seedbox icon indicating copy to clipboard operation
seedbox copied to clipboard

Published 20 hours ago verified publisher icon jfroment

Not An Issue: Using without Traefik?

Open jordanwmcdonald opened this issue 3 years ago • 4 comments

As mentioned in the title, this is not an issue, but I am not sure where else to post this inquiry and there was no option for contacting @jfroment directly.

I already have HAProxy running on my pfSense firewall so I do not need to use Traefik. I have attempted to remove the Traefik bits from all yaml files, but have not been successful.

Could anyone provide any guidance on how to do this? I would be willing to donate in advance for this support. Thank you so much. 👍🏻

jordanwmcdonald avatar Feb 21 '22 02:02 jordanwmcdonald

Hello,

No problem contacting me here, even if that's not a classic "Issue".

You can add traefik: disable in the services.conf and it should skip Traefik creation/update (it will also remove it if it is already running). Traefik is not enabled explicitely by default in the services.conf.sample file because all missing entries are enabled by default (which is not ideal and I plan to improve this part in the future).

You will end up without Traefik but still with all services having traefik labels, their presence should not have any impact on the containers. But you would still have to figure how to access your services from your external HAProxy, because no port are open on the Docker host. So maybe what would be ideal for you is a Traefik but without any certificate management, and services as subdomains of one configured in HAProxy (wildcard DNS using wildcard certificate, set on the HAProxy). If it seems right to you, I can look into how I can disable certificate management in a configurable way, using same scripts and yaml files for your use case.

jfroment avatar Feb 23 '22 09:02 jfroment

Hi Jean,

Thank you for your thoughtful response, I am truly grateful!

Yes, your proposal meshes with my understanding of what an environment like mine would require. As of today, HAProxy handles the certificate manage with wildcard DNS via Cloudflare for a specific domain. So if we could devise a way to point the HAProxy to exposed LAN ports on the Docker host, then it should work.

Thank you for your help; your project embodies the bleeding edge in this scene. I appreciate you.

jordanwmcdonald avatar Feb 27 '22 18:02 jordanwmcdonald

Hi,

Thanks for your kind words, I truly appreciate. I drafted a v2 release in the dev branch, which should meet your needs. If you use the dev branch, just git pull (or download the dev branch as a zip file).

Here is the upgrade guide: Upgrade to v2 Here is the configuration guide: Configuration Guide

Basically, with the new configuration file structure, you can set httpOnly: true on every service and that will skip certificate generation and management for any service. What's left for you is to point your HAProxy on Traefik routes (as http) and manage certificate for these routes in there. There will still be Traefik to avoid to open every service's port, but with http access that should not be a problem anymore for your use case.

Do not hesitate to tell me if that does not meet your requirements or if you have any problem.

jfroment avatar Mar 06 '22 23:03 jfroment

Hey @jfroment,

I appreciate you! I apologize for the delay in responding - suffice it to say that I had intended on following up with you immediately. Thank you so very much for your hard work. You have gone above and beyond with your work and I am grateful for your detailed documentation.

I have tinkered around with your v2, but have hit a wall after trying for several hours... and then several hours more because I do not want to come to you for every little issue (trying to respect your time). I recognize that the issue is probably me as I am a relative Docker novice.

SETUP

  1. On a new VM running Ubuntu 20.04..4 LTS, I installed all of the prerequisites for v2
  2. I assigned it a Static IP on VLAN "A" so that I can point HAProxy to it
  3. I copied and configured the .env. file and used bcrypt for the HTTP AUTH password
  4. I copied the config.yaml file (I left it all at the defaults except for adding httpOnly: true to the services as you mentioned in the Configuration Guide).
  5. I did not enable VPN on any services.

PROBLEM

  1. I cannot access any services from VLAN "A" via the Static IP of the Ubuntu VM. For example, from another computer on the same VLAN nothing happens when I try to access http://<Static IP>:9443 for Portainer or http://<Static IP>:8112 for Deluge. I also tried with https.
  2. Also, I have tried pointing the HAProxy to the Static IP of the Ubuntu VM via ports: 80, 443, and multiple Service ports such as 8112/9443. I have verified that External DNS resolution is configured properly, and https://<service>.<domain>.<tld> gets to the HAProxy, but the HAProxy internally is not communicating with the Seedbox.

HYPOTHESIS

It is probably obvious to you what I have done wrong here, but I suspect I need to configure the Seedbox Docker network to expose the Enabled Service ports to VLAN "A" so that HAProxy can route to them. That could be completely off-base, I really have no clue.

Thank you!

jordanwmcdonald avatar Mar 28 '22 04:03 jordanwmcdonald