traefik-kop icon indicating copy to clipboard operation
traefik-kop copied to clipboard

Published 20 hours ago verified publisher icon jittering

Kop publish local docker ip insted of binded host ip

Open laserg opened this issue 1 year ago • 5 comments

Hi. Thx for work and so... If I understand the idea correctly the BIND_IP is the ip used for publishing all the services in compose file. But on my config all services published by kop uses docker net ip insted of binded one.

I tried this two ways

  • treafiek and kop runs on the different vms/hosts
  • treafiek and kop runs on the same vms/hosts

The kop docker-compose.yml for same host case:

version: "3.2"
services:
  traefik-kop:
    image: "ghcr.io/jittering/traefik-kop:latest"
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - "REDIS_ADDR=${GATEWAY_VM_IP}:63792"
      - "REDIS_PASS=${TRAEFIK_REDIS_PASS}"
      - "BIND_IP=${GATEWAY_VM_IP}"
      - "DEBUG=1"
    networks:
      - internal
  portainer:
    image: portainer/portainer-ce:2.19.0
    ports:
      - "8080:9000"
    volumes:
      - portainer_data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped
    networks:
      - internal
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer-https.rule=Host(`portainer.example.com`)"
      - "traefik.http.routers.portainer-https.entrypoints=websecure"
      - "traefik.http.routers.portainer-https.tls.certresolver=letsentcrypt"
      - "traefik.http.routers.portainer-http.rule=Host(`portainer.example.com`)"
      - "traefik.http.routers.portainer-http.entrypoints=web"
      - "traefik.http.routers.portainer-http.middlewares=https-redirect"
      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
      - "traefik.http.routers.portainer-https.service=portainer"
      - "traefik.http.services.portainer.loadbalancer.server.port=8080"
      - "kop.bind.ip=2.2.2.2"
  ldap-user-manager:
    image: 'wheelybird/ldap-user-manager:v1.6'
    ports:
      - "8081:80"
    environment:
      - SERVER_HOSTNAME=lum.example.com
      - 'LDAP_URI=ldap://${GATEWAY_VM_IP}'
      - 'LDAP_BASE_DN=dc=example,dc=com'
      - LDAP_REQUIRE_STARTTLS=FALSE
      - FORCE_RFC2307BIS=FALSE
      - NO_HTTPS=TRUE
      - LDAP_ADMINS_GROUP=admins
      - 'LDAP_ADMIN_BIND_DN=cn=admin,dc=example,dc=com'
      - LDAP_ADMIN_BIND_PWD=185183b7_fe9d_45a4_a231_e33edd88f242
      - LDAP_IGNORE_CERT_ERRORS=true
      - EMAIL_DOMAIN=example.com
    restart: unless-stopped
    networks:
      - internal
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.ldap-user-manager-https.rule=Host(`lum.example.com`)"
      - "traefik.http.routers.ldap-user-manager-https.entrypoints=websecure"
      - "traefik.http.routers.ldap-user-manager-https.tls.certresolver=letsentcrypt"
      - "traefik.http.routers.ldap-user-manager-http.rule=Host(`lum.example.com`)"
      - "traefik.http.routers.ldap-user-manager-http.entrypoints=web"
      - "traefik.http.routers.ldap-user-manager-http.middlewares=https-redirect"
      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
      - "traefik.http.routers.ldap-user-manager-https.service=ldap-user-manager"
      - "traefik.http.services.ldap-user-manager.loadbalancer.server.port=8081"
volumes:
  portainer_data:
networks:
  internal:

The kop .env:

GATEWAY_VM_IP=192.168.0.86
TRAEFIK_REDIS_PASS=0211680c-4b6b-111e-be56-0242ac120002

