First, thank you in advance for taking a look. I think I have a very basic mistake somewhere, but I have searched for hours with no result. I am trying to run a proof of concept to expose a container behind a traefik 2.4 reverse proxy at a subdirectory. My DDNS does not allow for subdomains, so I am stuck with subdirectories until I can prove this works.
My problem is every container I stand up is dynamically picked up by traefik and shows up in the dashboard, but the subdirectory gives a 404 error. I have even used PathPrefix with a regex to prevent the ending / error.
Here is my configuration.
Traefik's docker-compose:
version: '3'
services:
traefik:
image: traefik:v2.4
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- t2_proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./data/log:/var/log
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`domain.host.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=user:password"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`domain.host.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api#internal"
fail2ban:
image: crazymax/fail2ban:latest
container_name: fail2ban
network_mode: "host"
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
# - /var/log:/var/log:ro
- ./fail2ban/data:/data
- ./data/log:/var/log:ro
networks:
t2_proxy:
external: true
Here is my traefik.yml configuration file:
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
http:
acme:
email: email#email.com
storage: acme.json
httpChallenge:
entrypoint: http
log:
filePath: "/var/log/traefik.log"
level: DEBUG
accessLog:
filePath: "var/log/access.log"
filters:
statusCodes:
- "400-499"
retryAttempts: true
Here is the first proof-of-concept container I'm trying to expose. It's just portainer in a separate docker-compose:
version: '3'
services:
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- t2_proxy
ports:
- "9000:9000"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data:/data
labels:
- "traefik.enable=true"
#web routers
- "traefik.http.routers.portainer.entrypoints=http"
- "traefik.http.routers.portainer.rule=Host(`domain.host.com`) && PathPrefix(`/portainer`)"
#- "traefik.http.routers.portainer.rule=Host(`domain.host.com`) && PathPrefix(`/portainer{regex:$$|/.*}`)"
#- "traefik.http.routers.portainer.rule=Path(`/portainer`)"
#- "traefik.http.routers.portainer.rule=PathPrefix(`/portainer{regex:$$|/.*}`)"
#middlewares
#- "traefik.http.routers.portainer.middlewares=portainer-stripprefix"
#- "traefik.http.middlewares.portainer-stripprefix.stripprefix.prefixes=/portainer"
- "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
#web secure rpiters
- "traefik.http.routers.portainer-secure.entrypoints=https"
- "traefik.http.routers.portainer-secure.rule=Host(`domain.host.com`) && PathPrefix(`/portainer`)"
#- "traefik.http.routers.portainer-secure.rule=Host(`domain.host.com`) && PathPrefix(`/portainer{regex:$$|/.*}`)"
#- "traefik.http.routers.portainer-secure.rule=Path(`/portainer`)"
#- "traefik.http.routers.portainer-secure.rule=PathPrefix(`/portainer{regex:$$|/.*}`)"
#- "traefik.http.routers.portainer-secure.middlewares=chain-basic-auth#users"
- "traefik.http.routers.portainer-secure.tls=true"
- "traefik.http.routers.portainer-secure.tls.certresolver=http"
- "traefik.http.routers.portainer-secure.service=portainer"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.docker.network=t2_proxy"
networks:
t2_proxy:
external: true
In summary, I navigate to domain.host.com, and it behaves properly by redirecting me to domain.host.com/dashboard. However, when I go to domain.host.com/portainer it gives a 404 error.
Please let me know if I should post any other details. I sense I am missing a very obvious bit of configuration, as this is my first time using Traefik. Thanks again for any help!
For future googlers
Alright, I figured it out tonight. Thank you, reddit.com/traefik user /u/Quafeinum for trying to help! I actually read the guide here: https://spad.uk/practical-configuration-of-traefik-as-a-reverse-proxy-for-docker/ by spad on linuxserver.io which helped me understand the labels better. The crux of the problem was
traefik.http.services.whoami-whoami.loadbalancer.server.scheme=https
Whatever that does, it was in all the examples, and I mindlessly copied it (there's a cautionary tale here). After removing it, the containers are properly exposed on HTTPS now. Verified with portainer and whoami.
Here is a link to a pastebin of the relevant docker-composes and yamls. This will get a functioning traefik that dynamically loads docker container whoami over HTTPS.
https://pastebin.com/AfBdz6Qm
Related
I've been following a tutorial to setup a website on a raspberry pi using docker.
