Podman + traefik

barn · November 13, 2019, 3:03pm

I want to move from docker to podman, but I am having trouble migrating images that rely on the docker.sock to podman’s varlink.

After enabling varlink, I am swapping out the docker.sock with podman.io path, but no luck.

Here is podman man page:
https://www.mankier.com/1/podman-varlink

Here is the traefik documentation:
https://hub.docker.com/_/traefik

Here is the original run command:

docker run -d -p 8080:8080 -p 80:80
-v $PWD/traefik.yml:/etc/traefik/traefik.yml
-v /var/run/docker.sock:/var/run/docker.sock
traefik:v2.0

What is the correct method to replace the docker.sock host path with the podman’s API? Or am I going about this the wrong way?

At the end of the day I want to run jwilder or traefik on podman. Help appreciated!

qulogic · November 14, 2019, 12:29am

There is no Docker socket equivalent in Podman because there is no daemon to connect to. It doesn’t seem like it’s really required for Traefik though; it’s only used for automatic container discovery. But if you do need that, then you could follow this issue:
https://github.com/containous/traefik/issues/5730

heliopath · November 19, 2019, 10:28am

You can use the file-provider instead of the Docker-provider. This means doing the configuration in an old-fashioned config file and is less flexible but perfectly doable for a small/static setup: File - Traefik

barn · January 10, 2020, 3:42am

I was not able to get Traefik working via Podman using File configuration, though my File config works fine on Docker. Have you had successful experience with Podman + Traefik?

heliopath · January 10, 2020, 1:59pm

Yes, I’m running Podman + Traefik and it’s working.

barn · January 10, 2020, 7:05pm

Maybe you can help me troubleshoot?

If I swap out “podman” with “docker” the following scripts appear to work fine. However, when using podman, i get “404 page not found” when navigating to my URLs. Can you point out something I need to correct?

sudo podman run -d \
    -p 8080:8080 \
    -p 80:80 \
    -p 443:443 \
    -v ~/Documents/containers/traefik/runtime/etc_traefik/:/etc/traefik/ \
    --name traefik \
    traefik:v2.0

Static config file:

global:
  checkNewVersion: true

log:
  level: "DEBUG"
  filePath: "/etc/traefik/log-file.log"

accessLog:
  filePath: "/etc/traefik/log-access.log"
  bufferingSize: 100

api:
  insecure: true

entryPoints:
  web:
    address: ":80"
  web-secure:
    address: ":443"

providers:
  file:
    filename: /etc/traefik/traefik-dynamic.yml
    watch: true

certificatesResolvers:
  le:
    acme:
      email: email@gmail.com
      storage: acme.json
      httpChallenge:
        entryPoint: web

Dynamic file:

http:
  routers:
    plex_route:
      entryPoints:
      - "web"
      - "web-secure"
      middlewares:
      - secure_mw
      service: plex_service
      rule: "Host(`plex.mydomain.org`)"
      tls:
        certResolver: le
        domains:
        - main: "plex.mydomain.org"

    nexcloud_route:
      entryPoints:
      - "web"
      - "web-secure"
      middlewares:
      - secure_mw
      service: nextcloud_service
      rule: "Host(`rs.mydomain.org`)"
      tls:
        certResolver: le
        domains:
        - main: "rs.mydomain.org"

  services:
    plex_service:
      loadBalancer:
        servers:
        - url: "http://192.168.1.32:32400/"
    nextcloud_service:
      loadBalancer:
        servers:
        - url: "http://192.168.1.32:9080/"
  middlewares:
    secure_mw:
      redirectScheme:
        scheme: https

heliopath · January 11, 2020, 7:58am

Since your config is working in Docker, I can only assume that it’s correct. It might be some kind of networking issue.
My service-containers don’t have IPs (I’m running all containers rootless) but if yours do have IPs you could try to use the container IPs instead of the host IP.