The kop log is

vm-user@gateway-vm:~/stacks/admin$ sudo docker logs admin_traefik-kop_1
time="2023-09-05T18:41:01Z" level=debug msg="using traefik-kop config: {DockerConfig: DockerHost:unix:///var/run/docker.sock Hostname:6de8854d1ccb BindIP:192.168.0.86 Addr:192.168.0.86:63792 Pass:0215680c-4b6b-11ee-be56-0242ac120002 DB:0 PollInterval:60}"
time="2023-09-05T18:41:01Z" level=info msg="creating new redis store at 192.168.0.86:63792 for hostname 6de8854d1ccb"
time="2023-09-05T18:41:01Z" level=info msg="Starting provider aggregator *traefikkop.MultiProvider"
time="2023-09-05T18:41:01Z" level=info msg="starting polling provider with 1m0s interval"
time="2023-09-05T18:41:01Z" level=info msg="Starting provider *docker.Provider"
time="2023-09-05T18:41:01Z" level=debug msg="*docker.Provider provider configuration: {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"swarmModeRefreshSeconds\":\"15s\"}"
time="2023-09-05T18:41:01Z" level=debug msg="Provider connection established with docker 24.0.5 (API 1.43)" providerName=docker
time="2023-09-05T18:41:01Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-kop-admin-6de8854d1ccb1d2c10dfc604cfc4ede10b3556502470eff22fdd0b19d8f57e29
time="2023-09-05T18:41:01Z" level=debug msg="Filtering disabled container" providerName=docker container=openldap-gateway-5e38cd41b2c630039ec9dcbc30138524e1b6cf2084abea5abcff24f51ac9bdb9
time="2023-09-05T18:41:01Z" level=debug msg="Filtering disabled container" providerName=docker container=authelia-redis-gateway-225a26a9e9fdededd1fbc180f1f6d67fced9b30117bd55bc81c043d100584f0f
time="2023-09-05T18:41:01Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-redis-gateway-6c3930a5a6b3c551760a4062084dbe3615678bedb0b1f709b66a74fc8a34093c
time="2023-09-05T18:41:01Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"authelia\":{\"entryPoints\":[\"websecure\"],\"service\":\"authelia\",\"rule\":\"Host(`auth.larin.center`)\",\"tls\":{\"certResolver\":\"letsentcrypt\"}},\"ldap-user-manager-http\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"https-redirect\"],\"service\":\"ldap-user-manager\",\"rule\":\"Host(`lum.larin.center`)\"},\"ldap-user-manager-https\":{\"entryPoints\":[\"websecure\"],\"service\":\"ldap-user-manager\",\"rule\":\"Host(`lum.larin.center`)\",\"tls\":{\"certResolver\":\"letsentcrypt\"}},\"portainer-http\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"https-redirect\"],\"service\":\"portainer\",\"rule\":\"Host(`portainer.larin.center`)\"},\"portainer-https\":{\"entryPoints\":[\"websecure\"],\"service\":\"portainer\",\"rule\":\"Host(`portainer.larin.center`)\",\"tls\":{\"certResolver\":\"letsentcrypt\"}},\"traefik-http\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"https-redirect\"],\"service\":\"traefik-gateway\",\"rule\":\"Host(`traefik.larin.center`)\"},\"traefik-https\":{\"entryPoints\":[\"websecure\"],\"middlewares\":[\"authelia@docker\"],\"service\":\"api@internal\",\"rule\":\"Host(`traefik.larin.center`)\",\"tls\":{\"certResolver\":\"letsentcrypt\"}}},\"services\":{\"authelia\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.29.0.5:9091\"}],\"passHostHeader\":true}},\"ldap-user-manager\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.16.4:8081\"}],\"passHostHeader\":true}},\"portainer\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.16.2:8080\"}],\"passHostHeader\":true}},\"traefik-gateway\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.29.0.6:80\"}],\"passHostHeader\":true}}},\"middlewares\":{\"authelia\":{\"forwardAuth\":{\"address\":\"http://authelia:9091/api/verify?rd=https://auth.larin.center\",\"trustForwardHeader\":true,\"authResponseHeaders\":[\"Remote-User\",\"Remote-Groups\",\"Remote-Name\",\"Remote-Email\"]}},\"authelia-basic\":{\"forwardAuth\":{\"address\":\"http://authelia:9091/api/verify?auth=basic\",\"trustForwardHeader\":true,\"authResponseHeaders\":[\"Remote-User\",\"Remote-Groups\",\"Remote-Name\",\"Remote-Email\"]}},\"https-redirect\":{\"redirectScheme\":{\"scheme\":\"https\",\"permanent\":true}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2023-09-05T18:41:01Z" level=info msg="refreshing traefik-kop configuration"
time="2023-09-05T18:41:01Z" level=debug msg="found http service: portainer@docker" service=portainer@docker service-type=http
time="2023-09-05T18:41:01Z" level=debug msg="found router 'portainer-http@docker' for service portainer"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/admin_portainer_1' (2b1222bc496fce7acade908d6605053e66c160d44bfbacc6991d373b6e97a751) for service 'portainer'"
time="2023-09-05T18:41:01Z" level=debug msg="found label kop.bind.ip with IP '2.2.2.2' for service portainer"
time="2023-09-05T18:41:01Z" level=debug msg="using load balancer URL for port detection: http://192.168.16.2:8080" service=portainer@docker service-type=http
time="2023-09-05T18:41:01Z" level=debug msg="found router 'portainer-http@docker' for service portainer"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/admin_portainer_1' (2b1222bc496fce7acade908d6605053e66c160d44bfbacc6991d373b6e97a751) for service 'portainer'"