I'm running the following in my yaml file:
version: "3.7"
services:
db:
build: ./db
container_name: db
ports:
- "3306:3306"
volumes:
- db_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: *Blocking out my password*
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: *Blocking out my password*
networks:
website_network:
aliases:
- wordpress
wordpress:
build: .
container_name: wordpress
ports:
- "80"
networks:
website_network:
aliases:
- wordpress
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: *Blocking out my password*
WORDPRESS_DB_NAME: wordpress
nginx:
build: ./nginx
container_name: nginx
ports:
- "443:443"
- "80"
networks:
website_network:
aliases:
- nginx-proxy
networks:
website_network:
name: website_network
volumes:
db_data:
driver: local
name: db_data
I have some additional files which are taking the wildcard encyption files, unzipping them and running them inside the nginx container. My problem is that when I run all the containers, the website "appears" but its basically a blank screen. my code doesn't have any typos from what I can tell, so I'm a bit stuck. I think that my cointainers aren't really talking to each other anymore. The encrpyting works since the website is accessible through https:
I don't know if I can be help, but I've been stuck for about a week now and I'm at a loss. I might just find another tutorial.
Ive been trying to recheck the code, uninstalling images and reinstalling them using docker-compose prune or docker container --remove-orphans, etc. I've tried taking it down and putting it back up, building the containers first but nothing seems to help. I'm really stuck. My guess is it's something stupid and I'm just missing it.
I've got a node process running on port 3000 using pm2.
I want to configure Traefik so that it reverse proxies this service on port 80.
Following this excellent blog post, I was able to quickly start Traefik using docker compose and set up a skeleton config for the node-server.
However, that example assumes the node process is hosted inside a docker as well. I couldn't get this to work for my node process (*) so I just want to be able to configure Traefik by pointing to port 3000 in some way. Seems straightforward but couldn't get it to work.
I'm stuck with the following config (which is a mix of various blog-posts without actually knowing what I'm doing):
services:
reverse-proxy:
image: traefik:v2.4
container_name: "traefik"
command:
- "--api.insecure=true"
- "--api.dashboard=true"
- "--api.debug=true"
- "--providers.docker=true"
- "--log.LEVEL=DEBUG"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--providers.docker.exposedbydefault=false"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=xxxx#xxx.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "80:80"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
node-server:
loadBalancer:
servers:
- url: http://127.0.0.1:3000/
labels:
- "traefik.enable=true"
- "traefik.http.routers.node-server.rule=Host(`xxxxxx.com`)"
- "traefik.http.routers.node-server.entrypoints=websecure"
- "traefik.http.routers.node-server.tls.certresolver=myresolver"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirs.entrypoints=web"
- "traefik.http.routers.redirs.middlewares=redirect-to-https"
This gives the error: 'Unsupported config option for services.node-server: 'loadBalancer'"
Long story short: how would I configure Traefik to just reverse proxy a service running on port 3000?
*) A total newbie to Docker and I couldn't get the situation to work, where the node process depends on custom javascript modules in a parent directory. Perhaps there's a way to do this and I could do it in the 'host node in docker' way instead. I'm all ears
A few months ago I have configured a reverse proxy, here you go my configuration:
version: '3'
services:
reverse-proxy:
image: traefik:v2.5
container_name: selling-point-reverse-proxy
ports:
- 80:80
- 8080:8080
volumes:
# Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
command:
# Enables the web UI
- --api.insecure=true
# Tells Traefik to listen to docker
- --providers.docker
# Creates a new entrypoint called web
- --entrypoints.web.address=:80
