Search code examples
djangohttpgunicorntraefikuvicorn

Django does not catch the requests from Traefik

I recently configured traefik to manage my subdomains and their certificates (LetsEncrypt). So currently there are three services: traefik itself, nginx (for handling static files, not yet fully configured) and django. All these services work fine and without errors. But I have bad luck with the communication between traefik and my django app. In the following I show you my project folder structure and the configuration files, it would be great if someone could help.

enter image description here

.
├── proxy
│   ├── acme.json
│   ├── docker-compose.yml
│   └── traefik.toml
└── services
    ├── django
    │   ├── docker-compose.yml
    │   ├── Dockerfile
    │   ├── example
    │   │   ├── asgi.py
    │   │   ├── __init__.py
    │   │   ├── settings
    │   │   │   ├── base.py
    │   │   │   ├── dev.py
    │   │   │   ├── __init__.py
    │   │   │   └── prod.py
    │   │   ├── urls.py
    │   │   └── wsgi.py
    │   ├── manage.py
    │   ├── media
    │   ├── Pipfile
    │   ├── Pipfile.lock
    │   ├── scripts
    │   │   ├── entrypoint.sh
    │   │   └── entrypoint.sh_backup
    │   └── staticfiles
    └── nginx
        ├── default.conf
        └── docker-compose.yml

# cat proxy/traefik.toml

[accessLog]

[log]
  level = "INFO"

[api]
  dashboard = true
  insecure = false

[providers]
  [providers.docker]
    exposedByDefault = false
    watch = true
    network = "web"


[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web-secure]
    address = ":443"


[certificatesResolvers]
  [certificatesResolvers.letsEncrypt.acme]
    email = "example@gmail.com"
    storage = "acme.json"
    [certificatesResolvers.letsEncrypt.acme.httpChallenge]
      entryPoint = "web"
    [certificatesResolvers.letsEncrypt.acme.tlsChallenge]

# cat proxy/docker-compose.yml

version: '3.7'

services:
    traefik:
        image: traefik:latest
        container_name: traefik
        restart: always
        labels:
           - "traefik.enable=true"
           - "traefik.http.routers.${SERVICE}.rule=Host(`${DOMAIN_NAME}`)"
           - "traefik.http.routers.${SERVICE}.service=api@internal"
           - "traefik.http.routers.${SERVICE}.tls.certresolver=letsEncrypt"
           - "traefik.http.routers.${SERVICE}.entrypoints=web-secure"
           - "traefik.http.routers.${SERVICE}.middlewares=${SERVICE}_auth"
           - "traefik.http.middlewares.${SERVICE}_auth.basicauth.users=example:example"
           - "traefik.http.middlewares.${SERVICE}_https.redirectscheme.scheme=https"
           - "traefik.http.routers.${SERVICE}_redirect.rule=Host(`${DOMAIN_NAME}`)"
           - "traefik.http.routers.${SERVICE}_redirect.entrypoints=web"
           - "traefik.http.routers.${SERVICE}_redirect.middlewares=${SERVICE}_https"
           - "com.centurylinklabs.watchtower.enable=true"
        ports:
            - 80:80
            - 443:443
        volumes:
           - /var/run/docker.sock:/var/run/docker.sock
           - ./traefik.toml:/traefik.toml
           - ./acme.json:/acme.json
        networks:
            - web

networks:
    web:
       external: true

# cat services/django/docker-compose.yml

version: '3.7'

services:
    django:
        container_name: dj
        build:
            context: ./
        restart: unless-stopped
        labels:
           - "traefik.enable=true"
           - "traefik.http.routers.${SERVICE}.rule=Host(`${DOMAIN_NAME}`)"
           - "traefik.http.routers.${SERVICE}.tls.certresolver=letsEncrypt"
           - "traefik.http.routers.${SERVICE}.entrypoints=web-secure"
           - "traefik.http.services.${SERVICE}.loadbalancer.server.port=5000"
        volumes:
           - staticfiles:/app/staticfiles
           - mediafiles:/app/media
        env_file: .env
        command: gunicorn example.wsgi:application --bind 0.0.0.0:5000 -k uvicorn.workers.UvicornWorker
        expose:
            - 5000
        networks:
            - web

volumes:
    staticfiles:
    mediafiles:

networks:
    web:
        external: true

As I said before, all these services work separately without errors. My question is actually which part I did wrong and why Django does not receive the request from Traefik?

Here is also Logs from Traefik and Django on Page reload:

# TRAEFIK LOGS
31.24.11.55 - - [29/Aug/2020:03:11:16 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 375 "-" "-" 0ms
31.24.11.55 - - [29/Aug/2020:03:11:16 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 376 "-" "-" 0ms
31.24.11.55 - - [29/Aug/2020:03:11:17 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 377 "-" "-" 0ms
31.24.11.55 - - [29/Aug/2020:03:11:17 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 378 "-" "-" 0ms


# DJANGO LOGS
165 static files copied to '/app/staticfiles'.
[2020-08-29 02:36:29 +0000] [1] [INFO] Starting gunicorn 20.0.4
[2020-08-29 02:36:29 +0000] [1] [INFO] Listening at: http://0.0.0.0:5000 (1)
[2020-08-29 02:36:29 +0000] [1] [INFO] Using worker: uvicorn.workers.UvicornWorker
[2020-08-29 02:36:29 +0000] [11] [INFO] Booting worker with pid: 11
Debugging status is:  False
[2020-08-29 02:36:30 +0000] [11] [INFO] Started server process [11]
[2020-08-29 02:36:30 +0000] [11] [INFO] Waiting for application startup.
[2020-08-29 02:36:30 +0000] [11] [INFO] ASGI 'lifespan' protocol appears unsupported.
[2020-08-29 02:36:30 +0000] [11] [INFO] Application startup complete.
Solution

  • OMG, I have lost so much time. The problem was simply ALLOWED_HOSTS (Facepalm).

    I turned DEBUG=True and only then I was able to see that the error was caused by ALLOWED_HOSTS. Just adding the host to this list solves my problem!

    SO guys always turn DEGUB=True on the initial deployment to catch any issues.