time="2023-09-05T18:41:01Z" level=debug msg="using explicitly set port 8080 for portainer@docker" service-type=http service=portainer@docker
time="2023-09-05T18:41:01Z" level=info msg="publishing http://2.2.2.2:8080" service=portainer@docker service-type=http
time="2023-09-05T18:41:01Z" level=debug msg="found http service: traefik-gateway@docker" service-type=http service=traefik-gateway@docker
time="2023-09-05T18:41:01Z" level=debug msg="found router 'traefik-http@docker' for service traefik-gateway"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/gateway_traefik_1' (0b0f005b646af94a8c930161983cbc0ea17e06d2877d994e953af06b74217460) for service 'traefik-gateway'"
time="2023-09-05T18:41:01Z" level=debug msg="found router 'traefik-http@docker' for service traefik-gateway"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/gateway_traefik_1' (0b0f005b646af94a8c930161983cbc0ea17e06d2877d994e953af06b74217460) for service 'traefik-gateway'"
time="2023-09-05T18:41:01Z" level=debug msg="no network label set for traefik-gateway@docker"
time="2023-09-05T18:41:01Z" level=debug msg="using load balancer URL for port detection: http://172.29.0.6:80" service-type=http service=traefik-gateway@docker
time="2023-09-05T18:41:01Z" level=debug msg="found router 'traefik-http@docker' for service traefik-gateway"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/gateway_traefik_1' (0b0f005b646af94a8c930161983cbc0ea17e06d2877d994e953af06b74217460) for service 'traefik-gateway'"
time="2023-09-05T18:41:01Z" level=warning msg="found more than one host-port binding for container '/gateway_traefik_1' (80:80, 443:443)" service=traefik-gateway@docker service-type=http
time="2023-09-05T18:41:01Z" level=debug msg="using existing port 80" service-type=http service=traefik-gateway@docker
time="2023-09-05T18:41:01Z" level=info msg="publishing http://192.168.0.86:80" service=traefik-gateway@docker service-type=http
time="2023-09-05T18:41:01Z" level=debug msg="found http service: authelia@docker" service=authelia@docker service-type=http
time="2023-09-05T18:41:01Z" level=debug msg="found router 'authelia@docker' for service authelia"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/gateway_authelia_1' (e64e4018a8eac24a6490bddaf60f4dc1249e05a65f90cc03a5dae35e2d1336c0) for service 'authelia'"
time="2023-09-05T18:41:01Z" level=debug msg="found router 'authelia@docker' for service authelia"
time="2023-09-05T18:41:01Z" level=debug msg="found container '/gateway_authelia_1' (e64e4018a8eac24a6490bddaf60f4dc1249e05a65f90cc03a5dae35e2d1336c0) for service 'authelia'"
time="2023-09-05T18:41:01Z" level=debug msg="no network label set for authelia@docker"
time="2023-09-05T18:41:01Z" level=debug msg="using load balancer URL for port detection: http://172.29.0.5:9091" service-type=http service=authelia@docker
time="2023-09-05T18:41:01Z" level=debug msg="found router 'authelia@docker' for service authelia"
time="2023-09-05T18:41:02Z" level=debug msg="found container '/gateway_authelia_1' (e64e4018a8eac24a6490bddaf60f4dc1249e05a65f90cc03a5dae35e2d1336c0) for service 'authelia'"
time="2023-09-05T18:41:02Z" level=debug msg="using explicitly set port 9091 for authelia@docker" service=authelia@docker service-type=http
time="2023-09-05T18:41:02Z" level=info msg="publishing http://192.168.0.86:9091" service=authelia@docker service-type=http
time="2023-09-05T18:41:02Z" level=debug msg="found http service: ldap-user-manager@docker" service=ldap-user-manager@docker service-type=http
time="2023-09-05T18:41:02Z" level=debug msg="found router 'ldap-user-manager-http@docker' for service ldap-user-manager"
time="2023-09-05T18:41:02Z" level=debug msg="found container '/admin_ldap-user-manager_1' (2ebaafe69e36f4f2e0f28290a4687e6c339eda403b1b013d11aea886fed8cc4f) for service 'ldap-user-manager'"
time="2023-09-05T18:41:02Z" level=debug msg="found router 'ldap-user-manager-http@docker' for service ldap-user-manager"
time="2023-09-05T18:41:02Z" level=debug msg="found container '/admin_ldap-user-manager_1' (2ebaafe69e36f4f2e0f28290a4687e6c339eda403b1b013d11aea886fed8cc4f) for service 'ldap-user-manager'"
time="2023-09-05T18:41:02Z" level=debug msg="no network label set for ldap-user-manager@docker"
time="2023-09-05T18:41:02Z" level=debug msg="using load balancer URL for port detection: http://192.168.16.4:8081" service=ldap-user-manager@docker service-type=http
time="2023-09-05T18:41:02Z" level=debug msg="found router 'ldap-user-manager-https@docker' for service ldap-user-manager"
time="2023-09-05T18:41:02Z" level=debug msg="found container '/admin_ldap-user-manager_1' (2ebaafe69e36f4f2e0f28290a4687e6c339eda403b1b013d11aea886fed8cc4f) for service 'ldap-user-manager'"
time="2023-09-05T18:41:02Z" level=debug msg="using explicitly set port 8081 for ldap-user-manager@docker" service-type=http service=ldap-user-manager@docker
time="2023-09-05T18:41:02Z" level=info msg="publishing http://192.168.0.86:8081" service-type=http service=ldap-user-manager@docker
