Dokploy
Services deployed via Dokploy Inaccessible After Customizing Traefik Ports via Environment Variables
To Reproduce
- Customize the
TRAEFIK_PORTandTRAEFIK_SSL_PORTenvironment variables as per the instructions in #130 . - Restart the relevant services.
- Attempt to access the services through Traefik.
Current vs. Expected behavior
Expected Behavior The services should be accessible through the customized ports without any issues.
Actual Behavior All reverse-proxied services become inaccessible.
Provide environment information
Dokploy Version: v0.13.1
Which area(s) are affected? (Select all that apply)
Traefik
Are you deploying the applications where Dokploy is installed or on a remote server?
Same server where Dokploy is installed
Additional context
After following the guidance from Issue #130 to customize the environment variables TRAEFIK_PORT and TRAEFIK_SSL_PORT, all services reverse-proxied through Traefik become inaccessible. We need to discuss whether a general solution should be provided in Dokploy to resolve this issue.
Will you send a PR to fix it?
Maybe, need help
I also encountered a similar problem, the log is as follows:
2024-12-09T01:42:50Z ERR error="service \"dokploy-traefik\" error: port is missing" container=dokploy-traefik-wh0bwrkcdizfnoctwu65iqx4b providerName=swarm Connection closed! Reason:
I see that it doesn't work, I don't know if it is due to the migration that we had done from traefik 2.5 to 3.10, I was playing for a couple of hours but it doesn't seem to work, I think I will need more time to check this.
I seem to have encountered the same problem. I could access it before, but since the upgrade, accessing through the domain name only returns 404 page not found. I am not sure whether it is a problem with my configuration or a problem with dokploy.
I got it working with the following script, which changes port 80 -> 81 and port 443 -> 444:
EDIT: Did not work (see edit for the old non-working code)
@Siumauricio happy to make a pull request + update the docs if needed ^
I've made the pull request on the Dokploy/Website repository :)
- https://github.com/Dokploy/website/pull/14
@nktnet1 Reviewing carefully the script, why does it assign the https and http port to the dokploy container? when it has nothing to do and the one that should have the exposed port should be the dokploy-traefik container, if you can give details to understand it would be great, I tried the script but it does not work, because if you assign the port 81 and 444 for example it will be assigned to the dokploy container and not to traefik which is who balances the services.
hmm yeah my bad, I did it in a rush and thought it was working, but turns out not (and doesn't make much sense either). Traefik was basically stopped from starting and through some of my old configurations from coolify, it happened to work. Will spend some time investigating after the holidays - sorry for the confusion ^.
I am on the same boat.
Hopefully I'll give you an idea if I specify my scenario!
I installed dokploy in a brand new VPS (Hetzner) and I just setup a project with one service via the Compose option.
Deployment goes fine and accessing the naked IP in the browser works under the port I setup in the docker-compose.yml file .
Now the issue: when trying to access via a custom domain I get the same 404 behaviour described above.
I have tried different ports (3000, 5058, 8000) without success.
I checked the traefik config and it has the ports 80 and 443 as you can see below
providers:
swarm:
exposedByDefault: false
watch: false
docker:
exposedByDefault: false
file:
directory: /etc/dokploy/traefik/dynamic
watch: true
entryPoints:
web:
address: ':80'
websecure:
address: ':443'
http:
tls:
certResolver: letsencrypt
api:
insecure: true
certificatesResolvers:
letsencrypt:
acme:
email: [email protected]
storage: /etc/dokploy/traefik/dynamic/acme.json
httpChallenge:
entryPoint: web
I am not an expert on this matter at all but I am open to help,
PS: awesome tool! thanks for making it happen @Siumauricio !
I am out of carrots here...
I have been trying to debug this thing for days and I feel it is something stupid but I just can't see it.
- I can access the dokploy UI via the domain
https://dokploy.mydomain.comwithout a problem - I can access my service via
http://MY_SERVER_IP:5058without issue - I cannot access my service via
https://staging.mydomain.comI keep getting 404.
One weird thing though is the when I click the Preview compose button I get my docker-compose-dokploy.yml file to the dot except for the traefik configuration, it is like tripled, not sure if that might be part of the issue or if it is just how dokploy is showing it to me.
If anyone could share any thoughts on this, it would be greatly appreciated.
Allow me to share my config:
Original docker-compose-dokploy.yml in my code base:
services:
postgres:
image: postgres
restart: always
env_file:
- .env
healthcheck:
test: ["CMD-SHELL", "sh -c 'pg_isready -U ligaconquis'"]
interval: 30s
timeout: 3s
retries: 3
volumes:
- postgres_data:/var/lib/postgresql/data/
networks:
- dokploy-network
website:
restart: always
build: .
command: bash -c "make docker-setup && gunicorn --threads 4 --workers=4 ligaconquis.wsgi -b 0.0.0.0:${DOKPLOY_DOCKER_PORT} --timeout=600"
env_file:
- .env
healthcheck:
test: ["CMD-SHELL", "curl --head --request GET $DJANGO_BASE_URL/status/ | grep '200 OK'"]
interval: 30s
timeout: 5s
retries: 3
volumes:
- media:/ligaconquis/media
ports:
- ${DOKPLOY_DOCKER_PORTS}
depends_on:
postgres:
condition: service_healthy
networks:
- dokploy-network
labels:
- "traefik.enable=true"
- "traefik.http.routers.${CONTAINER_NAME}.rule=Host(`${DJANGO_BASE_URL}`)"
- "traefik.http.routers.${CONTAINER_NAME}.entrypoints=websecure"
- "traefik.http.routers.${CONTAINER_NAME}.tls.certResolver=letsencrypt"
- "traefik.http.services.${CONTAINER_NAME}.loadbalancer.server.port=${DOKPLOY_DOCKER_PORT}"
volumes:
postgres_data:
media:
networks:
dokploy-network:
external: true
Preview Compose button returns this:
services:
postgres:
image: postgres
restart: always
env_file:
- .env
healthcheck:
test:
- CMD-SHELL
- sh -c 'pg_isready -U ligaconquis'
interval: 30s
timeout: 3s
retries: 3
volumes:
- postgres_data:/var/lib/postgresql/data/
networks:
- dokploy-network
website:
restart: always
build: .
command: bash -c "make docker-setup && gunicorn --threads 4 --workers=4 ligaconquis.wsgi -b 0.0.0.0:${DOKPLOY_DOCKER_PORT} --timeout=600"
env_file:
- .env
healthcheck:
test:
- CMD-SHELL
- curl --head --request GET $DJANGO_BASE_URL/status/ | grep '200 OK'
interval: 30s
timeout: 5s
retries: 3
volumes:
- media:/ligaconquis/media
ports:
- ${DOKPLOY_DOCKER_PORTS}
depends_on:
postgres:
condition: service_healthy
networks:
- dokploy-network
labels:
- traefik.enable=true
- traefik.http.routers.${CONTAINER_NAME}.rule=Host(`${DJANGO_BASE_URL}`)
- traefik.http.routers.${CONTAINER_NAME}.entrypoints=websecure
- traefik.http.routers.${CONTAINER_NAME}.tls.certResolver=letsencrypt
- traefik.http.services.${CONTAINER_NAME}.loadbalancer.server.port=${DOKPLOY_DOCKER_PORT}
- traefik.http.routers.ligaconquistador-staging-m7ti5h-1-web.rule=Host(`staging.mydomain.com`)
- traefik.http.routers.ligaconquistador-staging-m7ti5h-1-web.entrypoints=web
- traefik.http.services.ligaconquistador-staging-m7ti5h-1-web.loadbalancer.server.port=5058
- traefik.http.routers.ligaconquistador-staging-m7ti5h-1-web.service=ligaconquistador-staging-m7ti5h-1-web
- traefik.http.routers.ligaconquistador-staging-m7ti5h-1-web.middlewares=redirect-to-https@file
- traefik.http.routers.ligaconquistador-staging-m7ti5h-1-websecure.rule=Host(`staging.mydomain.com`)
- traefik.http.routers.ligaconquistador-staging-m7ti5h-1-websecure.entrypoints=websecure
- traefik.http.services.ligaconquistador-staging-m7ti5h-1-websecure.loadbalancer.server.port=5058
- traefik.http.routers.ligaconquistador-staging-m7ti5h-1-websecure.service=ligaconquistador-staging-m7ti5h-1-websecure
- traefik.http.routers.ligaconquistador-staging-m7ti5h-1-websecure.tls.certresolver=letsencrypt
volumes:
postgres_data: null
media: null
networks:
dokploy-network:
external: true
Note on the above:
- The
loadbalancer.server.portis5058where my service runs - As you can see the
traefikconfig is kinda weird, right?
Domain configured in my service (not working - 404 behaviour both http & https):
Although I see the request goes to the right IP and for what I understand port:
Domain configured for Dokploy (perfectly working):
Dokploy's traefik Config (/etc/dokploy/traefik/traefik.yml):
providers:
swarm:
exposedByDefault: false
watch: false
docker:
exposedByDefault: false
file:
directory: /etc/dokploy/traefik/dynamic
watch: true
entryPoints:
web:
address: ':80'
websecure:
address: ':443'
http:
tls:
certResolver: letsencrypt
api:
insecure: true
certificatesResolvers:
letsencrypt:
acme:
email: [email protected]
storage: /etc/dokploy/traefik/dynamic/acme.json
httpChallenge:
entryPoint: web
My domain's DNS configuration:
And the deploy settings (no issues in the logs and the service is running as expected):
I hope someone can help debug the issue.
Thanks!
Getting the same issue deploying this repo: https://github.com/Render-AI/hatchet-docker-compose with the yaml file docker-compose-hatchet.production.yaml.
Instructions about mapping ports are unclear in the docs. Running docker-compose -f docker-compose-hatchet.dev.yaml up runs this app (Hatchet) on port 8080, through a Caddy proxy. One would expect that exposing via a traefik domain like so would be enough to access it:
But it doesn't seem to work.
I updated exposedByDefault from false to true
now I can access services from custom domain.
note: if service exposes to port 80, it wont work
docker:
exposedByDefault: true
I'm using v0.21.8, and after adding more than one additional port mapping to the traefik settings, it goes down.
Also, any environment variables configured are flushed if you add any port mapping or even if you enable the dashboard through menu options.
I updated
exposedByDefaultfromfalsetotruenow I can access services from custom domain.note: if service exposes to port 80, it wont work
docker: exposedByDefault: true
Thanks this has worked for me, though still under domains I can't validate certificate but yeah it works, thanks!
