Traefik v2 and Unifi Controller in docker
As my migration to Traefik v2 continues I am finding a few apps that need a little extra TLC to make work, in this case the Unifi controller software.
Due to the fact that Unifi runs on port 8443
inside the container and expects TLS a couple of extra parameters were required. Here's the relevant docker-compose
snippet.
As always, you can find full example code at github.com/ironicbadger/infra.
---
version: "2"
services:
traefik:
image: traefik
container_name: tr
volumes:
- /opt/appdata/traefik:/etc/traefik
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 80:80
- 443:443
environment:
- CLOUDFLARE_EMAIL=123@gmail.com
- CLOUDFLARE_API_KEY=123
restart: unless-stopped
unifi:
image: linuxserver/unifi-controller
container_name: unifi
volumes:
- /opt/appdata/unifi:/config
labels:
- traefik.enable=true
- traefik.http.routers.ubiq.rule=Host(`unifi.123.cloud`)
- traefik.http.routers.ubiq.entrypoints=websecure
- traefik.http.routers.ubiq.tls=true
- traefik.http.routers.ubiq.tls.certresolver=cloudflare
- traefik.http.services.ubiq.loadbalancer.server.scheme=https
- traefik.http.services.ubiq.loadbalancer.server.port=8443
ports:
- 8080:8080
- 3478:3478/udp
environment:
- PUID=1313
- PGID=1313
- TZ=America/New_York
restart: unless-stopped
In particular, the two magic lines of additional configuration were:
- traefik.http.routers.ubiq.tls=true
- traefik.http.services.ubiq.loadbalancer.server.scheme=https
For configuration of Traefik itself I use a config file instead of labels, that is available here. Note that for Unifi, because it is over https on 8443
, we will need to add a couple of lines to the configuration in traefik.yaml
serversTransport:
insecureSkipVerify: true
Once you have those 4 lines of configuration added, you're good to go. That's it.
Traefik is just so straightforward, it is amazing and I love it! If there's one thing I wish it did better it would be logging. At present it is too opaque and debugging errors like these is like solving the DaVinci code!