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-http/middlewares/0 = https-redirect"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-http/service = portainer"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-http/rule = Host(`traefik.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/authelia/tls/certResolver = letsentcrypt"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia-basic/forwardAuth/authResponseHeaders/0 = Remote-User"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia/forwardAuth/authResponseHeaders/0 = Remote-User"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-https/service = ldap-user-manager"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-https/tls/certResolver = letsentcrypt"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia/forwardAuth/authResponseHeaders/2 = Remote-Name"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-https/tls/certResolver = letsentcrypt"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/ldap-user-manager/loadBalancer/passHostHeader = true"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-https/entryPoints/0 = websecure"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-http/entryPoints/0 = web"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-https/entryPoints/0 = websecure"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/authelia/rule = Host(`auth.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/ldap-user-manager/loadBalancer/servers/0/url = http://192.168.0.86:8081"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/portainer/loadBalancer/servers/0/url = http://2.2.2.2:8080"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-http/middlewares/0 = https-redirect"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-http/service = ldap-user-manager"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/portainer/loadBalancer/passHostHeader = true"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/traefik-gateway/loadBalancer/passHostHeader = true"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia-basic/forwardAuth/authResponseHeaders/1 = Remote-Groups"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia/forwardAuth/authResponseHeaders/3 = Remote-Email"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/https-redirect/redirectScheme/scheme = https"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/https-redirect/redirectScheme/permanent = true"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-https/rule = Host(`lum.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/authelia/loadBalancer/passHostHeader = true"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/traefik-gateway/loadBalancer/servers/0/url = http://192.168.0.86:80"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia/forwardAuth/trustForwardHeader = true"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-https/service = portainer"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-https/rule = Host(`portainer.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-http/middlewares/0 = https-redirect"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia-basic/forwardAuth/address = http://authelia:9091/api/verify?auth=basic"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-http/entryPoints/0 = web"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-https/entryPoints/0 = websecure"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia-basic/forwardAuth/authResponseHeaders/3 = Remote-Email"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia/forwardAuth/address = http://authelia:9091/api/verify?rd=https://auth.larin.center"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-https/rule = Host(`traefik.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/authelia/service = authelia"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-http/rule = Host(`portainer.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-http/service = traefik-gateway"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-https/middlewares/0 = authelia@docker"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-https/service = api@internal"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/traefik-https/tls/certResolver = letsentcrypt"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/authelia/entryPoints/0 = websecure"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/ldap-user-manager-http/rule = Host(`lum.larin.center`)"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/routers/portainer-http/entryPoints/0 = web"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia-basic/forwardAuth/authResponseHeaders/2 = Remote-Name"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia/forwardAuth/authResponseHeaders/1 = Remote-Groups"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/services/authelia/loadBalancer/servers/0/url = http://192.168.0.86:9091"
time="2023-09-05T18:41:02Z" level=debug msg="writing traefik/http/middlewares/authelia-basic/forwardAuth/trustForwardHeader = true"

The proof of ip binding is image image

Expected IP is host 192.168.0.86

laserg avatar Sep 05 '23 19:09 laserg