From fe0ec9dd03cfbbdf988c196bd0bcad881a4c5cf9 Mon Sep 17 00:00:00 2001 From: pipistrello Date: Fri, 5 Jun 2026 14:46:40 +0300 Subject: [PATCH] syntax --- traefik/README.md | 17 +++++++++++++++-- traefik/docker-compose.yaml | 10 ++++++++-- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/traefik/README.md b/traefik/README.md index 8f9f7f3..376fe68 100644 --- a/traefik/README.md +++ b/traefik/README.md @@ -21,8 +21,13 @@ Replaces **nginx-proxy-manager** on serverweb. One `:443` entrypoint that does | `dynamic/passthrough.yml` | the TCP SNI-passthrough routers → Windows hosts | | `dynamic/web.yml` | HTTP routers (dashboards) + dashboard basic-auth | -Routing config lives in git and redeploys on push (file provider, `watch: true`). -`acme.json` is **not** in git — it holds private keys and persists on the host. +Config files (`traefik.yml`, `dynamic/`) are the source of truth in git, but must be +**placed on the host** at `/mnt/containers/traefik/container-data/` and mounted by +**absolute path**. Portainer GitOps runs compose with paths relative to its own +container (`/data/compose//…`), which the Docker daemon can't resolve — so relative +`./` bind mounts silently become empty dirs (`is a directory` crash loop). Keep the host +copies in sync with this repo; Traefik's `watch: true` still hot-reloads `dynamic/` when +the host files change. `acme.json` is **not** in git (private keys) and persists on the host. ## One-time host prep (serverweb) @@ -30,6 +35,14 @@ Routing config lives in git and redeploys on push (file provider, `watch: true`) mkdir -p /mnt/containers/traefik/container-data/acme touch /mnt/containers/traefik/container-data/acme/acme.json chmod 600 /mnt/containers/traefik/container-data/acme/acme.json +mkdir -p /mnt/containers/traefik/container-data/dynamic +``` + +Then copy the config from this repo onto the host (re-copy whenever they change): + +```bash +scp traefik.yml root@serverweb:/mnt/containers/traefik/container-data/traefik.yml +scp dynamic/*.yml root@serverweb:/mnt/containers/traefik/container-data/dynamic/ ``` ## Before deploying — edit diff --git a/traefik/docker-compose.yaml b/traefik/docker-compose.yaml index 0f37161..ca4a95d 100644 --- a/traefik/docker-compose.yaml +++ b/traefik/docker-compose.yaml @@ -6,13 +6,19 @@ services: # Traefik replaces nginx-proxy-manager on 80/443. Decommission NPM before # deploying this (both can't bind 80/443). UDP/443 (SMB-over-QUIC) is NOT # handled here — the router forwards UDP/443 straight to serverfile. + # + # NOTE: absolute host paths (NOT ./relative). Portainer GitOps runs compose + # with paths relative to its own container (/data/compose//...), which + # the Docker daemon can't resolve — relative mounts silently become empty + # dirs. Config files live on the host; keep them in sync with this repo's + # traefik.yml / dynamic/ (source of truth). ports: - "80:80" - "443:443" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - - ./traefik.yml:/etc/traefik/traefik.yml:ro,z - - ./dynamic:/etc/traefik/dynamic:ro,z + - /mnt/containers/traefik/container-data/traefik.yml:/etc/traefik/traefik.yml:ro,z + - /mnt/containers/traefik/container-data/dynamic:/etc/traefik/dynamic:ro,z - /mnt/containers/traefik/container-data/acme:/acme:z networks: - reverseproxy-nw