# Disable container exposition
- --providers.docker.exposedByDefault=false
# Traefik matches against the container's labels to determine whether to create any route for that container
- --providers.docker.constraints=Label(`traefik.scope`,`selling-point`)
# Enable tracing (using jaeger by default)
- --tracing=true
# Name of the tracing service on Jaeger
- --tracing.serviceName=reverse-proxy
# Host and port of the Jaeger agent
- --tracing.jaeger.localAgentHostPort=jaeger:6831
labels:
# Matcher for creating a route
- traefik.scope=selling-point
# Exposes container
- traefik.enable=true
# Creates circuit breaker middleware
- traefik.http.middlewares.latency.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 10000
# Creates a forward auth middleware
- traefik.http.middlewares.auth.forwardauth.address=http://auth:3000/auth/authorize
# Enables cross origin requests
- traefik.http.middlewares.cors.headers.accesscontrolalloworiginlist=*
# Enables forwarding of the request headers
- traefik.http.middlewares.cors.headers.accessControlAllowHeaders=*
networks:
- selling-point
api:
image: selling-point-api
container_name: selling-point-api
build:
context: ./selling-point-api
labels:
# Tells Traefik where to redirect the request if the url has the specified prefix
- traefik.http.routers.api.rule=PathPrefix(`/api`)
# Attaches a middleware for forwarding the authentication
- traefik.http.routers.api.middlewares=cors,auth,latency
# Attaches entrypoints
- traefik.http.routers.api.entrypoints=web
# Exposes container
- traefik.enable=true
# Matcher for creating a route
- traefik.scope=selling-point
# Creates a service called selling-point-api
- traefik.http.services.selling-point-api.loadbalancer.server.port=3000
# Attach the container to a service
- traefik.http.routers.api.service=selling-point-api
volumes:
- ./selling-point-api/src:/app/src
networks:
- selling-point
environment:
WAIT_HOSTS: mysql:3306
DATABASE_URL: mysql://root:huachinango#mysql:3306/selling_point
NODE_ENV: development
auth:
image: selling-point-auth
container_name: selling-point-auth
build:
context: ./selling-point-auth
labels:
# Tells Traefik where to redirect the request if the url has the specified prefix
- traefik.http.routers.auth.rule=PathPrefix(`/auth`)
# Attaches a circuit breaker middleware
- traefik.http.routers.auth.middlewares=cors,latency
# Attaches entrypoints
- traefik.http.routers.auth.entrypoints=web
# Exposes container
- traefik.enable=true
# Matcher for creating a route
- traefik.scope=selling-point
# Creates a service called selling-point-auth
- traefik.http.services.selling-point-auth.loadbalancer.server.port=3000
# Attach the container to a service
- traefik.http.routers.auth.service=selling-point-auth
environment:
WAIT_HOSTS: mysql:3306
IGNORE_ENV_FILE: 'true'
DATABASE_URL: mysql://root:huachinango#mysql:3306/selling_point
PASSWORD_SALT: $$2b$$10$$g0OI8KtIE3j6OQqt1ZUDte
NODE_ENV: development
volumes:
- ./selling-point-auth/src:/app/src
networks:
- selling-point
mysql:
image: mysql:5
container_name: selling-point-mysql
environment:
MYSQL_ROOT_PASSWORD: huachinango
MYSQL_DATABASE: selling_point
networks:
- selling-point
volumes:
- mysql-db:/var/lib/mysql
jaeger:
image: jaegertracing/all-in-one:1.29
container_name: selling-point-tracing
environment:
COLLECTOR_ZIPKIN_HOST_PORT: :9411
ports:
- 16686:16686
networks:
- selling-point
volumes:
mysql-db:
networks:
selling-point:
name: selling-point
driver: bridge
maybe someone can help me.
I have keycloak, my nodejs-server, and traefik all installed with docker-compose. Everything seemed to be fine until I called a route from my frontend to the nodejs API. No matter what I tried I get a 403 all the time. When the nodejs server is running not in a docker it works. Strange in my opinion.
Here my Docker Compose if it helps:
version: '3.8'
services:
mariadb:
image: mariadb:latest
container_name: mariadb
labels:
- "traefik.enable=false"
networks:
- keycloak-network
environment:
- MYSQL_ROOT_PASSWORD=
- MYSQL_DATABASE=
- MYSQL_USER=
- MYSQL_PASSWORD=
command: mysqld --lower_case_table_names=1
volumes:
- ./:/docker-entrypoint-initdb.d
keycloak:
image: jboss/keycloak
