Failed to get transmission routed through traefik

homelab/README.md

@@ -1,14 +1,5 @@
-# Authentication
+# Neale's Homelab
-
-Grafana is exposed to the world. Let's hope that's safe.
-Its auth has this nice property that if you send basic-auth creds,
-it'll use that instead of presenting a login screen.
-
-Things using basic authentication:
-* traefik dashboard
-
-Things using traefik forward-authentication to grafana (you have to log in to grafana first):
-* prometheus
-* transmission
 
+This is the stuff I run on my little Raspberry Pi.
 
+I guess I fiddle around with it pretty frequently.

homelab/deploy.sh

@@ -0,0 +1,10 @@
+#! /bin/sh
+
+stack=$(basename $(pwd))
+
+cat HOSTS | while read host; do
+    echo "=== $host"
+    export FQDN=$host
+    export HOSTNAME=${host%%.*}
+    docker -H ssh://$host stack deploy -c docker-compose.yaml --prune $stack
+done

homelab/docker-compose.yaml

@@ -15,7 +15,7 @@ services:
       XXX_TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
       TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_TLSCHALLENGE: "true"
       TRAEFIK_PROVIDERS_DOCKER_SWARMMODE: "true"
-      TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false"
+      TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "true"
     ports:
       - target: 443
         published: 443
@@ -33,11 +33,10 @@ services:
         target: /acme.json
     deploy:
       labels:
-        traefik.enable: "true"
         # XXX: This HSTS stuff doesn't seem to be working
         traefik.frontend.headers.STSSeconds: "31536000"
         traefik.frontend.headers.STSPreload: "true"
-        traefik.http.routers.dashboard.rule: "Host(`$HOSTNAME`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+        traefik.http.routers.dashboard.rule: "Host(`$FQDN`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
         traefik.http.routers.dashboard.tls.certresolver: letsencrypt
         traefik.http.routers.dashboard.middlewares: forward-auth
         traefik.http.routers.dashboard.service: api@internal
@@ -49,9 +48,9 @@ services:
       - password
     deploy:
       labels:
-        traefik.enable: "true"
         traefik.http.routers.simpleauth.rule: "PathPrefix(`/`)"
         traefik.http.services.simpleauth.loadbalancer.server.port: "8080"
+
   plex:
     image: ghcr.io/linuxserver/plex:1.25.6
     networks:
@@ -82,13 +81,12 @@ services:
         target: /srv/ext/incoming
     deploy:
       labels:
-        traefik.enable: "true"
+        # This isn't going to work, because transmission binds to the host network.
-        traefik.http.routers.transmission.rule: "PathPrefix(`/transmission`)"
+        traefik.http.routers.transmission.rule: "Host(`$FQDN`) && PathPrefix(`/transmission`)"
-        traefik.http.routers.transmission.tls: "true"
-        traefik.http.routers.transmission.middlewares: forward-auth
         traefik.http.services.transmission.loadbalancer.server.port: "9091"
+
   nextcloud:
-    image: ghcr.io/linuxserver/nextcloud:23.0.0-ls168
+    image: ghcr.io/linuxserver/nextcloud:23.0.2
     environment:
       OVERWRITEPROTOCOL: https
     volumes:
@@ -109,7 +107,6 @@ services:
         target: /srv/ext/incoming
     deploy:
       labels:
-        traefik.enable: "true"
         traefik.http.routers.nextcloud.rule: "Host(`drive.woozle.org`) || PathPrefix(`/nextcloud`)"
         traefik.http.routers.nextcloud.tls: "true"
         traefik.http.routers.nextcloud.tls.certresolver: letsencrypt