As my migration to Traefik v2 continues I am finding a few apps that need a little extra TLC to make work, in this case the Unifi controller software.

Due to the fact that Unifi runs on port 8443 inside the container and expects TLS a couple of extra parameters were required. Here's the relevant docker-compose snippet.

As always, you can find full example code at github.com/ironicbadger/infra.

---
version: "2"
services:
  traefik:
    image: traefik
    container_name: tr
    volumes:
      - /opt/appdata/traefik:/etc/traefik
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - 80:80
      - 443:443
    environment:
      - CLOUDFLARE_EMAIL=123@gmail.com
      - CLOUDFLARE_API_KEY=123
    restart: unless-stopped
  unifi:
    image: linuxserver/unifi-controller
    container_name: unifi
    volumes:
      - /opt/appdata/unifi:/config
    labels:
      - traefik.enable=true
      - traefik.http.routers.ubiq.rule=Host(`unifi.123.cloud`)
      - traefik.http.routers.ubiq.entrypoints=websecure
      - traefik.http.routers.ubiq.tls=true
      - traefik.http.routers.ubiq.tls.certresolver=cloudflare
      - traefik.http.services.ubiq.loadbalancer.server.scheme=https
      - traefik.http.services.ubiq.loadbalancer.server.port=8443
    ports:
      - 8080:8080
      - 3478:3478/udp
    environment:
      - PUID=1313
      - PGID=1313
      - TZ=America/New_York
    restart: unless-stopped

In particular, the two magic lines of additional configuration were:

- traefik.http.routers.ubiq.tls=true
- traefik.http.services.ubiq.loadbalancer.server.scheme=https

For configuration of Traefik itself I use a config file instead of labels, that is available here. Note that for Unifi, because it is over https on 8443, we will need to add a couple of lines to the configuration in traefik.yaml

serversTransport:
    insecureSkipVerify: true

Once you have those 4 lines of configuration added, you're good to go. That's it.

Traefik is just so straightforward, it is amazing and I love it! If there's one thing I wish it did better it would be logging. At present it is too opaque and debugging errors like these is like solving the DaVinci code!