Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Traefik to proxy Edge agent traffic on :8000 to portainer #25

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

robdyke
Copy link

@robdyke robdyke commented Nov 18, 2020

Fix for #24

  • added Traefik listener on :8000
  • added TCP router to Portainer on :8000

@deviantony deviantony requested a review from xe-nvdk November 19, 2020 01:35
Copy link
Contributor

@xe-nvdk xe-nvdk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi. Thank you for this contribution. I'm not sure about the idea of exposing the port 8000 directly. Have you problems with the current compose to connect Portainer with an Edge endpoint?

@robdyke
Copy link
Author

robdyke commented Nov 19, 2020

Hi @xe-nvdk This doesn't expose portainer:8000 to the interwebs, it exposes traefik:8000 which routes the TCP to portainer.

(yes, I've had trouble setting up portainer + edge with HTTPS only exposed)

@xe-nvdk
Copy link
Contributor

xe-nvdk commented Nov 19, 2020

Hi @xe-nvdk This doesn't expose portainer:8000 to the interwebs, it exposes traefik:8000, which routes the TCP to portainer.

(yes, I've had trouble setting up portainer + edge with HTTPS only exposed)

What problems you had?

Can you make an RP with an alternative name of the file? My idea is have have both options and users pick what fits best for them.

@xe-nvdk xe-nvdk self-assigned this Nov 19, 2020
Copy link
Contributor

@xe-nvdk xe-nvdk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please provide this configuration in another file to maintain both versions. Thank you.

@robdyke
Copy link
Author

robdyke commented Dec 10, 2020

@xe-nvdk happy with this PR?

@xe-nvdk xe-nvdk removed their assignment Dec 10, 2020
@xe-nvdk
Copy link
Contributor

xe-nvdk commented Dec 10, 2020

Looks good to me. Because I'm not part of the Portainer team anymore. Let's wait for them to merge this PR.

# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=websecure"
- "traefik.http.services.edge.loadbalancer.server.port=8000"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Port here should be 9000. Edge agent wants to access the api and port 8000 which is routed by the TCP router below. I had to change the https edge vhost to 9000 to be able to associate it with the portainer server. I still cannot browse the egde endpoint but at least it is associated. With the https router pointing to 8000 (the same with tcp router) the association didn't work.

- "traefik.http.routers.edge.tls.certresolver=leresolver"

# Edge agent service routed by Traefik
- "traefik.tcp.routers.edgeagent.rule=Host(`edge.yourdomain.com`)"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Host rule should be changed to HostSNI otherwise traefik throws an error about "unknown rule".

traefik/traefik#5016

@deviantony
Copy link
Member

Trying to figure out what do we need to make progress on this one, it seems that @baskinsy requested some changes that would need to be added here, would you agree @robdyke ?

Also keen to get your opinion on that one too @xe-nvdk :)

@robdyke
Copy link
Author

robdyke commented Jan 19, 2021 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants