How to route with Traefik a docker (swarm) container needs a port to context of a host url like /myapp?

Question

My configuration is Docker Swarm.

MyWebApp is running within a Container and has access to Port 8100.

For some reasons i need that URL access is not using Port but using URL context like myhost.com/mywebapp.

Routing should be done by Traefik.

I tried using Path, PathPrefix, PathPrefixStrip, used configuring Traefik, in any case same Result, i can only access to MyWebApp giving the Port in the URL not possible to use the context /mywebapp.

#startscript.sh

docker swarm init
docker network create -d overlay proxy
docker stack deploy -c docker-compose.traefik.yml traefik
docker stack deploy -c docker-compose.webapps.yml webapps

---

traefik.toml

accessLogsFile = "/dev/stdout"

logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
#    [entryPoints.http.redirect]
#    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
      CertFile = "/run/secrets/cert.pem"
      KeyFile = "/run/secrets/key.pem"

[web]
address = ":8085"

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "myhost.com"
watch = true
swarmmode = true
exposedbydefault = false

[file]

---

docker-compose-traefik.yml

version: '3.3'

networks:
  proxy:
    external:
      name: proxy

configs:
  traefik_toml_v2:
    file: ./traefik.toml

secrets:
  traefik_cert:
    file: ./tls/cert.pem
  traefik_key:
    file: ./tls/key.pem

services:
  traefik:
    image: traefik
    deploy:
      replicas: 2
      placement:
        constraints:
        - node.role == manager
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    networks:
    - proxy
    ports:
    - target: 80
      protocol: tcp
      published: 80
      mode: ingress
    - target: 443
      protocol: tcp
      published: 443
      mode: ingress
    - target: 8085
      protocol: tcp
      published: 8085
      mode: ingress
    configs:
    - source: traefik_toml_v2
      target: /etc/traefik/traefik.toml
      mode: 444
    secrets:
    - source: traefik_cert
      target: cert.pem
      uid: "0"
      mode: 400
    - source: traefik_key
      target: key.pem
      uid: "0"
      mode: 400

---

docker-compose-webapps.yml

version: '3.3'

networks:
  proxy:
    external: true
  net:
    driver: overlay
    attachable: true

services:
  whoami:
    image: emilevauge/whoami
    networks:
    - proxy
    deploy:
      replicas: 2
      resources:
        limits:
          memory: 1G
      labels:
#This is working - i can access with: http://myhost/whoami
      - traefik.frontend.rule=PathPrefixStrip:/whoami
      - traefik.docker.network=proxy
      - traefik.port=80
      - traefik.enable=true

  mywebapp:
    image: myregistry/myrepos:my_image
    networks:
    - proxy
    - net
    ports:
    - 8100:8100
    volumes:
    - ~/dev/myconf:/home/developer/dev/myconf 
    command: mywebapp.bin --http-address=0.0.0.0 --http-port=8100
    deploy:
      replicas: 2
      resources:
        limits:
          memory: 1G
      labels:
      - traefik.enable=true
#This is NOT working - i canNOT access with: http://myhost/webapp
#Access is only possible with: http://myhost:8100
#WHAT I HAVE TO DO THAT i can forward/redirect http://myhost:8100 to http://myhost/webapp????
#      - traefik.frontend.rule=Host:myhost.com;Path:/mywebapp
#      - traefik.port=8100
#I tried both, with servicename and without servicename, in both cases access to http://myhost/webapp is not possible, only to http://myhost:8100
      - traefik.webapps_mywebapp.frontend.rule=Host:myhost.com;Path:/mywebapp
      - traefik.webapps_mywebapp.port=8100
      - traefik.docker.network=proxy

Answer 1

I'm going to take a jab at this.

To start, you opened up the docker container ports to outside connections:

ports:
  - 8100:8100

This is why you can access the URL through the port. So when you are accessing it through http://url:8100, you're actually bypassing traefik and connecting to the container directly.

If you setup it up as an EXPOSE instead, this should only open up to just the docker network.

expose:
  - "8100"

(Reference this link here: What is the difference between docker-compose ports vs expose)

Now on to your Traefik connection issue, one reason I see why you can't access is because you have the wrong frontend rule:

labels:    
  - traefik.frontend.rule=Host:myhost.com;Path:/mywebapp

Having a Host rule will require you to add extra information into the header of the request. You can't just call the URL alone.

For Path, I'm not sure what that does, but for me it just sends a 404.

What you need is setting PathPrefixStrip as the only frontend rule:

labels:    
  - traefik.frontend.rule=PathPrefixStrip:/mywebapp

I ran into the same issue. Here is an example of a docker-compose chunk that worked for me:

cherrypy-helloworld:
  build:
    dockerfile: cherrypy_helloworld.Dockerfile
  expose:
    - "8080"
  volumes:
    - $PWD/cherrypy_helloworld:/pyapp
  labels:
    - traefik.frontend.rule=PathPrefixStrip:/apitest
    - traefik.enable=true

Hope this helps.