Trouble self hosting with Traefik in Docker Swarm

[nkamenar]

Update: I figured out the problem and fixed the configuration in this message as a reference for anyone trying to set this up in a swarm in the future.

Original Question:
Ok I have been trying to get this running for hours and while I feel I am very close I just can't seem to get the front end communicating with the backend. It appears that your docker image for the backend doesn't support linux environments so I had to pull the repo and build/publish to dockerhub myself so that is why the backend is not from the official repo. Please let me know if there is an official image for linux.

Anyway, I am uploading my full compose file and env in their current state. They have gone through many iterations but I am hoping someone can point out what I have misconfigured to get the front end talking to the back end. I am including my secrets here because I plan to change them again once I get this actually working anyway.

# Compose File
services:
  scrumlr-backend:
    image: lucrin/scrumlr-server:${SCRUMLR_BACKEND_VERSION:-3.10.2}
    networks:
      - scrumlr_internal
      - traefik_external
    env_file:
      - /mnt/pve/cephfs-volumes/env_files/scrumlr/scrumlr.env
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - traefik.enable=true
        - traefik.http.routers.scrumlr-backend.entrypoints=http
        - traefik.http.routers.scrumlr-backend.rule=Host(`retro.mydomain.com`) && PathPrefix(`/api`)
        - traefik.http.middlewares.scrumlr-api-https.redirectscheme.scheme=https
        - traefik.http.routers.scrumlr-backend.middlewares=scrumlr-api-https
        - traefik.http.routers.scrumlr-backend-secure.entrypoints=https
        - traefik.http.routers.scrumlr-backend-secure.rule=Host(`retro.mydomain.com`) && PathPrefix(`/api`)
        - traefik.http.routers.scrumlr-backend-secure.tls=true
        - traefik.http.routers.scrumlr-backend-secure.tls.certresolver=cloudflare
        - traefik.http.routers.scrumlr-backend-secure.service=scrumlr-backend
        - traefik.http.services.scrumlr-backend.loadbalancer.server.port=8080
        - traefik.swarm.network=traefik_external

  scrumlr-frontend:
    image: ghcr.io/inovex/scrumlr.io/scrumlr-frontend:${SCRUMLR_FRONTEND_VERSION:-3.10.2}
    networks:
      - scrumlr_internal
      - traefik_external
    env_file:
      - /mnt/pve/cephfs-volumes/env_files/scrumlr/scrumlr.env
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - traefik.enable=true
        - traefik.http.routers.scrumlr.entrypoints=http
        - traefik.http.routers.scrumlr.rule=Host(`retro.mydomain.com`)
        - traefik.http.middlewares.scrumlr-https-redirect.redirectscheme.scheme=https
        - traefik.http.routers.scrumlr.middlewares=scrumlr-https-redirect
        - traefik.http.routers.scrumlr-secure.entrypoints=https
        - traefik.http.routers.scrumlr-secure.rule=Host(`retro.mydomain.com`)
        - traefik.http.routers.scrumlr-secure.tls=true
        - traefik.http.routers.scrumlr-secure.tls.certresolver=cloudflare
        - traefik.http.routers.scrumlr-secure.service=scrumlr-frontend
        - traefik.http.services.scrumlr-frontend.loadbalancer.server.port=8080
        - traefik.swarm.network=traefik_external

  scrumlr-postgres:
    image: postgres:${POSTGRES_VERSION:-16}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
      - scrumlr_internal
    env_file:
      - /mnt/pve/cephfs-volumes/env_files/scrumlr/scrumlr.env
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U '${POSTGRES_USER:-scrumlr}' -d '${POSTGRES_DB:-scrumlr}'"]
      interval: 10s
      timeout: 5s
      retries: 5
    deploy:
      restart_policy:
        condition: on-failure

  scrumlr-nats:
    image: nats:${NATS_VERSION:-2.10.24}
    networks:
      - scrumlr_internal
    deploy:
      restart_policy:
        condition: on-failure

volumes:
  postgres_data:

networks:
  scrumlr_internal:
    driver: overlay
  traefik_external:
    external: true

