As my migration to Traefik v2 continues I am finding a few apps that need a little extra TLC to make work, in this case the Unifi controller software.
Due to the fact that Unifi runs on port
8443 inside the container and expects TLS a couple of extra parameters were required. Here's the relevant
As always, you can find full example code at github.com/ironicbadger/infra.
--- version: "2" services: traefik: image: traefik container_name: tr volumes: - /opt/appdata/traefik:/etc/traefik - /var/run/docker.sock:/var/run/docker.sock:ro ports: - 80:80 - 443:443 environment: - [email protected] - CLOUDFLARE_API_KEY=123 restart: unless-stopped unifi: image: linuxserver/unifi-controller container_name: unifi volumes: - /opt/appdata/unifi:/config labels: - traefik.enable=true - traefik.http.routers.ubiq.rule=Host(`unifi.123.cloud`) - traefik.http.routers.ubiq.entrypoints=websecure - traefik.http.routers.ubiq.tls=true - traefik.http.routers.ubiq.tls.certresolver=cloudflare - traefik.http.services.ubiq.loadbalancer.server.scheme=https - traefik.http.services.ubiq.loadbalancer.server.port=8443 ports: - 8080:8080 - 3478:3478/udp environment: - PUID=1313 - PGID=1313 - TZ=America/New_York restart: unless-stopped
In particular, the two magic lines of additional configuration were:
- traefik.http.routers.ubiq.tls=true - traefik.http.services.ubiq.loadbalancer.server.scheme=https
For configuration of Traefik itself I use a config file instead of labels, that is available here. Note that for Unifi, because it is over https on
8443, we will need to add a couple of lines to the configuration in
serversTransport: insecureSkipVerify: true
Once you have those 4 lines of configuration added, you're good to go. That's it.
Traefik is just so straightforward, it is amazing and I love it! If there's one thing I wish it did better it would be logging. At present it is too opaque and debugging errors like these is like solving the DaVinci code!