Podman + traefik

I want to move from docker to podman, but I am having trouble migrating images that rely on the docker.sock to podman’s varlink.

After enabling varlink, I am swapping out the docker.sock with podman.io path, but no luck.

Here is podman man page:
https://www.mankier.com/1/podman-varlink

Here is the traefik documentation:
https://hub.docker.com/_/traefik

Here is the original run command:

docker run -d -p 8080:8080 -p 80:80
-v $PWD/traefik.yml:/etc/traefik/traefik.yml
-v /var/run/docker.sock:/var/run/docker.sock
traefik:v2.0

What is the correct method to replace the docker.sock host path with the podman’s API? Or am I going about this the wrong way?

At the end of the day I want to run jwilder or traefik on podman. Help appreciated!

There is no Docker socket equivalent in Podman because there is no daemon to connect to. It doesn’t seem like it’s really required for Traefik though; it’s only used for automatic container discovery. But if you do need that, then you could follow this issue:

1 Like

You can use the file-provider instead of the Docker-provider. This means doing the configuration in an old-fashioned config file and is less flexible but perfectly doable for a small/static setup: File - Traefik

I was not able to get Traefik working via Podman using File configuration, though my File config works fine on Docker. Have you had successful experience with Podman + Traefik?

Yes, I’m running Podman + Traefik and it’s working.

Maybe you can help me troubleshoot?

If I swap out “podman” with “docker” the following scripts appear to work fine. However, when using podman, i get “404 page not found” when navigating to my URLs. Can you point out something I need to correct?

sudo podman run -d \
    -p 8080:8080 \
    -p 80:80 \
    -p 443:443 \
    -v ~/Documents/containers/traefik/runtime/etc_traefik/:/etc/traefik/ \
    --name traefik \
    traefik:v2.0

Static config file:

global:
  checkNewVersion: true

log:
  level: "DEBUG"
  filePath: "/etc/traefik/log-file.log"

accessLog:
  filePath: "/etc/traefik/log-access.log"
  bufferingSize: 100

api:
  insecure: true

entryPoints:
  web:
    address: ":80"
  web-secure:
    address: ":443"

providers:
  file:
    filename: /etc/traefik/traefik-dynamic.yml
    watch: true

certificatesResolvers:
  le:
    acme:
      email: email@gmail.com
      storage: acme.json
      httpChallenge:
        entryPoint: web

Dynamic file:

http:
  routers:
    plex_route:
      entryPoints:
      - "web"
      - "web-secure"
      middlewares:
      - secure_mw
      service: plex_service
      rule: "Host(`plex.mydomain.org`)"
      tls:
        certResolver: le
        domains:
        - main: "plex.mydomain.org"

    nexcloud_route:
      entryPoints:
      - "web"
      - "web-secure"
      middlewares:
      - secure_mw
      service: nextcloud_service
      rule: "Host(`rs.mydomain.org`)"
      tls:
        certResolver: le
        domains:
        - main: "rs.mydomain.org"

  services:
    plex_service:
      loadBalancer:
        servers:
        - url: "http://192.168.1.32:32400/"
    nextcloud_service:
      loadBalancer:
        servers:
        - url: "http://192.168.1.32:9080/"
  middlewares:
    secure_mw:
      redirectScheme:
        scheme: https

Since your config is working in Docker, I can only assume that it’s correct. It might be some kind of networking issue.
My service-containers don’t have IPs (I’m running all containers rootless) but if yours do have IPs you could try to use the container IPs instead of the host IP.