Search code examples
dockerdocker-composetraefik

Unable to access Docker container behind Traefik

I am attempting to access the whoami container running on my remote server, but can only get as far as a "404 page not found" error. I get the same result when attempting to access the traefik dashboard.

My docker-compose.yml:

version: "3.7"
services:
  traefik:
    image: traefik:v2.3.0
    container_name: traefik
    restart: unless-stopped
    command: # CLI arguments
      ## Globals
      - "--global.checkNewVersion=false"
      - "--global.sendAnonymousUsage=false"
      ## Entrypoint Settings - https://docs.traefik.io/routing/entrypoints/#configuration ##
      - "--entrypoints.http.address=:80"
      - "--entrypoints.http.http.redirections.entryPoint.to=https"
      - "--entrypoints.http.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.https.address=:443"
      ## API Settings
      - "--api=true"
      - "--api.dashboard=true"
      - "--log=true"
      - "--log.level=DEBUG" # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - "--providers.docker=true"
      - "--providers.docker.watch=true"
      - "--providers.docker.exposedByDefault=false"
      ## Certificate Settings (Let's Encrypt) -  https://docs.traefik.io/https/acme/#configuration-examples ##
      - "--certificatesresolvers.mytlschallenge.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory" # TBD - TESTING
    networks:
      - frontend
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    security_opt:
      - "no-new-privileges:true" # https://docs.docker.com/engine/reference/run/#security-configuration
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "$USERDIR/ctmp/acme/acme.json:/acme.json:rw" # cert location - you must touch this file and change permissions to 600
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.traefik-rtr.rule=HostHeader(`traefik.${DOMAIN}`)"
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.service=api@internal"

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    networks:
      - frontend
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=HostHeader(`whoami.${DOMAIN}`)"
      - "traefik.http.routers.whoami.entrypoints=http"

networks:
  frontend:
    external: true

$USERDIR and $DOMAIN are defined in my .env file.

All of the traefik logs are info or debug level with no errors appearing.

Solution

  • I don't have the time right now but here is a quick code rewrite, but not tested. It is just a slightly different method. But I think it leads to the same goal.

    • You must include your ENV file
    • traefik.http.routers.api.rule=HostHeader to =Host(`...). Whereby it is strange and should also work with HostHeader. Link
    • With this base you can now customize it. I use the HTTP chalange, but with the TLS chalange it should work.
    version: "3.7"
services:
  traefik:
    image: traefik:v2.3.0
    container_name: traefik
    restart: unless-stopped
    env_file:
      - .env
    command: # CLI arguments
      ## Globals
      - "--global.checkNewVersion=false"
      - "--global.sendAnonymousUsage=false"
      ## Entrypoint Settings - https://docs.traefik.io/routing/entrypoints/#configuration ##
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
      ## API Settings
      - "--api=true"
      - "--api.insecure=false"
      - "--api.dashboard=true"
      - "--log.level=DEBUG" # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - "--providers.docker=true"
      - "--providers.docker.exposedByDefault=false"
      ## Certificate Settings
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=http"
      - "--certificatesresolvers.myresolver.acme.email=YOUR-EMAIL@your-domain.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    networks:
      - frontend
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    security_opt:
      - "no-new-privileges:true" # https://docs.docker.com/engine/reference/run/#security-configuration
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./letsencrypt:/letsencrypt"
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.api.rule=Host(`traefik.${DOMAIN}`)"
      - "traefik.http.routers.api.entrypoints=https"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.tls.certresolver=myresolver"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.redirect.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirect.middlewares=redirect-to-https"

  whoami:
    image: traefik/whoami
    container_name: simple-service
    networks:
      - frontend
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
      - "traefik.http.routers.whoami.entrypoints=https"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"

networks:
  frontend:
    external: true