docker-traefik
docker-traefik copied to clipboard
htpcBeginner
Secrets can't be loaded
I'm using Unraid as base distro
Below you can find my compose file and the env. With traefik I'm using as well a traefik.yml which is not relevant, and everthing works fine if I remove the secrets and add the in the env file
This is my compose
###############################################################
# Traefik
###############################################################
version: '3.9'
# Services ####################################################
services:
traefik:
container_name: Traefik
image: traefik:latest
restart: unless-stopped
depends_on:
- socketproxy
networks:
socketproxy: # rename this to your custom docker network
br2:
ipv4_address: 10.10.50.250
dns: 10.10.50.5
ports:
- "80:80"
- "443:443"
- "8080:8080" # Dashboard port
volumes:
- "/mnt/user/Docker/Traefik:/etc/traefik/"
environment:
- TZ
- DOCKER_HOST=socketproxy
- CF_API_EMAIL
- CF_DNS_API_TOKEN
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.localwhitelist2.ipwhitelist.sourcerange=10.10.10.1/24"
- "traefik.http.routers.traefik-dashboard.middlewares=localwhitelist2"
- "traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080" #required
- "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.test.com.es`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.traefik-dashboard.tls=true"
- "traefik.http.routers.traefik-dashboard.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik-dashboard.service=api@internal" #required
- "traefik.http.routers.api.service=api@internal" #required
#- "traefik.http.routers.api.tls=true"
#- "traefik.http.routers.traefik-dashboard.entrypoints=https443"
- "com.centurylinklabs.watchtower.enable=true"
secrets:
- CF_API_EMAIL
- CF_DNS_API_TOKEN
socketproxy:
container_name: Traefik-socketproxy
image: tecnativa/docker-socket-proxy
privileged: true
networks:
- socketproxy
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
- LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg
- CONTAINERS=1
- POST=0
labels:
- "com.centurylinklabs.watchtower.enable=true"
# Networks ####################################################
networks:
br2:
driver: macvlan
external: true
br1:
driver: macvlan
external: true
socketproxy:
internal: true
# Secrets ##############################################
secrets:
# CF_API_EMAIL
CF_API_EMAIL:
file: $DOCKERDIR/CF_API_EMAIL
# CF_API_EMAIL
CF_DNS_API_TOKEN:
file: $DOCKERDIR/CF_DNS_API_TOKEN
this is the env
###############################################################
# Traefik
###############################################################
# General
TZ=Europe/Madrid
# Secrets path
DOCKERDIR=/mnt/user/Docker/docker-compose/Traefik/secrets
# Secrets Traefik
CF_API_EMAIL=/run/secrets/CF_API_EMAIL
CF_DNS_API_TOKEN=/run/secrets/CF_DNS_API_TOKEN
secrets are stored here
I have give read and write permissions just in case but still I can't get the secrets to be loaded. When I launch the compose I get an error in the traeffic log that the api token is not good.
I have been trying to fix this for too may hours but still can figure out how to fix it.
ups Ok, I have discovered that I have to add _FILE at the end of the variables.
So, using secrets from file is something that require for every container specific variables? Secrets from file won't be supported by any container by default unless the developer add this feature specifically