I recently started deploying my sites using Traefik for both ssl and reverse proxy. All seemed to be going well except phones specifically using AT&T data plans don't seem able to successfully connect to my sites. I get no error messages when they fail to connect and there are no known issues with any other internet service providers whether on data or wifi. I have no idea where to even start with an issue like this. I'm by no means a networking guru and the google search results with similar problems are non existent. Posted below are my Traefik related configuration files, hopefully they can provide a useful window into my configuration errors. Any help is much appreciated. Thank you.
traefik:
build:
context: .
dockerfile: ./compose/production/traefik/Dockerfile
image: app_production_traefik
depends_on:
- django
volumes:
- production_traefik:/etc/traefik/acme:z
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
FROM traefik:v2.2.11
# I have tried with the updated version and got the same result
RUN mkdir -p /etc/traefik/acme \
&& touch /etc/traefik/acme/acme.json \
&& chmod 600 /etc/traefik/acme/acme.json
COPY ./compose/production/traefik/traefik.yml /etc/traefik
log:
level: INFO
entryPoints:
web:
# http
address: ":80"
web-secure:
# https
address: ":443"
certificatesResolvers:
letsencrypt:
# https://docs.traefik.io/master/https/acme/#lets-encrypt
acme:
email: "me@email.com"
storage: /etc/traefik/acme/acme.json
# https://docs.traefik.io/master/https/acme/#httpchallenge
httpChallenge:
entryPoint: web
http:
routers:
web-router:
rule: "Host(`mysite.com`) || Host(`www.mysite.com`)"
entryPoints:
- web
middlewares:
- redirect
- csrf
service: django
web-secure-router:
rule: "Host(`mysite.com`) || Host(`www.mysite.com`)"
entryPoints:
- web-secure
middlewares:
- csrf
service: django
tls:
# https://docs.traefik.io/master/routing/routers/#certresolver
certResolver: letsencrypt
middlewares:
redirect:
# https://docs.traefik.io/master/middlewares/redirectscheme/
redirectScheme:
scheme: https
permanent: true
csrf:
# https://docs.traefik.io/master/middlewares/headers/#hostsproxyheaders
# https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
headers:
hostsProxyHeaders: ["X-CSRFToken"]
services:
django:
loadBalancer:
servers:
- url: http://django:5000
providers:
# https://docs.traefik.io/master/providers/file/
file:
filename: /etc/traefik/traefik.yml
watch: true
I configured the log as demonstrated below - I get log updates every time a user successfully reaches the site but when I tried with an AT&T phone again, it did not log anything and the phone did not successfully connect to the site. On Chrome I simply see a message that reads "This site can't be reached, example.com unexpectedly closed the connection."
Finally solved a few weeks later. Took a LOT longer than I thought it would but solved it is!
Docker by default does not have IPv6 capabilities. However, by default, Linode adds the IPv6 address in the AAAA config when transferring your domains to them. Since the IPv6 was being advertised by the DNS config, AT&T seemed to default to reaching out to it and then didn't search for IPv4 when that failed. Interesting that they're the only service providers that do that. None the less, I removed the AAAA configuration in my DNS config and it fixed it after the changes took effect (about 27 hours.)
On the bright side, I at least bettered my Traefik config throughout the process haha