CMS Version
Version 4.2.3
Installation Method
Docker
Operating System
Azure Container Instance
Issue
Traefik container start for a few minutes but then stops.
Hi,
I want to get Xibo running on Azure Container Instance with Traefik for reverse proxy / Let’s Encrypt certificate.
The Xibo docker containers are running and works without Traefi. But the Traefik container starts, but after a few minutes it stops/crashes.
I would like:
- use Traefik to use automatically renewing certifcates.
- move passwords to Azure Keyvault, remove from deployment file.
- start/stop the containers automatically
I’m new to ACI, docker, traefik.
I also tried Traefik only with whoami test docker image. That gave a the whoami page, but Traefik containter also stops and dashboard page not available.
So it’s not an Xibo issue.
Or are the other possiblities for the certifcate? Cloudflare tunnel?
Command for deployment
# Create containers - DEV
az container create --resource-group rg-container-xibo --file docker-xibo-dev.yaml
File: docker-xibo-dev.yaml
apiVersion: 2019-12-01
location: westeurope
name: xibo-<<<company>>-dev
type: Microsoft.ContainerInstance/containerGroups
identity:
type: SystemAssigned
properties:
osType: Linux
restartPolicy: Always
imageRegistryCredentials:
- server: <<<company>>itscontainerregistry.azurecr.io
username: <<<company>>itscontainerregistry
password: <<<password>>>
ipAddress:
type: Public
dnsNameLabel: <<<company>>xibo-dev
autoGeneratedDomainNameLabelScope: TenantReuse
ports:
- protocol: tcp
port: 80
- protocol: tcp
port: 9505
containers:
- name: cms-web-dev
properties:
image: <<<company>>itscontainerregistry.azurecr.io/xibo-cms:latest
environmentVariables:
- name: 'MYSQL_HOST'
value: '127.0.1:3306'
- name: 'MYSQL_USER'
value: 'cms'
- name: 'MYSQL_PASSWORD'
value: '<<<password>>>'
- name: 'XMR_HOST'
value: 'cms-xmr'
- name: 'CMS_USE_MEMCACHED'
value: 'true'
- name: 'MEMCACHED_HOST'
value: 'cms-memcached'
resources:
requests:
cpu: 1
memoryInGb: 1
volumeMounts:
- mountPath: /var/www/cms/custom
name: cms-custom-dev
- mountPath: /var/www/backup
name: cms-backup-dev
- mountPath: /var/www/cms/web/theme/custom
name: theme-custom-dev
- mountPath: /var/www/cms/library
name: cms-library-dev
- mountPath: /var/www/cms/web/userscripts
name: cms-userscripts-dev
- mountPath: /var/www/cms/ca-certs
name: cms-ca-certs-dev
- name: cms-db-dev
properties:
image: <<<company>>itscontainerregistry.azurecr.io/mysql:8.0
ports:
- port: 3306
environmentVariables:
- name: 'MYSQL_DATABASE'
value: 'cms'
- name: 'MYSQL_USER'
value: 'cms'
- name: 'MYSQL_PASSWORD'
value: '<<<password>>>'
- name: 'MYSQL_ROOT_PASSWORD'
value: '<<<password>>>'
resources:
requests:
cpu: 1
memoryInGb: 1
volumeMounts:
- mountPath: /var/lib/mysql
name: cms-db-dev
- name: cms-xmr-dev
properties:
image: <<<company>>itscontainerregistry.azurecr.io/xibo-xmr:latest
ports:
- port: 9505
resources:
requests:
cpu: 0.5
memoryInGb: 0.5
- name: cms-memcached-dev
properties:
image: <<<company>>itscontainerregistry.azurecr.io/memcached:alpine
command:
- memcached
- -m
- "15"
resources:
requests:
cpu: 0.5
memoryInGb: 0.5
- name: cms-quickchart-dev
properties:
image: <<<company>>itscontainerregistry.azurecr.io/ianw/quickchart:latest
resources:
requests:
cpu: 0.5
memoryInGb: 0.5
- name: traefik
properties:
image: <<<company>>itscontainerregistry.azurecr.io/traefik:latest
ports:
- protocol: tcp
port: 80
- protocol: tcp
port: 443
- protocol: tcp
port: 8080
command:
- "traefik"
- "--api.insecure=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--providers.file.directory=/etc/traefik"
- "--providers.file.watch=true"
- "--log.level=DEBUG"
environmentVariables:
- name: TZ
value: Europe/Amsterdam
resources:
requests:
cpu: 0.5
memoryInGb: 0.5
volumeMounts:
- mountPath: /etc/traefik
name: traefik-config-dev
volumes:
- name: cms-db-dev
azureFile:
shareName: cms-db-dev
storageAccountName: xibostorage
storageAccountKey: <<<password>>>
- name: cms-library-dev
azureFile:
shareName: cms-library-dev
storageAccountName: xibostorage
storageAccountKey: <<<password>>>
- name: cms-custom-dev
azureFile:
shareName: cms-custom-dev
storageAccountName: xibostorage
storageAccountKey: <<<password>>>
- name: cms-backup-dev
azureFile:
shareName: cms-backup-dev
storageAccountName: xibostorage
storageAccountKey: <<<password>>>
- name: theme-custom-dev
azureFile:
shareName: theme-custom-dev
storageAccountName: xibostorage
storageAccountKey: <<<password>>>
- name: cms-userscripts-dev
azureFile:
shareName: cms-userscripts-dev
storageAccountName: xibostorage
storageAccountKey: <<<password>>>
- name: cms-ca-certs-dev
azureFile:
shareName: cms-ca-certs-dev
storageAccountName: xibostorage
storageAccountKey: <<<password>>>
- name: traefik-config-dev
azureFile:
shareName: traefik-config-dev
storageAccountName: xibostorage
storageAccountKey: <<<password>>>
tags:
environment: dev
File traefik.yaml on Azure Files Share traefik-config-dev.
