I'm trying to setup traefik as the reverse proxy for my docker containers, but I am stuck setting containers up to use HTTPS.
I copied the docker-compose from the traefik user guide and modified it slightly (see below).
My containers work fine, and if I comment out the two last labels from the whoami service, I can access the service via test.example.com:80. However, if I add the two labels, I no longer get any response from my HTTP request to https://test.example.com(:443).
I can retrieve the certificate fine, and it is stored in acme.json as expected.
I've enabled debug logging, but nothing of significance is logged. How do I go about debugging this?
version: "3.3"
services:
traefik:
container_name: "traefik"
image: "traefik:v2.1"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=me@example.com"
- "--certificatesresolvers.myresolver.acme.storage=/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/opt/docker_volumes/traefik/acme.json:/acme.json"
networks:
- web
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`test.example.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
networks:
- web
networks:
web:
external: true
The network web was created by executing the following:
docker network create --driver=bridge --subnet=10.0.0.0/24 --gateway=10.0.0.1 web
it's an issue with your network configuration because the following example works fine:
version: "3.3"
services:
traefik:
container_name: "traefik"
image: "traefik:v2.1"
command:
- "--log.level=INFO"
- "--api.insecure=true"
- "--providers.docker"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=me@example.com"
- "--certificatesresolvers.myresolver.acme.storage=/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/opt/docker_volumes/traefik/acme.json:/acme.json"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`test.example.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"