container_name: keycloak
labels:
- "traefik.http.routers.keycloak.rule=Host(`keycloak.localhost`)"
- "traefik.http.routers.keycloak.tls=true"
networks:
- keycloak-network
environment:
- DB_DATABASE=
- DB_USER=
- DB_PASSWORD=
- KEYCLOAK_USER=
- KEYCLOAK_PASSWORD=
- KEYCLOAK_IMPORT=/tmp/example-realm.json
- PROXY_ADDRESS_FORWARDING=true
ports:
- 8443:8443
volumes:
- ./realm-export.json:/tmp/example-realm.json
depends_on:
- mariadb
phpmyadmin:
image: phpmyadmin/phpmyadmin
container_name: phpmyadmin
labels:
- "traefik.http.routers.phpmyadmin.rule=Host(`phpmyadmin.localhost`)"
networks:
- keycloak-network
links:
- mariadb:db
ports:
- 8081:80
depends_on:
- mariadb
spectory-backend:
image: spectory-backend
container_name: spectory-backend
labels:
- "traefik.http.routers.spectory-backend.rule=Host(`api.localhost`)"
- "traefik.port=4000"
ports:
- 4000:4000
networks:
- keycloak-network
depends_on:
- mariadb
- keycloak
spectory-frontend:
image: spectory-frontend
container_name: spectory-frontend
labels:
- "traefik.http.routers.spectory-frontend.rule=Host(`spectory.localhost`)"
ports:
- 4200:80
depends_on:
- mariadb
- keycloak
- spectory-backend
traefik-reverse-proxy:
image: traefik:v2.2
command:
- --api.insecure=true
- --providers.docker
- --entrypoints.web-secure.address=:443
- --entrypoints.web.address=:80
- --providers.file.directory=/configuration/
- --providers.file.watch=true
labels:
- "traefik.http.routers.traefik-reverse-proxy.rule=Host(`traefik.localhost`)"
ports:
- "80:80"
- "443:443"
- "8082:8080"
networks:
- keycloak-network
volumes:
- ./traefik.toml:/configuration/traefik.toml
- /var/run/docker.sock:/var/run/docker.sock
- ./ssl/tls.key:/etc/https/tls.key
- ./ssl/tls.crt:/etc/https/tls.crt
networks:
keycloak-network:
name: keycloak-network
I also tried static ip addresses for nodejs and keycloak -> didn't work.
Here on StackOverflow someone mentioned using https would help -> didn't work
Pretty much my situation: Link . The goal for me is that even the API is reachable through traefik
Btw my angular frontend can communicate with keycloak. Also in a docker. I can also ping the keycloak docker from the nodejs docker. Nodejs configuration parameters directly form keycloak.
I really don't know what to do next.
Did someone tried something similar?
I'm trying to deploy three services with docker-compose and Traefik:
version: '3.5'
services:
reverse-proxy:
image: traefik
command: --web --docker --logLevel=INFO
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.frontend.rule=Host:traefik.localhost"
- "traefik.port=8080"
db:
build: ./db
environment:
- MONGO_INITDB_DATABASE=example
volumes:
- ./volumes/db:/data/db
restart: always
labels:
- "traefik.enable=false"
api:
build: ./api
environment:
- DATABASE_CLIENT=mongo
- DATABASE_HOST=db
- DATABASE_PORT=27017
- DATABASE_NAME=example
- HOST=localhost
expose:
- "1337"
depends_on:
- db
restart: always
labels:
- "traefik.frontend.rule=Host:api.localhost"
website:
build: ./app
labels:
- "traefik.frontend.rule=Host:web.localhost"
The last container (website) is an static website build with create-react-app that consumes the API (api):
let response = await fetch(`http://api:1337/news`);
The problem is that the website is not able to resolve the host http://api:1337 (i.e. by container name), but if I change that line to:
let response = await fetch(`http://<container-ip>:1337/news`);
Everything works perfectly. I tried to setup a network and it's not working either. Any help? Thank you!
You can access containers with their names only from other containers.
If you change your react code to:
let response = await fetch('http://localhost:8080/news', {
headers: 'Host': 'api.localhost'
})
You should be able to access your container
I wanted to create containers for tomcat, documentum content server and documentum xplore by using a single compose file. Am facing issues due to the volumes mentioned in the docker-compose.yml file. Am able to bring up the services by executing the compose files separately. Problem is when i try to merge the compose files together. Wanted to know how to run multiple containers with volumes using docker compose.