# Global configuration
global:
checkNewVersion: false
sendAnonymousUsage: false
# API and dashboard configuration
api:
insecure: true
dashboard: true
# Entrypoints configuration
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
dashboard:
address: ":8080"
# Provider configuration
providers:
file:
directory: "/etc/traefik"
watch: true
# HTTP configuration
http:
routers:
# Main Xibo CMS router
xibo:
rule: "Host(`<<<company>>xibo-dev.westeurope.azurecontainer.io`)"
service: "cms-web"
entryPoints:
- "web"
# XMR router
xmr:
rule: "Host(`<<<company>>xibo-dev.westeurope.azurecontainer.io`) && PathPrefix(`/xmr`)"
service: "cms-xmr"
entryPoints:
- "web"
# Traefik dashboard router
dashboard:
rule: "Host(`<<<company>>xibo-dev.westeurope.azurecontainer.io`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service: "api@internal"
entryPoints:
- "dashboard"
# QuickChart router for chart generation
quickchart:
rule: "Host(`<<<company>>xibo-dev.westeurope.azurecontainer.io`) && PathPrefix(`/chart`)"
service: "cms-quickchart"
entryPoints:
- "web"
middlewares:
- "quickchart-strip"
# Middlewares
middlewares:
quickchart-strip:
stripPrefix:
prefixes:
- "/chart"
# Services configuration
services:
cms-web:
loadBalancer:
servers:
- url: "http://cms-web-dev:80"
cms-xmr:
loadBalancer:
servers:
- url: "http://cms-xmr-dev:9505"
cms-quickchart:
loadBalancer:
servers:
- url: "http://cms-quickchart-dev:3400"
# Log configuration
log:
level: "DEBUG"
format: "common"
Part of the output on screen after executing:
az container create --resource-group rg-container-xibo --file docker-xibo-dev.yaml
{
"name": "traefik",
"properties": {
"command": [
"traefik",
"--api.insecure=true",
"--entrypoints.web.address=:80",
"--entrypoints.websecure.address=:443",
"--providers.file.directory=/etc/traefik",
"--providers.file.watch=true",
"--log.level=DEBUG"
],
"configMap": {
"keyValuePairs": {}
},
"environmentVariables": [
{
"name": "TZ",
"value": "Europe/Amsterdam"
}
],
"image": "<<<company>>containerregistry.azurecr.io/traefik:latest",
"instanceView": {
"currentState": {
"detailStatus": "CrashLoopBackOff: Back-off restarting failed",
"state": "Waiting"
},
"events": [
{
"count": 1,
"firstTimestamp": "2025-05-30T09:02:16Z",
"lastTimestamp": "2025-05-30T09:02:16Z",
"message": "pulling image \"<<<company>>containerregistry.azurecr.io/traefik@sha256:06b2f92ba6cb9fdc2de99d41c22b862f196871ad55c26269083eaef39dd4fa99\"",
"name": "Pulling",
"type": "Normal"
},
{
"count": 1,
"firstTimestamp": "2025-05-30T09:03:26Z",
"lastTimestamp": "2025-05-30T09:03:26Z",
"message": "Successfully pulled image \"<<<company>>containerregistry.azurecr.io/traefik@sha256:06b2f92ba6cb9fdc2de99d41c22b862f196871ad55c26269083eaef39dd4fa99\"",
"name": "Pulled",
"type": "Normal"
},
{
"count": 2,
"firstTimestamp": "2025-05-30T09:04:25Z",
"lastTimestamp": "2025-05-30T09:04:41Z",
"message": "Started container",
"name": "Started",
"type": "Normal"
},
{
"count": 2,
"firstTimestamp": "2025-05-30T09:04:29Z",
"lastTimestamp": "2025-05-30T09:04:47Z",
"message": "Container traefik terminated with ExitCode 1.",
"name": "Killing",
"type": "Normal"
}
],
"previousState": {
"detailStatus": "Error",
"exitCode": 1,
"finishTime": "2025-05-30T09:04:47.96Z",
"startTime": "2025-05-30T09:04:41.228Z",
"state": "Terminated"
},
"restartCount": 1
},
"ports": [
{
"port": 80,
"protocol": "TCP"
},
{
"port": 443,
"protocol": "TCP"
},
{
"port": 8080,
"protocol": "TCP"
}
],
Kind regards,
Fred