New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to use traefik as reverse proxy with an Agent setup #1897
Comments
Hi @schemen Could you copy/pate the Portainer logs? Can you access the authentication view of Portainer or not? Is it working in your environment without Traefik? |
Hi! Thanks for the quick reply. When I add the The only log entry I receive on the portainer frontend is the following: When accessed through the ingress network (i.e. "host1.example.com:9000") I can see everything and the agent works beautifully. |
Maybe it's the involvment of multiple networks? Because without the agents and in it's standalone deployment version 1.17.0 works fine The frontend is attached to two networks, the one for public access via portainer and the one for the agents. |
Does it work if you remove it from the agent network? If so, you could expose the port 9001 on the agent service and use any node IP as endpoint URL. |
This is currently not working. What I did:
This is one of the errors I receive: After throwing out everything, it seems that I can still click at the Swarm field and see active tasks and the cluster visualisation, but everything else throws that error and times out. I've tried without TLS and with TLS but no verification. |
@schemen I believe that you still need to deploy the agent inside an overlay network and use |
Lemme try it out :) |
@deviantony When i tried that I received the following error logs
And a lot more like that as time went on. |
Did you try something like this ? version: "3"
services:
app:
image: portainer/portainer
volumes:
- /var/data/portainer:/data
networks:
- traefik_public
deploy:
labels:
- traefik.frontend.rule=Host:swarm.example.com
- traefik.port=9000
placement:
constraints: [node.role == manager]
command: -H tcp://NODE1_IP:9001 --tlsskipverify
agent:
image: portainer/agent
ports:
- "9001:9001"
environment:
AGENT_CLUSTER_ADDR: tasks.agent
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- agent_network
deploy:
mode: global
networks:
traefik_public:
external: true
agent_network:
driver: overlay
|
Yeah exactly like that. Although above solution would definitely not be ideal as it would expose the agents to any external access. I have found a workaround just now: I am really not sure what this issue might be here :S I hope I didn't bring a Traefik issue to you guys! |
By using the setup above, you must use the public IP of one of the nodes as the endpoint URL, |
Sigh... It was my own fault, I am very sorry to bring this up. So, a complete composer-file for traefik as an example would look like this:
I think this issue can be closed. This has been an issue on my traefik configuration. |
Glad you solved it ! Feel free to write a small post about it, might help other users ;-) |
Here is my stack on docker-stack-this |
) * fix(migration): close the database before running backups On certain filesystems, particuarly NTFS when a network mounted windows file server is used to store portainer's database, you are unable to copy the database while it is open. To fix this we simply close the database and then re-open it after a backup. * handle close and open errors * dont return error on nil
Bug description
I cannot access Portainer through a Traefik generated reverse proxy (Let's say mapped to "console.example.com").
I recieve a 504 Error, it seems to timeout.
This issue does not occur if you use the agentless setup.
Expected behavior
I can normally access Portainer through a reverse proxy and HTTPS.
Steps to reproduce the issue:
See technical details for a docker-compose.yml
Technical details:
Additional context
The text was updated successfully, but these errors were encountered: