I'm trying to implement SSL with Traefik in Docker but I'm getting an error "502 Bad Gateway" for almost every containers inside (except Traefik and Prometheus) Even on a clean install I've the same issues and I have no error logs for those containers (indicating that they should be running fine, and without using Traefik, they do look fine). Is there something wrong with the way I implemented those ? Or maybe something I massively misunderstood about traefik ?
I checked if the ports were available, that the subdomain was added to the cloud DNS and that the services and networks were up and running. I also tried to restart the containers. All services are accessible without going through Traefik (entering the port directly in the url)
(the X_SERVER Variable is in the .env file, it resolves to variables such as: grafana.mywebsite.com)
Here's my docker-compose.yml:
version: '3'
networks:
private:
web:
external:
name: web
services:
# TRAEFIK
traefik:
image: traefik:maroilles-alpine
ports:
- "80:80"
- "443:443"
- "8200:8200"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./config/traefik/acme:/etc/traefik/acme
- ./config/traefik/traefik.toml:/etc/traefik/traefik.toml:ro
networks:
- web
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:${TRAEFIK_SERVER}"
- "traefik.port=8200"
- "traefik.docker.network=web"
restart: always
# PROMETHEUS
prometheus:
image: prom/prometheus:v2.0.0
container_name: prometheus
volumes:
- ./docker/prometheus/:/etc/prometheus
- prometheus-data:/prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.retention=200h'
ports:
- "9090:9090"
depends_on:
- cadvisor
networks:
- web
- private
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:${PROMETHEUS_SERVER}"
- "traefik.port=9090"
- "traefik.docker.network=web"
restart: always
# CADVISOR
cadvisor:
image: google/cadvisor
container_name: cadvisor
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
ports:
- "8463:8080"
networks:
- private
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:${CADVISOR_SERVER}"
- "traefik.port=8463"
- "traefik.docker.network=web"
restart: always
# GRAFANA
grafana:
image: grafana/grafana:4.6.2
environment:
- GF_SERVER_ROOT_URL=${GRAFANA_SERVER}
container_name: grafana
volumes:
- grafana-data:/var/lib/grafana
ports:
- "3155:3000"
networks:
- web
- private
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:(GRAFANA_SERVER}"
- "traefik.port=3155"
- "traefik.docker.network=web"
restart: always
volumes:
prometheus-data: {}
grafana-data: {}
Here's my traefik.toml:
debug = true
logLevel = "DEBUG"
defaultEntryPoints = ["https","http"]
[web]
address = ":8200"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[acme]
email = "my.awesome@email.com"
storageFile = "/etc/traefik/acme/acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "mywebsite.com"
watch = true
exposedByDefault = false
I expected to get all my pages available when using HTTPS, going through Traefik, but instead some of them show an error 502 Bad Gateway (such as Grafana) others works as expected (Prometheus, Traefik), some are not even accessible (apache). If I don't use Traefik (and thus, access directly through the right port eg: http://mywebsite.com:3155) the page shows correctly, but it is not secured and not using Traefik
Found a solution, All ports needs to be removed in ports: The port binding in traefik must be the same as original (eg: 3155 for grafana) Now most of my containers except for Phpmyadmin (cannot change the listening port for this one, it's stuck) are available