Swarm Mode + Letsecrypt + KV Store

[Berndinox]

What version of Traefik are you using (traefik version)?

traefik:latest

What is your environment & configuration (arguments, toml...)?

3 Node Swarm Cluster (Docker 1.13 - Swarm Mode)

version: "3"
 
services:
  traefik:
    image: traefik
    command: --web --docker --docker.swarmmode --docker.domain=docker.localhost --docker.watch --logLevel=WARN --entryPoints='Name:http Address::80 Redirect.EntryPoint:https' --entryPoints='Name:https Address::443 TLS' --acme.entryPoint=https [email protected] --acme.storage=/etc/traefik/acme/acme.json --acme.domains=MYDOMAIN.at --acme.ondemand=true --acme.onhostrule=true
    networks:
      - proxy
      - consul
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - traefikdata:/etc/traefik/acme
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.role == manager

volumes:
  traefikdata:
    driver: local-persist
    driver_opts:
      mountpoint: /mnt/glusterfs/docker/proxy/

What did you do?

Would like to store config into the Consul Cluster, cause with a local shared volume i'm not able to scale traefik.

Tried with appending the followong commands to the compose (above):
--consul --consul.endpoint=consul:8500 storeconfig

As descripte here: https://docs.traefik.io/user-guide/kv-config/#store-configuration-in-key-value-store
you have to specify acme.storage & acme.storagefile

So i put the .acme path under acme.storageFile and changed to acme.storage="traefik/acme/account".

What did you expect to see?

Letsencrypt Certificates in the KV Cluster, so that i can scale the traefik service

What did you see instead?

Error here : unknown flag: --acme.storagefile
I'm not able to specify storage file, so i just can point to the .acme file with acme.storage=, but then the storage location for the KV Store is missed.

Is there a straight forward way to scale Traefik on Docker Swarm Mode (+Letsencrypt)
How can i upload the certs?

Thanks BR

[Berndinox]

Got it working.
Solution: You are not able to store configs passed with command into the KV. You have to create a traefik.toml

[alexsandro-xpt]

@Berndinox how can I set traefik.toml to swarm container service?

[Berndinox]

Here my traefik.toml:

logLevel = "WARN"
defaultEntryPoints = ["http", "https"]

[entryPoints]
 [entryPoints.http]
 address = ":80"
 compress = false
   [entryPoints.http.redirect]
      entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[acme]
email = "admin@DOMAIN"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
onDemand = true

[[acme.domains]]
 main = "DOMAIN"

[web]
address = ":8080"

[docker]
domain = "docker.localhost"
watch = true
swarmmode = true

[bitsofinfo]

@Berndinox

So are you succesfully pulling static trefik configs + a shared acme.json from Consul KV, while at the same time having frontends/backends defined from docker swarm?

If so perhaps you can assist me w/ this? as I can't seem to get this setup working:

#1727

[bitsofinfo]

Can you please share the docker command you use to startup traefik that binds to consul for its static config + shared acme.json, yet gets its frontends/backends from docker swarm?

[Berndinox]

I've a working solution, have a look here: https://github.com/Berndinox/compose-v3-collection

1. create config toml and link in the compose to the container
2. start the compose with: "command: --consul --consul.endpoint=consul:8500 storeconfig"
3. stop conainer and start without "storeconfig"

This Procedere uploads the toml and acme files into the KV Store (Consul)
Keep attantion with LetsEncrypt cause any error will force Zertifikate rerequest and you can quickly run onto the LE limits!

https://docs.traefik.io/user-guide/kv-config/#store-configuration-in-key-value-store

Also the following Part inside the toml is relevant!

storage = "traefik/acme/account" # the key where to store your certificates in the KV store
storageFile = "acme.json" # your old certificates store

[bitsofinfo]

@Berndinox have you run this against latest version?

Storing the config all works fine, and then restarting traefik against that config works, but other docker services simply do not show up in frontends/backends in the UI despite the traefik logs showing things registering as I describe here: #1727

[ldez]

This issue is closed. Please open a new issue or discuss this in :

• Stack Overflow using the "traefik" tag
• the Traefik community Slack channel

[bitsofinfo]

already been doing so for a while now

https://stackoverflow.com/questions/44460371/is-a-traefik-config-with-both-docker-swarm-and-consul-backend-possible

https://traefik.slack.com/archives/C0CDT22PJ/p1497013528142763

https://traefik.slack.com/archives/C0CDT22PJ/p1497023966981128