############################
# VERSIONS
############################
SCRUMLR_BACKEND_VERSION=3.10.2
SCRUMLR_FRONTEND_VERSION=3.10.2
POSTGRES_VERSION=16

############################
# NETWORK / HOST SETTINGS
############################
SCRUMLR_SERVER_URL=https://retro.mydomain.com/api
SCRUMLR_WEBSOCKET_URL=wss://retro.mydomain.com/api
SCRUMLR_BASE_PATH=/api
SCRUMLR_INSECURE=true
SCRUMLR_LISTEN_PORT=8080
SCRUMLR_SERVER_PORT=8080

############################
# DATABASE
############################
POSTGRES_DB=scrumlr
POSTGRES_USER=scrumlr
POSTGRES_PASSWORD=Lp4OGOu42xLXXzymmH3msC69KhJ6bBrrB4Ce5TvU04lzmIQz7WYj7eL7bLfeiFPK

SCRUMLR_SERVER_DATABASE_URL=postgres://scrumlr:Lp4OGOu42xLXXzymmH3msC69KhJ6bBrrB4Ce5TvU04lzmIQz7WYj7eL7bLfeiFPK@scrumlr-postgres:5432/scrumlr?sslmode=disable

############################
# NATS
############################
SCRUMLR_SERVER_NATS_URL=nats://scrumlr-nats:4222

############################
# SECRETS (generate securely)
############################
SESSION_SECRET=7hki4LPrHwiY8DE0wfe8LSe4OuyTnsDUkPJGX73IWjwjcKqlCT0i3Hfc7FtZch8r
SCRUMLR_PRIVATE_KEY="-----BEGIN EC PRIVATE KEY-----\nMIHcAgEBBEIBoXcQg84Db9135HsDx0tj3FMg0ZrGkJDVAmmRvZ4cVUT9AFW0NTqX\nguxdxBd82Y0xhnw2kr6/YPQQiSUEXWLuDRygBwYFK4EEACOhgYkDgYYABAF9rvoj\njFyR9VY9g0/Q2uI44aCO5UpvKZXxZhVn65zGvADuFan4X/8orPkBxt8jcsjK2WqP\nXLUpCQXNXh56zmsYUQDUObw5b8ak88SJeYY8mbVWn2qbVsJGEEAMyfsB4bprLvEM\nxjiesliv5NdEcIEtVN+eyZJ9jtdfz7G2iGtZjCDVSg==\n-----END EC PRIVATE KEY-----\n"

############################
# OTHER UI/TELEMETRY
############################
SCRUMLR_SHOW_LEGAL_DOCUMENTS=false
SCRUMLR_ANALYTICS_DATA_DOMAIN=
SCRUMLR_ANALYTICS_SRC=
SCRUMLR_CLARITY_ID=

SCRUMLR_ENABLE_EXPERIMENTAL_AUTH_FILE_SYSTEM_STORE=false

Thanks for any help!

[Planlos5000]

Hey @nkamenar,
thanks for your post. I try to help you but I haven't used docker swarm.
I think it should work if you set the SCRUMLR_SERVER_URL to /api and don't set the websocket env var.
Maybe also have a look at this deployment which uses traefik but with kubernetes.
I hope this helps, if not please let us know.

[nkamenar]

I actually figured this out last night. I needed to change a couple of the URLs and the private key had an extra character in it in the env file. The more critical mistake I made without realizing it is I didn't realize the root Dockerfile in the source is actually for the frontend app not the server so I had actually accidentally pushed that to my registry thinking it was the server. After I figured out there is a separate Dockerfile to push the server in the server folder and got the correct build pushed I started making steady progress.

I have this working now, and I updated the config in my original message as a drop in template for anyone wanting to use this with traefik in docker swarm for the future. Just change the domain name to whatever you want and the rest should "just work". Obviously once you confirm it's working you should regenerate all the sensitive bits in the env file following the official docs.