte
Go version:   go1.9.3
Built:        2018-01-29_02:14:02PM
OS/Arch:      linux/amd64

What is your environment & configuration (arguments, toml, provider, platform, ...)?

accessLogsFile = "/dev/stdout"
defaultEntryPoints = ["http", "https"]
[acme]
email = "hosting@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
acmeLogging = true
onDemand = false
caServer = "https://acme-staging.api.letsencrypt.org/directory"
[acme.httpChallenge]
  entryPoint = "http"

[web]
address = ":8080"
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
      entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "traefik.example.com"
watch = true
swarmmode = true
exposedbydefault = false

networks:
  proxy:
    driver: overlay

configs:
  traefik_toml_v2:
    file: ./traefik.toml

services:
  traefik:
    image: traefik:1.5-alpine
    deploy:
      replicas: 1
      labels:
      - traefik.enable=true
      - traefik.docker.network=proxy
      - traefik.frontend.rule=Host:traefik.example.com
      - traefik.backend.loadbalancer.sticky=true
      - traefik.frontend.passHostHeader=true
      - traefik.port=8080
      placement:
        constraints:
        - node.role == manager
      restart_policy:
        condition: on-failure
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - $PWD/infra/traefik.toml:/traefik.toml
    - $PWD/infra/acme.json:/acme.json
    networks:
    - proxy
    ports:
    - target: 80
      protocol: tcp
      published: 80
      mode: ingress
    - target: 443
      protocol: tcp
      published: 443
      mode: ingress
    - target: 8080
      protocol: tcp
      published: 8080
      mode: ingress
    configs:
    - source: traefik_toml_v2
      target: /etc/traefik/traefik.toml
      mode: 444
  portainer:
    image: portainer/portainer
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - $PWD/infra/portainer:/data
    networks:
    - proxy
    deploy:
      replicas: 1
      placement:
        constraints:
        - node.role == manager
      restart_policy:
        condition: on-failure
      labels:
      - traefik.enable=true
      - traefik.docker.network=proxy
      - traefik.port=9000
      - traefik.backend=portainer
      - traefik.backend.loadbalancer.sticky=true
      - traefik.frontend.passHostHeader=true
      - traefik.frontend.rule=Host:portainer.example.com

If applicable, please paste the log output in debug mode (--debug switch)

(paste your output here)

[salzig]

When you deploy a stack using docker stack deploy -c docker-compose.yml $stackname every network/volume/service is prefixed with $stackname. Even if you name the network proxy, it's called $stackname_proxy in the end (except when marked as external).
But you tell Traefik to use a proxy named network traefik.docker.network=proxy, which dosn't exist unless you create it by hand.

Two options:

• create the proxy network as not external as you've done so far and use traefik.docker.network=$stackname_proxy, where you replace $stackname with the stack name (i think it's proxy in your case)

or

• create the proxy network by hand, declare it as external in your docker-compose.yml

edit: hint: btw, using the host-mode port binding can save you network roundtrips when traefik is deploy as global service.

[ldez]

I'll close this issue, because I think the question is answered.

[tannerchung]

Hey @ldez I don't think the question is answered because what I'm pointing out is the inconsistencies in which Traefik is handling network names.

@salzig, thanks for the reply. I know that when creating a network with docker stack deploy without marking a network as external, docker will automatically prefix the network with the stack's name. However, what I was pointing out was that both Traefik and Portainer are referring to the network that is created in the stack by only using the network's alias, proxy and not the externally listed network prefixed with the stack's name, proxy_proxy and Portainer is still able to function as well as Traefik's routing services. The only item that is not working is Traefik's dashboard in this setup.

The only time Traefik's dashboard is accessible is if I define the network externally, which I can do, but I'm just trying to point out that Traefik's routing services and Portainer should not be working if what you proposed to be true, that the network in the composer file has to be defined with <stack name>_<network name>, proxy_proxy.

[souhaiebtar]

@tannerchung let's encrypt didn't work for this config, do i still need consul to store k/v for acme, i only run traefik on manager, and i have a single manager

[TiE23]

You can name the network you create with the name config.

networks:
  proxy:
    name: "proxy"
    external: false

That way it won't be proxy_proxy, it'll just be proxy.