Traefik integration

[ghost]

Hello. I spiked on a Traefik integration yesterday using a mirror of this software as I'm investigating alternatives to Fathom for use in After Dark. I'm dropping the code I wrote yesterday here along with some notes as I took it as far as I have time for right now. Hopefully someone will see it to the finish line and get a functional test case together for Ackee integration with Traefik.

version: "3.7"
services:

  traefik:
    image: traefik:v2.0.0
    restart: always
    command:
      # - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--global.checkNewVersion=false"
      - "--global.sendAnonymousUsage=false"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
    ports:
      - "80:80"
      - "8080:8080" # Traefik Web UI (enabled by --api.insecure)
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro # So that Traefik can listen to the Docker events
      # - ./traefik.toml:/etc/traefik/traefik.toml # Start using config

  web:
    build: .
    restart: unless-stopped
    expose:
      - "80"
    volumes:
      - ./site/content:/opt/after-dark/content/:ro
      - ./site/config.toml:/opt/after-dark/config.toml:ro
    labels:
      - traefik.enable=true
      - traefik.http.routers.after-dark.entrypoints=web
      - traefik.http.routers.after-dark.rule=Host(`test.local`)

  ackee:
    image: electerious/ackee
    restart: unless-stopped
    expose:
      - "3000"
    environment:
      - WAIT_HOSTS=mongo:27017
      - ACKEE_MONGODB=mongodb://mongo:27017/ackee
      - ACKEE_USERNAME=ackee
      - ACKEE_PASSWORD=ackee
    labels:
      - traefik.enable=true
      - traefik.http.routers.ackee.entrypoints=web
      - traefik.http.routers.ackee.rule=Host(`ackee.test.local`)
      - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,POST,PATCH,OPTIONS"
      - "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
      - "traefik.http.middlewares.testheader.headers.accessControlAllowHeaders=Content-Type"

  mongo:
    image: mongo:4.2-bionic
    restart: always
    volumes:
      - db-data:/var/lib/mongodb

volumes:
  db-data:

Resources

• https://docs.traefik.io/middlewares/headers/#cors-headers - CORS docs
• Application sent CORS headers are either not overwritten, or blocked completely traefik/traefik#5567 - CORS issue (open at present)

Notes:

• localhost hardcoded in src/index.js must be changed to 0.0.0.0 for ackee to work properly
• you may run docker-compose exec ackee sh and hack index.js at runtime then, inside the running ackee container, do a kill <pid> where is ackee. the container will restart automatically based on the compose rules and be listening on the correct port and you won't need for fork to do this
• if you're trying to do this with after-dark (linked above) as web you can disable CSP for testing purposes via the setting in config.toml

Cheers.

[ghost]

[electerious]

localhost hardcoded in src/index.js must be changed to 0.0.0.0 for ackee to work properly

Will add this as an option HOST or ACKEE_HOST, but do you think that going with 0.0.0.0 as the default could be problematic for some users?

[eskan]

Hi,
if it helps Ackee works fine with traefik 1.7 and this labels (traefik-net is the network name traefik use)

      labels:
        traefik.port: "3000"
        traefik.docker.network: "traefik-net"
        traefik.frontend.rule: "Host:stats.my-host.com"
        traefik.frontend.headers.customResponseHeaders: 'Access-Control-Allow-Methods: GET, POST, PATCH, OPTIONS||Access-Control-Allow-Origin: *||Access-Control-Allow-Headers: Content-Type'

[alt4]

Greetings,
I can confirm it also works on Traefik 2.

Beware that they seemingly recently deprecated origin-list-or-null, and you now have to list your tracked domains manually or use a wildcard.

Here are my labels (I did not remove my HTTPS redirection as I cannot test my setup without it):

labels:
  - "traefik.enable=true"
  - "traefik.docker.network=web"
  # Middleware for CORS headers
  - "traefik.http.middlewares.corsheaders.headers.accesscontrolallowmethods=GET,POST,PATCH,OPTIONS"
  - "traefik.http.middlewares.corsheaders.headers.accesscontrolalloworiginlist=tracked-domain.example.com"
  - "traefik.http.middlewares.corsheaders.headers.accessControlAllowHeaders=Content-Type"
  # HTTP endpoint - redirected
  - "traefik.http.routers.ackee.entryPoints=web"
  - "traefik.http.routers.ackee.rule=host(`ackee.example.com`)"
  - "traefik.http.middlewares.ackee-redirect.redirectScheme.scheme=https"
  - "traefik.http.middlewares.ackee-redirect.redirectScheme.permanent=true"
  - "traefik.http.routers.ackee.middlewares=ackee-redirect"
  # SSL endpoint
  - "traefik.http.routers.ackee-ssl.entryPoints=web-secure"
  - "traefik.http.routers.ackee-ssl.rule=host(`ackee.example.com`)"
  - "traefik.http.routers.ackee-ssl.tls=true"
  - "traefik.http.routers.ackee-ssl.tls.certResolver=le-ssl"
  - "traefik.http.routers.ackee-ssl.service=ackee-ssl"
  - "traefik.http.routers.ackee-ssl.middlewares=corsheaders"
  - "traefik.http.services.ackee-ssl.loadBalancer.server.port=3000"

I did not need to edit src/index.js.

[electerious]

I will close the issue as it sounds like there's nothing to do from my side :)

[ryangjchandler]

@alt4 , using your configuration I end up with a 404 for my actual Ackee instance. Any ideas?

[ryangjchandler]

For some reference, Traefik is throwing this error:

time="2020-04-06T14:19:56+02:00" level=error msg="field not found, node: accesscontrolalloworiginlist" providerName=docker container=ackee-ackee-dcf5053f7fd9f963048c652fc7ed4f2ad4b630741df3b55526b2260e67081caa

Uncommenting the line in my docker-compose.yml that sets the accesscontrolalloworiginlist fixes the 404 but the CORS headers are still not being touched.

[alt4]

Which Traefik version are you using?

You need to use the original post's labels (i.e. accesscontrolalloworigin and not accesscontrolalloworiginlist) if it is lower than v2.2.0 (released less than 15 days ago).