paravz · February 4, 2020, 8:00am

try full path for volume mount, ie -v $PWD/Documents/containers/traefik/runtime/etc_traefik/:/etc/traefik/

barn · February 16, 2020, 3:36am

Sorry for late reply. I had got this working awhile back. I did end up identifying some syntax errors in the traefik dynamic file. I noticed this because even the docker implementation had some random errors. After making the correction to the routes, i got this working just fine in podman. Specifically, i had to create separate routes for “web” and “web-secure”, so there were two routes, instead of just one route.

fins · September 18, 2020, 2:30pm

I’m also struggling with Traefik and Podman setup.
Can you post your complete working traefik confirguration static + dynamic?

barn · September 19, 2020, 10:27pm

Sure.
I did a bunch of find-and-replace on this output, so let me know if you need clarification on any varaibles that might mismatch, but i think i got them all replaced correctly.
These files show an example of two https services, and a UDP service (used for VPN routing).

Here is static:

global:
  checkNewVersion: true

log:
  level: "DEBUG"
  filePath: "/etc/traefik/log-file.log"

accessLog:
  filePath: "/etc/traefik/log-access.log"
  bufferingSize: 100

api:
  insecure: true

entryPoints:
  web:
    address: ":80"
  web-secure:
    address: ":443"
  other:
    address: ":50001/udp"

providers:
  file:
    filename: /etc/traefik/traefik-dynamic.yml
    watch: true

certificatesResolvers:
  le:
    acme:
      email: REMOVED
      storage: acme.json
      httpChallenge:
        entryPoint: web

And the dynamic file contents:

http:
  routers:

    SERVICEONE_route:
      entryPoints:
      - "web"
      middlewares:
      - secure_mw
      service: SERVICEONE_service
      rule: "Host(`SERVICEONE.mydomain1`,`SERVICEONE.mydomain2`)"
    SERVICEONE_route_secure:
      entryPoints:
      - "web-secure"
      service: SERVICEONE_service
      rule: "Host(`SERVICEONE.mydomain1`,`SERVICEONE.mydomain2`)"
      tls:
        certResolver: le

    SERVICETWO_route:
      entryPoints:
      - "web"
      middlewares:
      - secure_mw
      service: SERVICETWO_service
      rule: "Host(`rs.mydomain1`,`rs.mydomain2`)"
    SERVICETWO_route_secure:
      entryPoints:
      - "web-secure"
      service: SERVICETWO_service
      rule: "Host(`rs.mydomain1`,`rs.mydomain2`)"
      tls:
        certResolver: le

  services:
    SERVICEONE_service:
      loadBalancer:
        servers:
        - url: "http://192.168.1.3:32400/"
    SERVICETWO_service:
      loadBalancer:
        servers:
        - url: "http://192.168.1.3:9088/"

  middlewares:
    secure_mw:
      redirectScheme:
        scheme: https
    
udp:
  routers:
    wg_route:
      service: wg_service
  services:
    wg_service:
      loadbalencer:
        servers:
        - address: "192.168.1.3:50001"

fins · September 20, 2020, 3:36pm

I also did a bunch of find-and-replace without any success but it works with your configuration .
Thanks a lot!
The only issue I had was a DNS timeout with letsencrypt but I guess it has to do with the dnsname plugin from Podman. For now I solved it with a manual entry in my dnsmasq configuration.

Topic		Replies	Views
[SOLVED] How to install correctly docker-compose? Project Discussion silverblue-team	7	5032	May 28, 2019
[SilverBlue] Configure Podman to export a socket on Kinoite f39? Ask Fedora silverblue-team , kinoite-team , flatpak , f39 , kinoite , silverblue	2	6796	March 6, 2024
How do I setup Podman inside a container to talk to Podman on the host? Project Discussion containers-sig	2	1547	November 20, 2019
Podman run wrapper for common integration use cases Project Discussion silverblue-team	0	1164	June 11, 2019
[Silverblue] How do flatpaks (eg. Pycharm Pro) access podman sockets? Ask Fedora silverblue-team , kinoite-team , podman , flatpak , ide , f39 , server , silverblue	3	643	November 23, 2024

Podman + traefik

Related topics