Search code examples
httplets-encrypttraefik

Traefik and Let's Encrypt on non default http port 80?

I tried setting up test container to work with traefik and lets encrypt.

Traefik is not running on default ports 80 and 443.

The server already has apache, reverse proxy ngnix and tomcat locally installed so ports: 80, 443 and 8080 are not available.

As far as I can understand the log, there is a misconfiguration concerning the ACME ports. The test container seems to get correctly wired to the entrypoint.

How do I get lets encrypt and traefik to work in this scenario or did I do something wrong?

My traefik.toml:

debug = true
logLevel = "ERROR"
defaultEntryPoints = ["http", "https"]
[entryPoints]
  [entryPoints.http]
  address = ":50500"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":50501"
   [entryPoints.https.tls]
 [accessLog]
[retry]
[web]
address = ":50502"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.com"
watch = true
exposedbydefault = false
[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"

the docker-compose.yml:

version: '2'

services:
  traefik:
    image: traefik:1.5.0
    restart: always
    ports:
      - 50500:50500
      - 50501:50501
      - 50502:50502
    networks:
      - web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/someuser/traefik/traefik.toml:/traefik.toml
      - /home/someuser/traefik/acme.json:/acme.json
    container_name: traefik

networks:
  web:
    external: true

running docker logs traefik returns:

time="2018-01-25T16:10:09Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-neo4jtestcontainer":{"servers":{"server-neo4jtestcontainer":{"url":"http://172.19.0.3:7474","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-Host-neo4jtestcont-example-com-0":{"entryPoints":["http","https"],"backend":"backend-neo4jtestcontainer","routes":{"route-frontend-Host-neo4jtestcont-example-com-0":{"rule":"Host:neo4jtestcont.example.com"}},"passHostHeader":true,"priority":0,"basicAuth":[]}}}"
time="2018-01-25T16:10:09Z" level=debug msg="Creating frontend frontend-Host-neo4jtestcont-example-com-0"
time="2018-01-25T16:10:09Z" level=debug msg="Wiring frontend frontend-Host-neo4jtestcont-example-com-0 to entryPoint http"
time="2018-01-25T16:10:09Z" level=debug msg="Creating route route-frontend-Host-neo4jtestcont-example-com-0 Host:neo4jtestcont.example.com"
time="2018-01-25T16:10:09Z" level=debug msg="Creating entryPoint redirect http -> https : ^(?:https?:\/\/)?([\w\._-]+)(?::\d+)?(.*)$ -> https://$1:50501$2"
time="2018-01-25T16:10:09Z" level=debug msg="Creating backend backend-neo4jtestcontainer"
time="2018-01-25T16:10:09Z" level=debug msg="Creating load-balancer wrr"
time="2018-01-25T16:10:09Z" level=debug msg="Creating server server-neo4jtestcontainer at http://172.19.0.3:7474 with weight 0"
time="2018-01-25T16:10:09Z" level=debug msg="Creating retries max attempts 1"
time="2018-01-25T16:10:09Z" level=debug msg="Wiring frontend frontend-Host-neo4jtestcont-example-com-0 to entryPoint https"
time="2018-01-25T16:10:09Z" level=debug msg="Creating route route-frontend-Host-neo4jtestcont-example-com-0 Host:neo4jtestcont.example.com"
time="2018-01-25T16:10:09Z" level=debug msg="Creating backend backend-neo4jtestcontainer"
time="2018-01-25T16:10:09Z" level=debug msg="Creating load-balancer wrr"
time="2018-01-25T16:10:09Z" level=debug msg="Creating server server-neo4jtestcontainer at http://172.19.0.3:7474 with weight 0"
time="2018-01-25T16:10:09Z" level=debug msg="Creating retries max attempts 1"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50500"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50501"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50502"
time="2018-01-25T16:10:09Z" level=debug msg="LoadCertificateForDomains [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:09Z" level=debug msg="Looking for provided certificate to validate [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:09Z" level=debug msg="No provided certificate found for domains [neo4jtestcont.example.com], get ACME certificate."
time="2018-01-25T16:10:09Z" level=debug msg="Loading ACME certificates [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:11Z" level=debug msg="Challenge Present neo4jtestcont.example.com"
time="2018-01-25T16:10:14Z" level=debug msg="Challenge CleanUp neo4jtestcont.example.com"
time="2018-01-25T16:10:14Z" level=error msg="map[neo4jtestcont.example.com:acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://neo4jtestcont.example.com/.well-known/acme-challenge/34234isdj0asdjf02302302930239: "<!DOCTYPE html>
<html lang="de">
<head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <meta na"
Error Detail:
        Validation for neo4jtestcont.example.com:80
        Resolved to:
                12.123.12.12
        Used: 12.123.12.12

]"
time="2018-01-25T16:10:14Z" level=error msg="Error getting ACME certificates [neo4jtestcont.example.com] : cannot obtain certificates map[neo4jtestcont.example.com:acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://neo4jtestcont.example.com/.well-known/acme-challenge/gG9oE2XqNe1wIRoGOseLuesOlEMlWprH61keoAEwsQA: "<!DOCTYPE html>
<html lang="de">
<head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <meta na"
Error Detail:
        Validation for neo4jtestcont.example.com:80
        Resolved to:
                12.123.12.12
        Used: 12.123.12.12
Solution

  • Let's Encrypt required the port 80 or 443 see https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72