Below is the single compose file :
version: '2'
networks:
default:
external:
name: dctmcs_default
services:
dsearch:
image: xplore_ubuntu:1.6.0070.0058
container_name: dsearch
hostname: dsearch
ports:
- "9300:9300"
volumes:
- xplore:/root/xPlore/rtdata
indexagent:
image: indexagent_ubuntu:1.6.0070.0058
container_name: indexagent_1
hostname: indexagent_1
ports:
- "9200:9200"
environment:
- primary_addr=dsearch
- docbase_name=centdb
- docbase_user=dmadmin
- docbase_password=password
- broker_host=contentserver
- broker_port=1689
depends_on:
- dsearch
volumes_from:
- dsearch
volumes:
xplore: {}
tomcat_8:
image: tomcat_8.0:ccms
container_name: appserver
hostname: appserver
ports:
- "9090:8080"
contentserver:
image: contentserver_ubuntu:7.3.0000.0214
environment:
- HIGH_VOLUME_SERVER_LICENSE=
- TRUSTED_LICNESE=
- STORAGEAWARE_LICENSE=
- XMLSTORE_LICENSE=
- SNAPLOCKSTORE_LICENSE=LDNAPJEWPXQ
- RPS_LICENSE=
- FED_RECD_SERVICE_LICENSE=
- RECORD_MANAGER_LICENSE=
- PRM_LICENSE=
- ROOT_USER_PASSWORD=password
- INSTALL_OWNER_PASSWORD=password
- INSTALL_OWNER_USER=dmadmin
- REPOSITORY_PASSWORD=password
- EXTERNAL_IP=10.114.41.198
- EXTERNALDB_IP=172.17.0.1
- EXTERNALDB_ADMIN_USER=postgres
- EXTERNALDB_ADMIN_PASSWORD=password
- DB_SERVER_PORT=5432
- DOCBASE_ID=45321
- DOCBASE_NAME=centdb
- USE_EXISTING_DATABASE_ACCOUNT=false
- INDEXSPACE_NAME=dm_repo_docbase
- BOF_REGISTRY_USER_PASSWORD=password
- AEK_ALGORITHM=AES_256_CBC
- AEK_PASSPHRASE=${AEK_PASSPHRASE}
- AEK_NAME=aek.key
- ENABLE_LOCKBOX=false
- LOCKBOX_FILE_NAME=lockbox.lb
- LOCKBOX_PASSPHRASE=${LOCKBOX_PASSPHRASE}
- USE_EXISTING_AEK_LOCKBOX=false
- CONFIGURE_THUMBNAIL_SERVER=NO
- EXTDOCBROKERPORT=1689
- CONTENTSERVER_PORT=50000
- APP_SERVER_ADMIN_PASSWORD=jboss
- INSTALL_OWNER_UID=
hostname:
"contentserver"
container_name:
"contentserver"
ports:
- "1689:1689"
- "1690:1690"
- "50000:50000"
- "50001:50001"
- "9080:9080"
- "9082:9082"
- "9081:9081"
- "8081:8081"
- "8443:8443"
- "9084:9084"
volumes:
- centdb_odbc:/opt/dctm/odbc
- centdb_data:/opt/dctm/data
- centdb_dba:/opt/dctm/dba
- centdb_share:/opt/dctm/share
- centdb_dfc:/opt/dctm/config
- centdb_xhive_storage:/opt/dctm/xhive_storage
- centdb_XhiveConnector:/opt/dctm/wildfly9.0.1/server/DctmServer_MethodServer/deployments/XhiveConnector.ear
- centdb_mdserver_conf:/opt/dctm/mdserver_conf
- centdb_mdserver_log:/opt/dctm/wildfly9.0.1/server/DctmServer_MethodServer/log
- centdb_mdserver_logs:/opt/dctm/wildfly9.0.1/server/DctmServer_MethodServer/logs
- centdb_Thumbnail_Server_conf:/opt/dctm/product/7.3/thumbsrv/conf
- centdb_Thumbnail_Server_webinf:/opt/dctm/product/7.3/thumbsrv/container/webapps/thumbsrv/WEB-INF
privileged: true
volumes:
centdb_data:
driver: local
centdb_dba:
centdb_share:
driver: local
centdb_dfc:
centdb_odbc:
centdb_XhiveConnector:
centdb_mdserver_conf:
centdb_mdserver_log:
centdb_mdserver_logs:
centdb_Thumbnail_Server_conf:
centdb_Thumbnail_Server_webinf:
centdb_xhive_storage:
This error often appears when you are trying to create a volume as a subfolder of your current host folder. In that case, the syntax would have to be:
volumes:
- ./centdb_odbc:/opt/dctm/odbc
In other words: The relative path "./" is missing!
When you map a directory, the source part must be either an absolute path, or a relative part that begins with ./ or ../. Otherwise, Docker interprets it as a Named Volume.
So instead of
volumes:
- xplore:/root/xPlore/rtdata
You should write:
volumes:
- ./xplore:/root/xPlore/rtdata
Volumes Command should be the last command in docker compose include volume names of all services together and run the docker compose. It will create containers.
volumes:
xplore: {}
centdb_data:
driver: local
centdb_dba:
centdb_share:
driver: local
centdb_dfc:
centdb_odbc:
centdb_XhiveConnector:
centdb_mdserver_conf:
centdb_mdserver_log:
centdb_mdserver_logs:
centdb_Thumbnail_Server_conf:
centdb_Thumbnail_Server_webinf:
centdb_xhive_storage: