Background: I have Traefik3 running in front of 12+/- containers all accessible correctly. DNS is provided by Adguard home for internal apps and cloudflared tunnel for external. All that works fine. Server is Ubuntu 22.04.4 LTS, docker version 27.2.1.
Today I am setting up some new machines and decided I wanted to run syncthing to push config from my dev server to my live server etc., followed the documentation, and got syncthing running fine. However the GUI is only accessible from 127.0.0.1 and all of my machines are headless ubuntu servers. So I need a reverse proxy, easy.
Based on my other traefik rules I put the following router together:
http:
routers:
sync:
entryPoints:
- "web"
rule: "Host(`sync.my-domain.tld`)"
service: "sync"
services:
sync:
loadbalancer:
servers:
- url: http://127.0.0.1:8384
This creates a router that shows up as healthy in the traefik dashboard and points to 127.0.0.1, however navigating to sync.my-domain.tld results in a bad gateway.
On the host machine curl http://127.0.0.1:8384 returns the expected wall of html, however docker exec -it traefik wget 127.0.0.1:8384 returns wget: can't connect to remote host (127.0.0.1): Connection refused
Conclusion: traefik cannot access the host network.
I do have insecureSkipVerify: true set just incase, I have even disabled my firewall to test that possibility, but I am unsure what to try next.
Does anyone have a working config for running syncthing behind traefik3? Or see a glaring error in my code?
EDIT FOR EXTRA INFO: I should have been clearer, synthing is not running in a container, I don't like the idea of giving a container read/write access for source code for all my containers. Using a file provider and ip router traefik should be able to access services outside of docker, I have used it to point at other machines, but in this case we need to point at the host machine. And based on syncthing's setup, it has to be accessed via 127.0.0.1:8384, 192.168.0.x:8384 will not work.
Is traefik running inside a container? Then localhost doesn't not mean "the host network"; it means "the container that traefik is running in".
If syncthing is running in another container, use the name of that container for the hostname component of the url (assuming that you have either deployed your containers on a user-defined network or that you are using docker compose, which does that for you).
Whether or not you use compose, you definitely should be using a user-defined network because of the DNS service that docker provides in this situation that allows you to use container names as hostnames.
If Traefik is running inside a container and Syncthing is running on the host, then you will need to use the address of an interface on the host. The most portable way of doing this is to use the hostname host.docker.local; this will work by default for Docker on Windows and MacOS, and on Linux you can enable this by adding the following to your docker run command line:
--add-host=host.docker.internal:host-gateway
If you're using docker compose, that would look something like:
services:
alpine:
image: docker.io/alpine
extra_hosts:
- host.docker.internal=host-gateway
command:
- sleep
- inf