Issues

As previously configured, traefik would not properly proxy any of the services in harbor due to several issues addressed by this PR.

• The seed-traefik.ts script was extracting the host (external) port instead of the container port, causing traefik to proxy port numbers that were not valid inside each container.
• The network configured for the docker provider in traefik.yml was 'traefik-public', which is invalid in a normal harbor installation, as it is not an externally defined docker network. This would cause traefik to pick randomly between the two networks each proxied container was connected to.
• The default defined entrypoint defined for each service was "web," but traefik.yml was configured to redirect all requests to websecure, which was not configured for any of the services.
• Even if the redirect in traefik.yml was commented out, previous attempts to access the specified domain via HTTPS would set HSTS for the domain in Chrome/Chromium, causing it to redirect attempts to access the services over HTTP.
• Traefik port 443, used for websecure entrypoint, was mapped to $HARBOR_TRAEFIK_METRICS_HOST_PORT.
• Metrics were not enabled in traefik.yml

Changes

This PR modifies the port extraction logic in .scripts/seed-traefik.ts:

• The script now correctly parses the port string to isolate the container port in "HOST:CONTAINER" syntax.
• Traefik is now correctly configured to use harbor_traefik-public for the Docker provider.
• The traefik.http.services.<serviceName>.loadbalancer.server.port label is now populated with this correctly extracted container port.
• Generated Traefik router configurations now target the websecure entrypoint.
• TLS is enabled (tls=true) for these routers, allowing Traefik to use its default self-signed certificates for HTTPS access on the specified domain (for example, when ACME certs are not obtainable).
• A new env variable, ${HARBOR_TRAEFIK_HTTPS_HOST_PORT}, is defined to map to container port 443.
• ${HARBOR_TRAEFIK_METRICS_HOST_PORT} now maps to port 8082 by default, as this is the port used in the Traefik documentation for exporting metrics to Prometheus.
• Updated to v3 tag for Traefik docker image.
• Changed default domain to '.lan', as '.local' is used by mDNS, and using it in this case could cause mDNS conflicts.
• HTTP challenge is commented out in traefik.yml to prevent Traefik from throwing errors on startup.

Testing

This configuration should allow traefik to work out of the box, but if using a custom domain or TLD (like .lan) a local DNS or dnsmasq entry will be needed to route to the IP of your harbor instance. For example in dnsmasq
address=/*.lan/192.168.0.30 (replace 192.168.0.30 with the LAN ip of your harbor host).
You may want to tell your web browser to accept Traefik's self-signed cert as valid.